Organization Digital Certificate Supplement
The Organization Digital Certificate Supplement, effective June 19, 2026, is an addendum to the Proof General Terms that governs the issuance, verification, and use of digital certificates provided by Proof to legal entities ("Organizations"), detailing the application process, verification of identity and information accuracy, obligations of the Organization and Proof, and the requirement for reapplication upon certificate expiration.
Organization Digital Certificate Supplement
Last Modified Date: June 19, 2026
This Organization Digital Certificate Supplement is attached to and incorporated into the Proof General Terms (“General Terms”). Capitalized terms not otherwise defined have the meanings given in the General Terms, the Proof Glossary, or the Order Form.
1. Applicability
This supplement applies to a User in an entity capacity (“Organization”), if Proof provides the Organization with a Digital Certificate. “Organization” means the legal entity identified in the Application as the subject of, and on whose behalf a User requests, accepts, and uses, an Organization Digital Certificate. References to obligations, representations, acknowledgments, or actions of the Organization include the authorized representative who accepts this supplement and submits the Application on the Organization’s behalf.
2. General
Proof will use commercially reasonable efforts to verify the information provided by Organization when requesting a Digital Certificate (an “Application”). If Proof accepts Organization’s Application, Proof will provide the Digital Certificate to Organization subject to the terms, conditions, and restrictions stated in the Agreement. Proof has no obligation to provide the Digital Certificate to Organization. Proof will inform Organization of the validity period of the Digital Certificate. At the end of that period, Organization must submit a new Application for a Digital Certificate.
3. Verification
The Organization authorizes Proof to verify the identity of the Organization, its beneficial owners, and other agents or representatives as necessary for issuance of the Organization Digital Certificate. Proof may consult public or private databases or other sources for verification. The Organization represents and warrants that all responses provided to Proof as part of verification are complete and accurate. The Organization authorizes Proof to collect, store, and use any information collected or generated during the application, verification, and issuance process in accordance with this supplement.
4. Issuance
If verification is completed to Proof’s satisfaction, Proof will issue and deliver the Organization Digital Certificate using any reasonable means of delivery. Proof may change which root or intermediate certificate is used to issue Organization Digital Certificates at any time without notice. The Organization will abide by all applicable laws, regulations, and industry standards when applying for and using the Digital Certificate. If Proof cannot confirm the Organization’s identity and authorization, Proof may refuse to approve the application or issue a certificate without liability.
5. Defective Organization Digital Certificate
The Organization’s sole remedy for a defect in an Organization Digital Certificate (“Defect”) is to require Proof to use commercially reasonable efforts to cure the defect after receiving notice. Proof is not obligated to correct a Defect if:
- The Organization misused, damaged, or modified the certificate
- The Organization did not promptly report the Defect
- The Organization has breached any provision of the Agreement
6. Obligations and Restrictions on Use
6.1 Protection of Private Key
Organization must protect the Private Key included in a Digital Certificate. Organization must take all reasonable measures to protect its account, Private Key, and any associated activation data or device from unauthorized use and disclosure.
6.2 Organization’s Obligations
As a condition of issuance and use of a Digital Certificate, Organization must:
- Provide accurate and complete information as part of the Application
- Request revocation of the Digital Certificate if information changes or if the Private Key was misused or compromised
- Promptly notify Proof of any misuse of an Organization Digital Certificate
- Fully cooperate with Proof in the event of any compromise of the Digital Certificate or Private Key
- Not use the Digital Certificate for any purpose other than those designated by Proof
- Use the Digital Certificate in accordance with all applicable laws and regulations
- Obtain and maintain any authorization or license necessary to order, use, or distribute an Organization Digital Certificate
7. Representations and Warranties
Organization represents and warrants that:
- It provided true and correct information in the Application
- It has the full legal right and authority to obtain an Organization Digital Certificate
- It has protected and secured the Private Key
- It has full legal rights to use the Organization Digital Certificate
- The individual accepting the supplement is an authorized representative of the Organization
Subject to the provisions of this supplement and Organization’s fulfillment of its duties, Proof warrants that the Organization Digital Certificate shall be issued and managed in accordance with the applicable terms of the Proof Certificate Policy, the CPS, and this supplement.
