Certificate of Authenticity

TrustedForm issues a unique Certificate of Authenticity for every lead generated on a form hosting the TrustedForm JavaScript. The certificate exposes the following information about a consumer's visit to the hosting page:

  • the URL of the page that hosts the offer form
  • the URL of the framing page, if the form was framed
  • the time and date the consumer visited the form
  • the consumer's public IP address
  • the consumer's browser version
  • the consumer's operating system
  • a full snapshot of the HTML, images, CSS and other page assets of the offer form as seen by the consumer
  • an alphanumeric ID that uniquely identifies the certificate

How do I receive a certificate for a lead?

Certificates are only generated for leads that were collected on forms that host the TrustedForm JavaScript. So getting the JavaScript on the form page is the first step.

The script inserts a special hidden field into the form when a consumer visits the page. The field contains the URL to the certificate generated for that specific page visit. Then when the form is submitted by the consumer, the URL to the certificate is included alongside the consumer's contact information.

When you receive a lead with a certificate URL field, you can open the certificate URL in your browser to see the information that we collected about the consumer's page visit.

It's important that you store the certificate URL in your database or CRM with the consumer's other data because the certificate URL is the sole key to retrieving any TrustedForm certificate.

Who has access to a Certificate of Authenticity for a lead?

The certificate doesn't belong to any one specific TrustedForm account. Furthermore, any one that handles the lead data can see the certificate, even if they don't have a TrustedForm account, for 3 days after the certificate is generated. Certificates look the same to account holders and non-account holders. Everyone is privy to the exact same information. If you have the lead data, then you have the certificate URL, and therefore can see the information exposed by TrustedForm. Transparency is paramount.

Are certificates available indefinitely?

No. A new Certificate of Authenticity will self-destruct after 72 hours unless you use our HTTP API to claim the certificate. Once claimed, a certificate is available to you for 30 days. If you want to keep certificates for longer than 30 days, you can easily configure that in your account.

If you don't have the capability to call our API when you receive a lead, you might be interested in our lead management system, LeadConduit, which can be easily configured to automatically claim certificates.

We charge a small fee to claim each certificate and to store claimed certificates beyond 30 days.

What is the benefit of claiming a certificate?

Claiming a certificate will allow you to verify its legitimacy, view it online, access its data via our API, and refer to the snapshot that was taken from the page as seen by the consumer, for up to 30 days. And you can easily configure your account to keep certificates for as long as you like, for a small additional fee.

Certificates are great insurance against consumer complaints. They give you third-party verification of exactly where and when the consumer signed up, their IP address, the kind of browser they used, and even what the form looked like when the consumer landed on the offer page.

What information is not available on the certificate?

In-memory information submitted by the consumer will not appear in the certificate. Other information about the consumer's visit to the page — such as the referrer — that is not listed above is not available on the certificate.

As an impartial, publisher-neutral and advertiser-neutral third-party our goal is to operate with 100% transparency with regard to the information we expose in our certificates. We recognize the value of, and therefore are committed to protecting, proprietary information accessed during the course of our duties.

The TrustedForm script accesses some information that many publishers would consider sensitive, however, that information is never exposed to anyone. For example, our script reads the referrer property in the HTML DOM, but that value is not exposed in the certificate or anywhere else. It is used as part of our fraud detection algorithm but never sees the light of day. You'll also notice that we hide the query string of all page URLs just in case they contain personally identifiable information or search keywords. Your proprietary information belongs to you, and our TrustedForm EULA back up our claim.

If your questions or concerns have not been addressed here, or if have any further questions about the data we retain, please send an email to support. We'll get down to the bottom of it and keep this page updated.

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request


You must be logged in to comment.