DigiCert Public Privacy Notice


Public Privacy Notice in other languages

English | Français | Deutsch | Español | Italiano | Nederlands | Português | 日本語 | 한국인 | 简体中文 | 繁体中文

Effective Date

February 1, 2024
Privacy Notice Archive


We care about your personal information that you share with us.  The purpose of this Privacy Notice (“Notice”) is to inform the representatives of our business customers and other individuals (“you” or “your”) who share personal information with DigiCert, Inc. and/or its affiliates (“DigiCert,” “DigiCert Group”, “we,” or “us”), of how we collect and process personal information and certain rights you may have concerning your personal information that you share with us.

For residents of the People’s Republic of China (“PRC”), Japan, and Australia, please see the section below on Other Jurisdiction-Specific Information.



Contents of this Notice

Who We Are

What this Privacy Notice Covers

Product-Specific Information

Purpose of Processing

Lawful Basis of Processing

What Information Do We Collect About You?

Cookies & Tracking Technology

Sensitive Personal Information

How Do We Use Your Information?

Disclosures to Third Parties

Information Security

Where Do We Host and Store Your Information?

How Long Do We Store Your Information?

Your Rights with Respect to Your Personal Information

EU, UK, Swiss Data Privacy Framework

China Privacy

Japan Privacy

Australia Privacy



Children’s Privacy

Changes to this Notice

Contact Information

Related Documents

DigiCert Legal Repository


DigiCert, Inc. is a company established in the United States with principal offices at 2801 North Thanksgiving Way, Suite 500, Lehi, Utah 84043.  For information on how to contact us, please see our Contact Information below.  DigiCert, Inc. also has subsidiaries in various locations throughout the world (collectively, the “DigiCert Group”).

To the extent that DigiCert is acting as a Certificate Authority (“CA”), DigiCert is acting as the data controller of personal information processed under this Notice.  For information on where we process and store your information, and what specific DigiCert entity is the controller or entity responsible for data processing in a specific instance, please see the section on Where Do We Host and Store Your Information.


This Notice applies to DigiCert employees, agents, networks, servers, products, websites, mobile applications, online services, platforms, devices, and/or technology that collect and process your personal information.


DigiCert offers a broad range of products and services.  For additional entity-specific information related to particular DigiCert products and subsidiaries, such as DNS Made Easy, Rapid Web Services, LLC (“SSL Store”), QuoVadis, GoGetSSL, please visit our DigiCert Privacy Center.


When acting as a CA, DigiCert processes your personal information for the purpose of providing you certificate services in accordance with the Certification Practices Statement (“CPS”) applicable to the particular certificate services in question.  DigiCert also processes your personal information for the purpose of providing other products and/or services that you have requested or purchased, including the use of our websites.  See below, How Do We Use Your Information? for more specific information.


DigiCert only processes your personal information where it has a basis or justification under applicable law to do so.

For agents and representatives of our business customers, we process your personal information according to a legitimate interest that we have in servicing our customer which you represent, by providing the products and/or services that our business customer has requested or purchased, and to perform the services that are necessary to process your personal information.

For other customers, as applicable and depending on your location and/or the service or product you have requested or purchased, we may process your personal information to take steps to enter a written agreement and/or fulfill our obligations under a written agreement with you.

As part of the products and/or services you have requested, either on your own behalf or on behalf of a business customer that you represent, you voluntarily submit your personal information so we can fulfill such requests.   

When acting as a CA, we are obligated to process your personal information in accordance with industry standards developed and enforced by certain third-party consortiums, such as the Certification Authority/Browser Forum (“CA/B Forum”).  For more information on our industry standards and related consortiums, see the applicable CPS in our Legal Repository.


Categories of Personal Information We Collect:

During the previous 12-months and/or while you engage with DigiCert products and services, we collect and/or process the personal information listed under “Business Contact Information” in the table below.  As part of our certificate issuance process, we collect the information listed under “Validation Information.”

