Sign, certify and manage
your agreements in one place.

Certums is the complete platform: e-signature for multi-signer agreements, document certification with CSV + QR that anyone can verify in seconds, and contract management with renewal alerts. With cryptographic evidence verifiable outside the platform.

CERTIFICATE

Digital Verification Course

Demo University of Cuba

This certificate is awarded to Carlos Pérez for completing the Digital Verification course on April 18, 2026.

CSV
CERT-7BCD-9KMN-2PQR-3VWX
Valid · PAdES B-LT

Para cualquier emisor

Pensado para personas, empresas e instituciones — públicas o privadas.

  • Personas naturales
  • Empresas
  • Mipymes
  • Instituciones estatales
  • Instituciones privadas
  • Entidades legales

The platform

Three products that work together.

See it in action

The real product, no mockups.

Certums signer portal with the issuer's branding: document on the left and signing panel capturing a drawn signature
The signing ceremony — with your brand, your color, and no account required: the signer reads the actual document, draws their signature and confirms with a code sent to their email. In Spanish or English.
Certums home dashboard with getting-started guide and metrics for documents and agreements
Your dashboard — metrics for documents, agreements and verifications, with guided onboarding.
Certums contract repository with terms, counterparties and expiration alerts
Contracts (CLM) — terms, value and renewal alerts before anything expires.
El Código Seguro de Verificación

Una clave matemática asociada a cada documento.

El CSV es una clave segura generada mediante un algoritmo matemático asociado a cada documento digital. Con este código, cualquier persona puede consultar el texto del documento original y comprobar su autenticidad.

  • 1 Ingresas tu correo o teléfono y un captcha.
  • 2 Recibes un código de un solo uso.
  • 3 Pegas el CSV del documento y obtienes el resultado.
Ir al portal de verificación

La verificación es libre y sin costo. El correo o teléfono solo se usa para enviarte el código de un solo uso — no se comparte con la institución emisora.

For three audiences

One platform. Three ways to use it.

Every account gets its own isolated workspace, policies and branding. The verification experience is always the same for the recipient: simple, fast, free.

What you get

Document trust, by design.

Cryptographic CSV

Every document gets a unique, non-enumerable code with ~77 bits of entropy.

QR + public URL

The recipient scans the QR or enters the URL and verifies in seconds — no account needed.

PAdES signature

PDF standard with timestamping and long-term validation (B-LT / B-LTA).

Multi-tenant

Each institution is a sealed tenant with its own users, templates and branding.

Immutable audit trail

Append-only with optional hash chaining. Every critical action leaves evidence.

Free, traceable verification

No cost for the verifier. Identification via email/phone + captcha + OTP to audit and prevent abuse.

How it works

From template to public verification.

  1. 01
    Define your template

    Fields, privacy policy, expiration and signature level.

  2. 02
    Issue the document

    From the dashboard or the API. Idempotent: safe retries.

  3. 03
    Signature + CSV + QR

    PAdES signature with HSM/KMS, cryptographic CSV, embedded QR.

  4. 04
    Public verification

    Any recipient verifies authenticity and validity in seconds.

Impossible to forge

A cryptographic chain that breaks at the slightest change.

It doesn’t rest on the issuer’s word. Four independent mechanisms, any one of which detects a forgery.

01

sha-256 hash over canonical bytes

Changing a single byte alters the hash and breaks the signature. Public verification reflects it instantly.

02

PAdES signature with the key in an HSM / KMS

The private key lives in inaccessible cryptographic hardware. Neither Certums nor the issuer can sign outside the audited flow.

03

CSV with ~77 bits of entropy

Not enumerable, not sequential, impossible to guess. Generated with a cryptographic RNG on every issuance.

04

Hash-chained audit trail (tamper-evident)

Every critical action links to the previous one by hash. If anyone tries to edit the log, the chain breaks and leaves evidence.

If anyone edits a single byte of the signed PDF, public verification reports it and shows the original hash. The issuer cannot sign retroactively because the private key lives in an HSM and the audit trail links every action.

Audit-grade storage

Your documents don’t live on your PC. They live on audit-ready infrastructure.

If you lose your device, you lose nothing. Backups are automatic, immutability is enforced, and every read is logged.

Always in the cloud

Documents live on institutional or Cuban infrastructure — never on the issuer’s PC. If you lose your device, you lose nothing.

