Security

Security at Verrim.

Certificate data is business-confidential by default, and Verrim is built around that assumption.

Encrypted in transit and at rest

Connections use TLS, and stored data — including certificate files — is encrypted at rest. Store credentials are encrypted with AES-256-GCM, and API keys are stored only as hashes.

One organization can never see another

Every table is protected by per-tenant row-level security, enforced in the database itself. Team roles control who can view or edit inside your workspace, and workspace activity is logged to an audit trail.

Sign-in that checks the device, not just the password

Two-step verification is available on every account. New browsers are challenged before they get in, and you can review and revoke active sessions at any time.

Verifiable webhooks

Every webhook Verrim delivers is signed, so your systems can verify each payload came from us and nobody else.

Card details never touch our servers

Payments are handled by Stripe. Verrim stores your plan and billing status — never your card number.

Deletion on a published schedule

Deleted records move to Trash, stay recoverable for 30 days, and are then permanently removed, including the underlying files in storage. Details are in our Privacy Policy and Data Processing Addendum.

Found a vulnerability?

Email hello@verrim.com with the details and we will respond promptly. We ask researchers to act in good faith and avoid accessing other customers’ data — we won’t pursue good-faith research.