For those who choose to use our Remote Identity Verification (“RIV”) process, we also collect the information listed under “Biometric Information.”

Business Contact Information

First and last name, email address, postal address, telephone and fax number(s), IP address, usernames and related account information, job title, employer, and certain payment details.

Validation Information

DigiCert processes sensitive personal information on a limited basis, including government-issued identification (driver’s license, passport ID, or other) as part of our validation processes related to certificate services.

Biometric Information

DigiCert processes sensitive personal information on a limited basis, including government-issued identification as part of our validation processes and certain biometric information for our customers who choose to use our Remote Identity Verification (“RIV”) process.  Where required, we obtain your separate consent prior to processing your sensitive personal information.  Please see our privacy notice for Remote Identity Verification here, which also describes your right to request withdrawal.

Categories of Sources from Which We Collect Your Information

As part of our products and/or services we provide, we may collect your personal information from various sources, including:

Our Website:  DigiCert and its third-party live-chat administrator may collect your information through our website, including by email, live chat, or for our customers who choose to create an account with us, through the customer account.  If you choose to contact us using our live chat platform, we are required to obtain your consent before we can communicate with you by live chat.  As an alternative to live chat, you may also contact us at support@digicert.com.

Our OCSP Service:  DigiCert may collect your information when an Online Certificate Status Protocol (“OCSP”) request is made against an HTTPS website or other TLS service that is secured by a DigiCert certificate.  DigiCert collects OCSP requests, the client IP address, and the certificate serial number to operate the OCSP Service, as described in the applicable CPS in our Legal Repository.  OCSP data is retained by DigiCert for up to 7 years and is used for troubleshooting and detection of malicious or fraudulent activity.  OCSP data processed by our content delivery network is deleted after 10 days.

From Customers:  Customers request digital certificates through their account on DigiCert’s Website (the “Account”) or through other contact with DigiCert or its resellers.  When submitting a request, Customers typically provide to DigiCert the following information about Individuals: name, email address, telephone number, address, and government-issued identification (which may include additional information, depending on the identification used).  Specific information about personal information required for particular DigiCert services and products may be found in the applicable CPS in our Legal Repository.

From Third Parties:  DigiCert may collect information from third party sources to confirm or supplement personal information that it obtains from customers.  DigiCert uses such information from third-party sources for the purposes of fulfilling validation services related to issuing certificates.

Where DigiCert makes external communications through social media platforms, we collect and analyze the activity related to our communications to measure customer satisfaction and brand reputation as well as understand the effectiveness of our external communication strategies.

Where DigiCert conducts marketing activities, we may also collect and use information from third parties such as lead generation and data quality providers, as well as from publicly available sources, where this is permitted by law.

Social Media Listening:  We use certain third-party tools that integrate with social media platforms through application programming interfaces.  These tools gather analytics information from social media posts regarding DigiCert made by consumers and users of such platforms that help us improve our products and services.  We do not use this information for marketing purposes or sales outreach, but we may link information gathered through social media listening with customer accounts.

Reseller Affiliates:  For customers who have purchased digital certificates and related products through our reseller affiliates, DigiCert may collect business contact information, financial transaction information, and other personal information related to the transaction with our reseller affiliates.  Generally, data processing related to our partnerships with reseller affiliates is governed under a joint controller arrangement.  For more information on privacy practices related to our reseller affiliates, please visit our DigiCert Privacy Center


DigiCert uses cookies, web beacons, log files, and similar technology to gather, analyze, and store technical information about website visitors.  You may learn more about how we use cookies and manage your own cookie settings in our Cookie Settings.