Automatic daily backups

Optional cross-region replication. Backups verified periodically with a procedure documented in the runbook.

Immutable storage

Object Lock enabled: once stored, the signed PDF cannot be overwritten or deleted during the retention period.

Encryption at rest and in transit

SSE-S3 / SSE-KMS on the buckets · TLS 1.3 required for all communication. No encryption keys on server disk.

Traceability for audits

Every read, download, revocation or change is recorded with actor, IP, correlation ID and timestamp. Exportable for external auditors.

Retention per plan

From 12 months to perpetuity depending on the plan. Once retention expires, files are purged with signed evidence of the process.

Validity under control

Each template defines how a document expires. Public verification reflects the status in real time:

  • Valid Document active and verifiable.
  • Revoked Flagged with reason and date. Reflected publicly at once.
  • Expired Past the validity date configured in the template.
  • Superseded Replaced by a new document that links back to the previous one.
Plans

Storage and retention. That’s what sets your plan.

We don’t charge for verifications. Plans differ by included storage, file retention, issuance throughput and signature level.

Personal

Esencial

Para profesionales y autónomos.

990 CUP / mes
Storage
5 GB
Retention
5 años
Documents / month
50
Signature
PAdES B-LT
See all Personal plans →
For document recipients

Verifying is free.

If you received a Certums document, verification is instant, anonymous and fee-free. All you need is the CSV or the QR code.

  • No account · no installs · no cookies
  • Document status: valid, revoked, expired or superseded
  • Visible cryptographic signature · issuing institution
  • Download of the signed PDF if the institution allows it
Try verification →
Trust

Built on standards.

No homegrown cryptography. Primitives come from audited libraries; professional signing goes through an HSM, KMS or QTSP.

See the full security model →
Technological sovereignty

Cuban identity. Cuban data.

Institutional deployments authenticate with Cuba’s Unified Identity System. Your staff signs in with the same identity they use for other public services. No foreign providers in the critical path.

  • Unified Identity System

    Native authentication with Cuba’s SUI via OIDC for institutional deployments. Your institutional identity, with no foreign providers.

  • Sovereign deployment

    Hosting on Cuban or your own institutional infrastructure. Data, keys and audit trail stay within your technical borders.

  • No lock-in

    Open standards (PAdES, RFC 3161, OIDC). If you decide to migrate, signed documents remain valid in any standard verifier.

Frequently asked questions

What people ask first.

Who can verify a document?

Anyone. No account is required, but you do identify yourself with an email or phone number plus a captcha; you receive a one-time code to confirm the verification.

Why do we ask for an email or phone number to verify?

To audit and prevent abuse. Verification is free and unrestricted, but we record who verifies and when. Your contact info is NOT shared with the issuing institution and is never used for marketing — it only receives the one-time code.

Are verifications charged?

No. Verification is free and costs nothing for the verifier. Plans define how much each institution can issue and how long we retain the files.

What happens if I lose my computer or it breaks?

Nothing. Documents live in the institutional or Cuban cloud, with automatic daily backups and cross-region replication. You access them from any device with your identity.

How do you guarantee nobody can forge a document?

The combination of a sha-256 hash over the bytes, a PAdES signature with the key in an HSM, a high-entropy CSV and a hash-chained audit trail makes any alteration detectable and traceable. Neither Certums nor the issuer can sign outside the audited flow.

How is the issuer authenticated?

Institutional deployments integrate with Cuba’s Unified Identity System (SUI) via OIDC. For individuals and SMBs: email authentication with Argon2id plus optional MFA.

Can documents have an expiration date?

Yes. Each template defines a policy: no expiration, a fixed date or a rolling period. Public verification immediately reflects "valid", "expired", "revoked" or "superseded".

What signature level does Certums use?

PAdES B-LT on Essentials / Starter plans and up, and B-LTA on Pro / Growth / Institutional plans. Compatible with any standard PDF verifier (Adobe Reader, Acrobat, ETSI tools).

Is it valid for external audits?

Yes. The audit trail is append-only with optional hash chaining, and exportable. The PAdES B-LTA signature preserves long-term validity (LTV) thanks to the archival timestamp and the embedded certificate chain.

Are my documents isolated from other institutions?

Yes. Each institution lives in a sealed tenant, enforced by organizationId on every query and covered by automated tests.

See all questions →

Ready to issue your first documents?

We set up your institution and walk you through your first template. You’ll be issuing in less than a day.