Trust & security
Your data and certifications are protected
Security, privacy, and reliability are foundational to Certified Training. We partner with third-party auditors and invest heavily in secure infrastructure.
Our teams maintain encryption in transit and at rest, continuous monitoring, and documented controls mapped to SOC 2, GDPR, and PCI requirements.
Last updated: Sep 15, 2025 · Contact [email protected] for security inquiries.
Compliance highlights
- SOC 2 Type II attested
- GDPR and CCPA compliant privacy program
- PCI-DSS compliant payment processing
Security practices
Our controls cover encryption, monitoring, and least-privilege access.
We pair automated detection with quarterly penetration tests, employee security training, and a third-party risk review program before integrating new vendors.
- Data encrypted in transit (TLS 1.3) and at rest (AES-256)
- Quarterly penetration tests and continuous security monitoring
- Role-based access control with just-in-time privilege elevation
- Automated vulnerability scanning in our CI/CD pipeline
Uptime & resilience
99.95%
Redundant hosting across multiple regions with 15-minute recovery point objectives and automated failover.
- Backups run hourly with 30-day retention and quarterly restore drills.
- Disaster recovery plans include clean-room rebuilds to handle region-wide outages.
- 24/7 on-call team and status page updates for transparency.
We publish uptime data and scheduled maintenance windows on the status dashboard and notify partners in advance.
Responsible disclosure
Report security vulnerabilities to [email protected] with reproduction steps, scope, and potential impact. We respond within three business days, coordinate mitigation, and credit collaborators when appropriate.
This is not a bounty program; we welcome collaborative reporting and promise not to pursue legal action for good-faith disclosures.