Security Overview
Last Updated: March 2026
1. Our Security Philosophy
KeepMyCert is built for IT professionals who care about where their certification data lives. We design with a security-first approach: least privilege, encryption, and clear boundaries for third-party access.
2. Data Protection
All data in transit is protected with TLS. Data at rest is stored in a secure, access-controlled environment. We use role-based access controls so that only authorized systems and personnel can access production data, and only when necessary.
3. OAuth & Integrations
We request limited-scope OAuth tokens for integrations such as Google Calendar. Tokens are stored securely and used only for the stated purposes. You can revoke access at any time from your account settings or from the third-party provider.
4. Infrastructure
The application is hosted on Vercel. Backend data and authentication are handled via Supabase (PostgreSQL and related services). We rely on these providers’ secure cloud practices, including physical security, network isolation, and availability measures.
5. Authentication
Where we store credentials, we use secure password hashing. We also support OAuth sign-in with providers such as Google and Microsoft, so you can use an account you already trust without storing a separate password with us.
6. AI & Document Processing
Document processing for extraction is performed as needed and is not retained for training or sold. We do not sell your data to third parties for advertising or other purposes.
7. Access Controls & Monitoring
We follow the principle of least privilege for internal and system access. Access to production systems is logged and monitored so we can detect and respond to unusual activity.
8. Responsible Disclosure
If you believe you have found a security vulnerability, please report it to us. We are committed to investigating reports in good faith and addressing valid issues in a timely manner. You can contact us at security@keepmycert.com for security-related reports.