8. Revocation
8.1 Revocation
Proof may revoke a Digital Certificate if it discovers or reasonably suspects that the certificate or any element of it:
- Has been compromised
- Is being used in connection with illegal activities (e.g., phishing, fraud)
- Is being used in connection with activities that violate industry norms (e.g., hate speech, defamation, IP infringement, non-consensual sex acts, child pornography, network abuse, spam)
- Presents a risk to the security or integrity of the public key infrastructure (PKI) or other risks to business, reputation, Relying Parties, or users
- Organization is engaged in conduct that is illegal or grounds for revocation under this supplement
- Other grounds stated in documents maintained by Relying Parties
Revocation may be backdated to protect Internet users and the PKI. “Relying Parties” include any entities that rely upon the information in the Digital Certificate.
8.2 Other
A Digital Certificate may also be revoked if Proof ceases doing business or is no longer allowed to issue Digital Certificates and no other provider is willing to provide revocation support.
8.3 Expired and Revoked Certificates
Organization may not use any revoked or expired Digital Certificate. Organization may not use any Private Key associated with revoked or expired certificates except to decrypt previously encrypted data.
9. Indemnification
Organization will indemnify, defend, and hold Proof and its affiliates harmless from any costs, damages, liabilities, or expenses (including reasonable attorneys’ fees) arising from third-party claims resulting from:
- Organization’s misrepresentation or omission of any material fact in the Application or otherwise submitted to Proof
- Compromise or unauthorized use or disclosure of a Digital Certificate or Private Key
- Organization’s misuse of a Digital Certificate or Private Key
Organization’s obligations are conditioned on Proof:
- Giving prompt notice of the claim
- Granting sole control of the defense or settlement to Organization
- Providing reasonable cooperation at Organization's request and expense
Proof may participate in the claim’s defense at its own cost. Organization will not enter into any settlement that adversely affects Proof’s interests without prior written approval. Organization is not responsible for any settlement it does not approve in writing.
Incident Priority and Resolution
Priority Level
- Level 1: Critical Business Impact. The incident seriously affects the functionality of the Services and cannot be circumvented such that most significant functionality is available.
- Level 2: Significant Business Impact. The incident partially affects functionality but can be circumvented so most significant functionality is available.
- Level 3: Minimal Business Impact. The incident can be circumvented and has no significant effect on usability.
Conditions for Closure of Help-Desk Ticket
- Level 1 & 2: Resolved and closed when an Incident Resolution has been fully implemented.
- Level 3: Resolved and closed when either an Incident Resolution has been fully implemented, or 10 business days have elapsed since Proof’s communication of the information that Proof reasonably believes will resolve the Incident, and Subscriber has not responded. The Incident can be reopened if not resolved.
