Trust Centre

Your data is yours.
We just keep it safe.

Certbox is built on the principle that you should always be in control of your personal documents. Here is exactly how we protect them.

UK GDPR

Data Protection Act 2018 compliant

ISO 27001

Information security management (aligned)

Cyber Essentials

UK government-backed scheme (in progress)

TLS 1.3

All data encrypted in transit

AES-256

Encryption at rest and client-side

Five pillars of protection

Every layer of Certbox is designed to keep your documents private, secure, and under your control.

Zero-Knowledge Encryption

Your documents are encrypted on your device before they ever reach our servers. We cannot read your files — only you can.

  • AES-256 client-side encryption
  • Keys derived from your password only
  • No server-side key storage

GDPR Compliance

Built for UK & EU data protection law from day one. You own your data, you control how it is shared, and you can delete it any time.

  • Data stored in UK/EU data centres
  • Right to access, export, and erasure
  • Explicit consent for partner sharing

Infrastructure Security

We run on enterprise-grade cloud infrastructure with continuous monitoring, automatic backups, and redundant failover.

  • 99.9% uptime SLA
  • Daily encrypted backups
  • SOC 2 Type II aligned controls

Transparent Data Use

We never sell your data. We only share information with insurance partners when you explicitly request a quote.

  • No advertising profiling
  • Granular partner consent controls
  • Full audit log of all data access

Document Integrity

Every document you store is hashed and verified. We detect any unauthorised modification and alert you immediately.

  • SHA-256 integrity hashes
  • Tamper-evident audit trail
  • Version history preserved

Questions about security?

Our security team is available to answer questions from individuals and enterprise partners alike.

security@certbox.co.uk

Your rights under UK GDPR

Right to Access

Request a copy of all data we hold about you at any time.

Right to Rectification

Correct any inaccurate personal information we hold.

Right to Erasure

Delete your account and all associated data permanently.

Right to Portability

Export your documents and data in a standard format.

Right to Object

Opt out of any data processing you have not consented to.

Right to Restrict

Limit how we process your data while a dispute is resolved.

To exercise any of these rights, contact privacy@certbox.co.uk

Ready to get started?

Store your documents securely — or contact us if you have questions.

Get Started FreeContact Us