We may use your information for the following purposes:

  • Providing products and services, facilitating live chat, and fulfilling sales and support services: We may use your information to provide our products and services, send order confirmations, respond to customer service requests, provide live chat services in response to sales and technical questions, and fulfill orders, including using your information to verify your identity in relation to customer order requests, or to contact you to discuss support, renewal, and the purchase of our products and services.  When you contact us by phone, we record such communications for quality assurance and training purposes.  For most phone calls, we retain records for up to 30 days, or as needed to address your specific questions.  When using video conferencing platforms, we may retain records for up to one year.

  • Marketing: We may use your information to send promotional emails.  These emails may include web beacons and/or similar technology that communicate information about the email back to DigiCert, so we can measure the effectiveness of our advertising and marketing campaigns.  Where required under applicable law, we obtain your consent to send promotional emails.  You may opt-out of receiving promotional emails from DigiCert by following the unsubscribe instructions provided in each email or by submitting an opt-out request on our Privacy Request Form.  DigiCert may use third parties to send promotional emails on our behalf, but DigiCert does not permit such third parties to use your personal information for any other purpose.

  • Validation Services: As part of issuing certificates, DigiCert uses personal information to perform validation services in accordance with industry standards applicable to Certificate Authorities and in a manner consistent with the Certificate Practices Statement applicable to the particular certificate services in question.

  • Advisory/support e-mails: While your customer account is active, DigiCert may send you advisory e-mails to provide support and security updates in relation to our products and services.  Advisory/support emails may include responses to your inquiries, support information related to our validation services, notifications of expiring certificates, and non-promotional information about the products and services that have been ordered.  Where the purpose of advisory emails is to help us fulfill our contractual obligations in providing products and/or services, you may not generally unsubscribe from such emails while the customer account is active, although we may exercise our discretion in honoring such requests.  DigiCert may also use third-party service providers to assist in sending advisory/support emails, but DigiCert does not permit such third parties to use your personal information for any other purpose.

  • Technical usage information/data analytics: Depending on your cookie consent selection, when you visit our website, we may collect device information, including your IP address and other unique identifiers, device name, type of operating system, mobile network information, and standard web information like your browser type and the pages you access on our website.  We only collect this information to ensure the proper functioning of our website, to personalize your experience on our website, to monitor your usage activity and trends, and keeping our website safe and secure. We may also collect your web traffic information to track sales, demographics, product usage and related analytics so that we can improve our product offerings, target marketing, and sales resources.  We create internal reports based on our data analytics that may be processed by third-party service providers, who help us analyze our data.  We do not allow such third parties to use such information for any other purpose than to provide such services. Where permissible under applicable law, or where you have provided your consent, your usage of our websites may also be tracked and used for marketing/advertising purposes. See Cookie Settings to review, provide or remove your consent and for more information on how we use cookies and tracking technologies.


Depending on the products and/or services you have requested or purchased, during the previous 12 months and/or while you engage with DigiCert products and services, DigiCert may disclose your information to DigiCert affiliates, service providers, and other third parties who process personal information on our behalf and in accordance with applicable laws, and not for their own marketing or any other purposes.

We do not sell your data to third parties, and our third parties to whom we do disclose your information are subject to requirements that are at least as restrictive as this Privacy Notice.  As required by applicable law, such third parties are also bound by data processing agreements that outline processing requirements and restrict usage of your information to fulfilling one or more of the purposes outlined below:

Disclosures to DigiCert Affiliates

·        For many products and/or services we provide, we may share your information within DigiCert’s group of affiliates for the purposes of internal processing—and only for the purpose of providing you your product/service.  This may include financial accounting, business intelligence, engineering, legal processing, tech support, compliance, marketing, sales, information security, and other internal processing needs.

·        For international transfers of personal information among DigiCert’s intra-group entities, DigiCert has implemented transfer protocols that satisfy EU GDPR, UK GDPR, and Swiss FADP.  Moreover, for personal information originating in the EU/EEA, UK, or Switzerland and that is transferred to the United States, DigiCert is also certified under the Data Privacy Framework.

Disclosures to Service Providers

·        IT Service Providers:  We may share your information with third parties that provide us with SaaS services, including customer relationship management and other database and application software.

