Security
Certivanta is committed to maintaining the confidentiality, integrity, and availability of information entrusted to us. Security is treated as an operating discipline: clear ownership, controlled access, and pragmatic risk management.
Responsible disclosure
If you believe you have found a security issue affecting Certivanta systems, services, or domains, please report it to:
Please include a clear description, reproduction steps, and any relevant logs or proof-of-concept details.
What you can expect
- We acknowledge reports and triage them promptly.
- We work to validate and remediate issues in a risk-based manner.
- We coordinate disclosure timelines where appropriate.
If you need to encrypt communications, request a suitable method via security@.
Data handling principles
- Data minimisation and purpose limitation.
- Least-privilege access controls.
- Secure-by-default tooling and configuration.
- Vendor and dependency risk awareness.
AI-enabled work
Where AI is used to support delivery, Certivanta applies governance and human oversight appropriate to context and risk. Our aim is consistent judgement, transparency of intent, and predictable operating boundaries.
Security contacts
General security: security@certivanta.com
Abuse reports: abuse@certivanta.com
TLS reports: tls@certivanta.com
DMARC reports: dmarc@certivanta.com
Machine-readable disclosure is available at /.well-known/security.txt.