Certificate of Authenticity

TrustedForm issues a unique Certificate of Authenticity for every lead generated on a form hosting the TrustedForm JavaScript. The certificate exposes the following information about a consumer's visit to the hosting page:

  • the URL of the page that hosts the offer form
  • the URL of the framing page, if the form was framed
  • the time and date the consumer visited the form
  • the consumer's public IP address
  • the consumer's browser version
  • the consumer's operating system
  • a full snapshot of the HTML, images, CSS and other page assets of the offer form as seen by the consumer
  • an alphanumeric ID that uniquely identifies the certificate

How do I receive a certificate for a lead?

Certificates are only generated for leads that were collected on forms that host the TrustedForm JavaScript. So getting the JavaScript on the form page is the first step.

The script inserts a special hidden field into the form when a consumer visits the page. The field contains the URL to the certificate generated for that specific page visit. Then when the form is submitted by the consumer, the URL to the certificate is included alongside the consumer's contact information.

When you receive a lead with a certificate URL field, you can open the certificate URL in your browser to see the information that we collected about the consumer's page visit.

It's important that you store the certificate URL in your database or CRM with the consumer's other data because the certificate URL is the sole key to retrieving any TrustedForm certificate. We are unable to retroactively marry lead data with the certificate ID. The best way to ensure you can easily pull up a certificate for an individual lead is to store all the lead data together with the certificate id.

Who has access to a Certificate of Authenticity for a lead?

Because our script is universal, the certificate doesn't belong to any one specific TrustedForm account. Any one that has access to the lead data can see and access the certificate for the first 72 hours. If you have the lead data, then you have the certificate URL, and therefore can see the information exposed by TrustedForm. Transparency is paramount.

Are certificates available indefinitely?

No. A new Certificate of Authenticity will self-destruct after 72 hours unless you use our HTTP API to claim the certificate. Once claimed, a certificate is available to you to access at any time. The default retention period is 5 years. This account setting is configurable..

If you don't have the capability to call our API when you receive a lead, you might be interested in our lead management system, LeadConduit, which can be easily configured to automatically claim certificates.

We charge a small fee to claim each certificate and to store claimed certificates beyond 30 days.

What is the benefit of claiming a certificate?

Claiming a certificate will allow you to verify its legitimacy and confirm it’s a real certificate, view it online, access its data via our API, programmatically scan the webpage that generated the certificate for required or forbidden language, and share a masked certificate with another party.

Certificates are great insurance against consumer complaints. They give you third-party verification of exactly where and when the consumer signed up, their IP address, the kind of browser they used, and even what the form looked like when the consumer landed on the offer page.

Who can claim a certificate?

Anyone with a TrustedForm account and who has the TrustedFormCertificateURL can claim any certificate.

This means that a certificate may be claimed more than once by one or more accounts. Each claimant will have access to the certificate for the duration of their account’s storage agreement.

The same account can claim a certificate more than once.

Each claim specifies its own optional parameters such as required or excluded text.

Why would more than one account want to claim the same certificate?

For example, a lead’s buyer and vendor may each want to ensure their own TrustedForm protection. If only the buyer claims the certificate, the vendor will have to depend on the buyer for access to the full certificate.

What information is not available on the certificate?

In-memory information submitted by the consumer will not appear in the certificate. Other information about the consumer's visit to the page — such as the referrer — that is not listed above is not available on the certificate.

As an impartial, publisher-neutral and advertiser-neutral third-party our goal is to operate with 100% transparency with regard to the information we expose in our certificates. We recognize the value of, and therefore are committed to protecting, proprietary information accessed during the course of our duties.

The TrustedForm script accesses some information that many publishers would consider sensitive, however, that information is never exposed to anyone. For example, our script reads the referrer property in the HTML DOM, but that value is not exposed in the certificate or anywhere else. It is used as part of our fraud detection algorithm but never sees the light of day. You'll also notice that we hide the query string of all page URLs just in case they contain personally identifiable information or search keywords. Your proprietary information belongs to you, and our TrustedForm EULA back up our claim.

If your questions or concerns have not been addressed here, or if have any further questions about the data we retain, please send an email to support. We'll get down to the bottom of it and keep this page updated.

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request


You must be logged in to comment.