·        Analytics/Optimization Firms:  We may share your information with analytics and search engine providers that help us improve and optimize our networks, products, websites, mobile applications, platforms, devices, and/or other online services and technology.

·        Live-Chat Support:  We may share your information, including email address, with chat-based support software services that allow users to request support and clarify technical problems.

·        Payment Processors:  We may share your information with payment processors that help process your credit card payments.  We follow Payment Card Industry Security Standards (PCI-DSS) when handling credit card information.

·        External Auditors:  We may share your information with external auditors that audit our accounting practices and financial statements, information security practices, compliance programs, and other essential parts of our global infrastructure.  Such audits evaluate, confirm, and verify processes related to the quality and security of products and services to ensure DigiCert management systems have been effectively implemented.  As part of the audit process, auditors may contact you to verify information related to the services you have purchased.  For more information on audits DigiCert participates in, please visit our DigiCert Solutions Infrastructure Security page.

Disclosures to Other Third Parties

·        Marketing and Advertising Firms:  We may share your information with marketing firms, advertisers, and advertising networks that send you advertisements across our platforms about our products and services.

·        Blogs:  Our website may offer publicly accessible blogs or community forums.  Any information you provide in our blogs can be read, collected, and used by others who access them.  To request removal of your personal information from our blog or community forums, please contact us  through our Privacy Request Form.  In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.

·        Social Media Widgets:  Our website includes social media features, such as a “Like” button and widgets, as well as share buttons or interactive mini-programs.  These features may collect your IP address, the pages you visited on the website, and set cookies to enable the features to function properly.  Social media features are either hosted by a third party or hosted directly on the website. Interactions with these features are governed by the privacy notice of the corresponding social media company.

·        Law Enforcement or Lawful Order:  When required by formal judicial or other lawful and mandatory process, DigiCert may share your personal information with law enforcement agencies, public authorities, other government agencies, or other parties who are able to obtain a lawful order compelling our production of such information.


The security of your personal information is of the utmost importance to DigiCert.  DigiCert has implemented and maintains internal technical and organizational measures in accordance with industry best practices and applicable data protection laws.  Such measures may be viewed here.  

Among other security measures, we have industry-standard encryption for data at rest and data in transit.  While our security practices align with commercially reasonable protocols, DigiCert cannot guarantee absolute security of your personal information.  For questions about our security practices, please contact privacy@digicert.com.


Data storage generally depends on your location and the product and/or services you have purchased or requested.  Our data processing activities related to your personal information are subject to applicable data protection laws in such locations.  For more detailed information about certain products, please see our DigiCert Privacy Center.

Internal Processing

For U.S. entities, your validation information is stored in our U.S. data centers.  For EU/EEA entities, your validation information is stored in our data centers located in the Netherlands and Switzerland.

The following table provides more specific information on where we process and store your information for internal processing withing our DigiCert Group:




Hosting Locations

Storage Locations


CertCentral (TLS/SSL Certificates, Code Signing Certificates), Product feature includes Discovery & Automation

United States

United States

CertCentral EU

CertCentral TLS/SSL Certificates


Netherlands, Switzerland

CertCentral EU

Qualified Signatures with DTM


Some data is stored in the U.S.

DigiCert One


Trust Lifecycle Manager

United States




United States




DigiCert One


Document Trust Manager

United States




United States




DigiCert One


IoT Trust Manager

United States



United States



DigiCert One


Software Trust Manager





United States




DigiCert One

Embedded Trust Manager (Formerly Mocana)

United States

United States





Third-Party Sub-Processors

We may also provide your information to third-party processors who process your personal information on our behalf for the purpose of providing you with the products or services you have requested.  You may view our list of sub-processors at https://www.digicert.com/content/dam/digicert/pdfs/legal/sub-processor-list.pdf.


