Choosing a security vendor is a trust decision. Here's how we earn it.
We know what it's like to evaluate an unfamiliar vendor for something as sensitive as your certificate and TLS infrastructure — we sat in that chair before building CertControl. So here, plainly, is where your data lives, how it's protected, who can reach it, and what happens if things change.
Your data stays in the EU — with a Danish company behind it
For public-sector and regulated buyers, where the data lives and who is accountable for it matters as much as the features. CertControl is built EU-first.
🇪🇺 Hosted in the EU — outside US jurisdiction
Your data is hosted with Hostinger, an EU-based company (Lithuania), in a data centre in Frankfurt — not with a US hyperscaler such as AWS, Azure or GCP. It is processed under EU and Danish law and sits outside the direct reach of US legislation such as the CLOUD Act.
🇩🇰 A Danish company you can hold accountable
CertControl is operated by Certiva ApS — a registered Danish company (CVR 46450965) under Danish jurisdiction, with Danish-language support. A real legal entity, not an anonymous platform.
🔒 GDPR-aligned processing
EU hosting, data minimisation and hostname redaction by design. We have a standard data processing agreement (DPA) ready to sign.
Every customer runs in their own isolated instance
No multi-tenant database where your certificates sit next to someone else's. Each customer gets a dedicated instance with a separate database and network — no shared resources, no cross-customer risk.
An agent that calls out — never in
The biggest fear with any internal scanner is what it can reach. CertControl's agent is built so the answer is: nothing it shouldn't.
Outbound-only
The agent communicates exclusively outbound over HTTPS. It opens no inbound ports, needs no VPN, and has no remote-execution capability — outbound telemetry only, by design.
Internal names stay internal
Internal hostnames are automatically replaced with [masked] before any data leaves your network, so your internal naming stays on your side.
Open and verifiable code
The agent's code lives in a public repository, so you can review exactly what it does. Each release ships with a SHA-256 checksum to verify your download.
Protection at every layer
A security product has to look secure itself. Here is what protects your data inside CertControl.
Encryption
All traffic is encrypted with TLS in transit. Certificate and CSR private keys are encrypted at rest with AES-256-GCM.
Access control
Authenticated sessions, bcrypt-hashed passwords, brute-force lockout, CSRF protection, and scoped API tokens. Optional two-factor authentication with backup codes.
Resilience
Daily backups per customer instance, and an audit log of who did what and when. Your history is recoverable, not just your current state.
Your data is yours — and you can leave
Trust is easier to give when it's easy to walk away. We don't hold your data hostage.
Your data is portable
Export your full certificate inventory and reports straight from your own instance — self-service, any time. No proprietary lock-in, no exit fee, no waiting on us.
Cancel monthly
A 14-day free trial, then a subscription you can cancel — not a multi-year enterprise lock-in.
An honest comparison
We'll even tell you when an alternative is the better fit. See how CertControl compares →
You reach the people who built it
CertControl was built by people who sat in the buyer's chair, couldn't find a tool that did the whole job, and built it. That has a few real consequences for you.
You talk to the people who built the platform — not a tier-one queue. Tell us what your environment needs, and we can ship it in weeks, not as a roadmap request that takes years. It's the one thing a large enterprise vendor structurally can't offer.
Rather than ask you to trust a logo, we show you how we operate — the architecture, the open agent code, the isolation model. And we'll complete your security questionnaire and sign a data processing agreement so your procurement and audit teams have what they need.
Security & trust — questions answered
Where is my data hosted?
Your data is hosted in the EU, in a data centre in Frankfurt with Hostinger — an EU-based company (Lithuania), not a US hyperscaler such as AWS, Azure or GCP. It is processed under EU and Danish law and sits outside the direct reach of US legislation such as the CLOUD Act. CertControl is operated by Certiva ApS, a Danish company.
What happens to my data if CertControl goes out of business?
Your data is yours. You run in your own isolated instance, and you can export your full data — certificate inventory and reports — straight from the instance at any time, self-service and without having to ask us. There is no lock-in. The on-premise agent's code is published in a public repository, so it does not depend on us continuing to exist to keep running.
Is the on-premise agent safe to run on our network?
The agent communicates exclusively outbound over HTTPS. It opens no inbound ports, needs no VPN, and has no remote-execution capability. Internal hostnames are redacted before any data leaves your network. The agent's code is open and each release ships with a SHA-256 checksum, so you can review exactly what it does and verify your download.
Who can access my data?
Each customer runs in a dedicated instance with a separate database and network — no shared resources. Access is protected by authenticated sessions with bcrypt-hashed passwords and brute-force lockout, and certificate private keys are encrypted at rest with AES-256-GCM.
Are you GDPR compliant?
CertControl is built for GDPR-aligned processing: EU hosting, data minimisation, hostname redaction and per-customer isolation. Compliance responsibility is shared between us as the processor and you as the controller — we have a standard data processing agreement ready to sign and complete your security questionnaire on request.
Are you ISO 27001 certified?
We are not currently ISO 27001 certified. We apply equivalent controls — EU-sovereign hosting, encryption, access control and per-customer isolation — and we are transparent about them so you can assess our security directly. We are happy to complete your security questionnaire and sign a data processing agreement.
Have a security questionnaire or procurement requirements?
Send them over — we'll fill them out, sign a data processing agreement, and walk your team through the architecture. Or start a 14-day free trial and see it for yourself.