Cancel

double-chevron

Support center

Find your answer by topic or keyword

 

How does Notarius protect my personal information and my digital signature?

We deliver highly trusted digital identities, usually in the form of digital signatures. The assurance level of these identities being high, a lot of care (and common sense) must be applied to protect our customers’ data and their digital identities.

Our ISO 9001 (quality), ISO 27001 (security) and eIDAS (identity) certifications guide the following principles when designing our solutions and processes:

1) Collect only essential personally identifiable information (PII).

We collect only the PII necessary to provide our services. It’s safer for you and simpler for us.

Details related to your consent for the collection of PII is available here, and the reasons for the storage of this PII is available here.

2) Employees must never have access to your digital signature

Your digital signature is created on your computer or, for AATL digital signatures, on a certified cryptographic device whose private key cannot be exported. You have sole control over your digital signature and its password; by design, Notarius employees, including our PKI Officers (Public Key Infrastructure), never have access to them.

3) Employees must never be able to recover your digital signature

Recovering your digital signature requires you to answer your security questions. These questions are only visible (and therefore protected) by accessing a link sent to your email. We do not have access to the answers to your security questions; this precaution was taken to make the process more secure for you and for us, and to thwart the possibility of social engineering among our staff.

The answers to your security questions are never stored “in the clear” or encrypted on our servers. When you fill out the online subscription form, a one-way hash function is applied to each of your answers, creating a unique “fingerprint” of the answer which cannot be reverted. Each time you authenticate with your security questions, our system compares the fingerprints. Note that, for operational reasons, our PKI Officers can recover a digital signature by following a strict and highly audited process.

4) Encrypt information, control access and audit frequently

The PII we store is encrypted at rest and in transit, and access is strictly controlled and audited. Access to the most sensitive PII, such as the video recording of the identity verification session, is limited to PKI Officers for access in special circumstances such as a doubt about the validity of the issuance of a digital certificate or a court order or order for disclosure of personal information.