We retain personal information only for legitimate business purposes and as long as necessary to fulfill our commitment to provide products and/or services to you (or the business customer you represent), and in accordance with the applicable CPS that aligns with industry standards.  More particularly, we retain certain data types in accordance with the following retention schedule:

  • Account Information:  We retain your account and validation information as long as the account is active or while your certificate remains unexpired, and in accordance with industry standards applicable to CAs.  Depending on the type of certificate, industry standards require us to maintain such information for a period of 7 years after your account is terminated, cancelled, or the certificate expires, or as contractually agreed upon.  We may also retain such information as long as necessary to defend against legal claims, resolve disputes or to enforce our agreements.

  • Marketing Information:  If you have opted-in to receiving promotional materials or allow us to use your information for personalized online experiences, we may retain such information until you notify us that you no longer want us to use your information for promotional purposes and/or for personalized online experiences.  You may unsubscribe from any promotional emails you receive by clicking on the unsubscribe link in your email or by submitting a request through our Privacy Request Form.  You may also learn how to manage your cookie preferences by consulting Cookie Settings.

  • Pseudonymization:  When we no longer have a legitimate basis for retaining your personal information in an identifiable format, and where required, we delete your information.  However, we may also store certain information in a pseudonymized format, including the following:

    • Transactional elements such as type, quantity, and cost of services provided;
    • Usage activity and interaction with features of the services;
    • Performance metrics of the services and support provided.


You may have certain rights regarding your personal information.  You may submit a request to access your information, request portability, request deletion, restrict processing of your personal information, request correction, right to non-discrimination for invoking your privacy rights and, in certain cases, you may object to us processing your personal information and submit a request to withdraw your consent to processing.   

You may exercise your rights with respect to your personal information in the following ways:

  1. Privacy Request Form.  You may submit a request to access, delete, object to processing, request portability, restrict processing, or a request to correct/update your personal information through our Privacy Request Form.
  2. Email:  You may email us your request at privacy@digicert.com.

Verification of Your Identity

Prior to responding to a request listed above, we will ask you to answer a few questions about yourself to help us verify your identity.  In the event more documentation is necessary to verify your identity, we will notify you.

What if We Cannot Verify Your Identity?

If we can’t verify your identity, we will notify you.  Any request may be denied if we have reason to believe the request is fraudulent.

Updating Your Account.  Although you are not required to open an account to exercise your privacy rights, if you have an account, you may update your personal information by accessing and editing your account profile.  For assistance, contact our support team at support@digicert.com.

Opting Out of Marketing:  You have the right to ask us not to process your personal information for direct marketing purposes.  You can exercise your right to prevent such processing at any time by contacting us through our Privacy Request Form.

NAI/DAA Consumer Opt-Out:  You may also visit the following webpages to opt-out of targeted advertising from a broad array of companies, including some who serve ads on behalf of DigiCert.  For Network Advertising Initiative or “NAI” visit http://www.networkadvertising.org/managing/opt_out.asp and for Digital Advertising Alliance or “DAA” visit http://www.aboutads.info/choices/.  Opting out through these sites does not mean you will stop see advertisements when using DigiCert websites or platforms, but it does mean that the company or companies from which you opt-out on these sites will no longer show ads that have been tailored to your interests.

Designating an Authorized Agent:  Depending on the state or country where you reside, you may have a right to designate an authorized agent to make requests on your behalf.  In the United States and potentially other states/countries, you may provide a power of attorney to designate your authorized agent.  If you do not have a power of attorney, you may contact privacy@digicert.com to receive a form that you will need to fill out to designate your authorized agent.  Please note that there may be additional steps required to verify your identity and to designate an authorized agent.

Right to Appeal:  Unless there is an overriding interest or requirement, we honor all requests submitted with respect to the privacy rights enumerated above.  However, we may be unable to take action on a request if there is a legitimate business reason or other requirement that may override the request.  If this is the case, we will inform you as to the reason why we were unable to fulfill your request.  Depending on the state or country where you reside, you may have a right to appeal if we are unable to take action on your request.  You may file an appeal by emailing privacy@digicert.com with subject line “Appeal.”


