CerTracker — Healthcare Workforce Compliance Software
Request Demo
Trust & Security

Trust is earned.

CerTracker manages credentials and personal data for healthcare professionals and organizations. The Security Center documents how we protect it — encryption, access controls, compliance posture, and incident response.

HIPAA· AlignedSOC 2 Type II· In progressGDPR· Aligned for EU usersCCPA· Aligned for CA residents
Overview

Our compliance posture

At CerTracker, we understand that trust is essential when managing your certifications and personal data. Our Security Center shows the steps we take to protect your information — including encryption, alignment with global privacy regulations, and regular audits.

Data Security

  • Access monitoring
  • Backups enabled
  • Data erasure
  • Encryption at rest
  • Encryption in transit (TLS 1.2+)

Product Security

  • Audit logging
  • Role-based access control
  • Secure product architecture
  • Vulnerability management
  • Secure SDLC

Risk Profile

  • Defined data access levels
  • Third-party dependence review
  • Cloud hosting (US regions)
  • Annual risk assessments

Security Portal

  • Centralized policies
  • Sub-processor list
  • Incident response plan
  • Continuity & disaster recovery

System Description

  • CerTracker Platform overview
  • Customer data access controls
  • Secure data handling & destruction
  • Encryption at rest

Vendors & Sub-processors

  • Reviewed infrastructure suppliers
  • Contractual data protection terms
  • Annual vendor reassessment

Encryption

All customer data is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher. Database backups are encrypted and geographically separated.

Access controls

Role-based access control, least-privilege provisioning, and full audit logging across all production systems. Access reviews are conducted quarterly.

Hosting

Hosted on enterprise cloud infrastructure in US regions with redundant availability zones, automated backups, and tested disaster-recovery runbooks.

Sub-processors

CerTracker engages a small set of vetted third-party providers for hosting, email delivery, and monitoring. A current list is available on request.

Vulnerability disclosure

Report a vulnerability

If you think you may have discovered a vulnerability, please send us a note. We acknowledge reports within 2 business days and coordinate responsible disclosure.

security@certracker.comPrivacy Policy →
Trust, then verify

See how CerTracker secures your workforce data.

A 20-minute demo walks you through encryption, access controls, audit trails, and the AI compliance engine — live on your own scenario.

Schedule a demoTalk to sales