On-Demand Notary and Platform Availability
Cumulative On-Demand Notary Availability Downtime (per calendar month):
- Up to 240 minutes: No credit
- 241-360 minutes: 1% credit
- 361-480 minutes: 3% credit
- 481-600 minutes: 5% credit
- 601 minutes or greater: 7% credit
Platform Availability Percentage (per calendar month):
- 99.9% or higher: No credit
- 97% - 99.9%: 1% credit
- 95% - 97%: 3% credit
- 93% - 95%: 5% credit
- Below 93%: 7% credit
Incident Priority Response Times
| Incident Priority | Acknowledgement Time | Provision of Incident Resolution or Interim Process | Max Timeframe for Provision of Incident Resolution (if Interim Process provided) |
|---|---|---|---|
| Level 1 | 1 hour | 8 hours | 36 hours |
| Level 2 | 4 hours | 24 hours | 5 days |
Personal Information Categories (California)
| Personal Information Category | Source(s) of Collection | Purpose(s) for Collection/Use | Third Parties/Service Providers | Retention Period |
|---|---|---|---|---|
| Personal Identifiers | Directly/indirectly from you, notaries, data analytics, social/advertising networks, service providers, counterparties, credential analysis, identity verification | Provide services, communicate, protect, verify, improve, advertise, legal obligations (for job applicants: assess application) | Affiliates, advertising/social networks, tech providers, payment processors, notaries, analytics, marketing, SSO, collaboration, engagement, identity verification, background screening, mortgage digitization, e-signature, financial services, mapping | Length of business relationship plus legally required retention or as long as business needs require |
| California Customer Records | Directly from you, counterparties, credential analysis, identity verification (for job applicants: background check, recruiters) | Provide services, communicate, protect, verify, improve, advertise, legal obligations (for job applicants: process application) | Affiliates, advertising/social networks, tech providers, payment processors, notaries, analytics, marketing, SSO, collaboration, engagement, identity verification, background screening, mortgage digitization, e-signature, financial services, mapping | Length of business relationship plus legally required retention or as long as business needs require |
| Protected Classifications | Directly/indirectly from you, notaries, analytics, social/advertising networks, service providers, credential analysis, identity verification (for job applicants: background check, recruiters) | Provide services, communicate, protect, verify, improve, advertise, legal obligations | Affiliates, advertising/social networks, tech providers, payment processors, notaries, analytics, marketing, SSO, collaboration, engagement, identity verification, background screening, mortgage digitization, e-signature | Length of business relationship plus legally required retention or as long as business needs require |
| Commercial Information | Directly/indirectly from you, notaries, analytics, social/advertising networks, service providers, counterparties | Provide services, communicate, protect, verify, improve, advertise, legal obligations, maintain records | Affiliates, advertising/social networks, tech providers, payment processors, notaries, analytics, marketing, SSO, collaboration, engagement, identity verification, mortgage digitization, e-signature, financial services, mapping | Length of business relationship plus legally required retention or as long as business needs require |
| Biometric Information | Directly/indirectly from you, service providers, credential analysis, identity verification | Provide services, communicate, protect, verify, improve, legal obligations, maintain records | Affiliates, tech providers | Length of business relationship plus legally required retention or as long as business needs require |
| Internet/Electronic Network Activity | Indirectly from you, analytics, social/advertising networks, service providers | Provide services, detect security incidents, protect, verify, improve, advertise, analytics | Affiliates, advertising/social networks, tech providers, payment processors, analytics, marketing, SSO, collaboration, engagement, identity verification, mortgage digitization, e-signature, financial services, mapping | Length of business relationship plus legally required retention or as long as business needs require |
| Geolocation Data | Indirectly from you, devices, analytics, social/advertising networks, service providers | Provide services, protect, verify, improve, advertise | Advertising/social networks, tech providers, payment processors, analytics, marketing, SSO, collaboration, engagement, identity verification, mapping | Length of business relationship plus legally required retention or as long as business needs require |
| Sensory Data | Directly/indirectly from you, service providers, credential analysis, identity verification | Provide services, communicate, protect, verify, improve, legal obligations, maintain records | Affiliates, tech providers, counterparties | Length of business relationship plus legally required retention or as long as business needs require |
| Professional/Employment Information | Directly from you, notaries, analytics, social/advertising networks, counterparties, credential analysis, identity verification (for job applicants: background check, recruiters) | Provide services, communicate, protect, verify, improve, advertise (for job applicants: process application) | Affiliates, advertising/social networks, tech providers, payment processors, notaries, analytics, marketing, SSO, collaboration, engagement, identity verification, background screening, mortgage digitization, e-signature, financial services | Length of business relationship plus legally required retention or as long as business needs require (for job applicants: up to 7 years for non-hired applicants) |
| Non-public Education Information | For job applicants: directly from you, recruiting software, background check, recruiters | Process application | Affiliates, background screening, tech providers | For job applicants: up to 7 years for non-hired applicants |
| Inferences Drawn | Indirectly from you, devices, analytics, social/advertising networks, service providers | Provide services, advertise, analytics, improve | Affiliates, advertising/social networks, tech providers, analytics, marketing, SSO, collaboration, engagement, mapping | Length of business relationship plus legally required retention or as long as business needs require |