DigiCert complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  DigiCert has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  DigiCert has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this Notice and the EU-U.S. DPF Principles, the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov.

DigiCert is responsible for the processing of personal data it receives, under each Data Privacy Framework, and subsequent transfers to a third party acting as an agent on its behalf.  DigiCert complies with the Data Privacy Framework Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Data Privacy Framework, DigiCert is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.  In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.



Privacy Addenda

China (PRC) Residents

Please see the China Privacy Addendum to this Notice.


Japan Residents

Please see our Japan Privacy Addendum to this Notice.


Australia Residents

Please see our Australia Privacy Addendum to this Notice.


All Other Countries


Please see our DigiCert Privacy Center to see if we have information regarding the privacy laws in your country.


You may file a complaint regarding our privacy practices through our Privacy Request Form, or by emailing us at privacy@digicert.com.  Before we respond to your complaint, we will ask you to verify your identity.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, DigiCert commits to resolve DPF Principles-related complaints about our collection and use of your personal data.  EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, should first contact DigiCert at privacy@digicert.com.   

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Under certain conditions, more fully described under the Data Privacy Framework website at https://www.dataprivacyframework.gov/s/article/How-to-Submit-a-Complaint-Relating-to-a-Participating-Organization-s-Compliance-with-the-DPF-Principles-dpf, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.


Terms of use for software downloaded from DigiCert’s websites may override the terms of this Notice with respect to use of the software.  As noted under the Product-Specific Information and Jurisdiction-Specific Information section, we may also provide supplementary privacy notices which describe processing activities outside the scope of this Notice.

Our website may include links to third party websites whose privacy practices may differ from those outlined in this Notice.  If you submit personal information to any of those websites, your information is governed by their privacy policies, and we encourage you to carefully read the privacy policies of those third-party websites before you submit any of your personal information to those websites.

Children’s privacy

DigiCert does not knowingly collect personal information from children under the age of 18 and DigiCert’s websites, platforms, and applications are not directed toward children.  If you believe we might have personal information belonging to a child under the age of 18, please contact us at privacy@digicert.com.


We may update this Notice from time to time.  If we make material changes to our information practices, we will update this Privacy Notice and notify interested parties (e.g., by posting a notice on our home page or product platform, or by emailing affected Individuals where necessary).  We encourage you to periodically review this page for the latest information on our privacy practices.  Revisions to this Notice are effective 30 calendar days after being posted, or as required by applicable law.


Please contact the DigiCert Data Privacy Officer or DigiCert’s Europe Data Protection Liaison with any questions or concerns about this privacy notice or our data collection practices. Individuals in the United Kingdom may also contact our United Kingdom Representative.

DigiCert Data Privacy Officer

DigiCert, Inc.

Attention: Data Privacy Officer, Aaron Olsen

2801 North Thanksgiving Way, Suite 500

Lehi, Utah 84043, United States

Toll Free: 1-800-896-7973 (US & Canada)

Direct: 1-801-701-9600

Fax Toll Free: 1-866-842-0223 (US & Canada)

Fax Direct: 1-801-705-0481


Europe Data Protection Liaison

DigiCert Ireland Ltd.

Attention: Europe Data Protection Liaison, Richard Hall

Unit 21, Beckett Way

Park West Business Park

Dublin 12, Ireland

Phone: +353 1803 5400

Fax: +353 1861 7990


United Kingdom Representative

DigiCert UK Limited

Attention: United Kingdom Representative

c/o Worldwide Corporate Advisors Llp

150 Minories

London EC3N 1LS United Kingdom

Certification Practices Statements
Certificate Policy
Master Services Agreement
Terms of Use


The DigiCert Legal Repository is available at: DigiCert Legal Repository