Platform Security

Built to Protect the Integrity of Every Draw

Whether you are an organisation running a draw or a participant entering one, security is fundamental. Trust begins with transparency.

Tamper-Evident Encrypted Transmission Publicly Verifiable Data Responsible

Platform Security Status Core protections active

ALL SYSTEMS ACTIVE

Data Transmission HTTPS / TLS

Certificate Integrity SHA-256

Timestamp Standard UTC

Access Control Role-Based

Public Verification AVAILABLE

Audit Logging ENABLED

Continuously monitored — updates applied as needed

For Participants For Organisations Data Protection System Monitoring Our Role Transparency

Participant Protections

For Participants

If you have entered a competition that uses our platform, here is what you should know about how your draw is protected.

The Result Is Timestamped Protected

Every completed draw is recorded in Coordinated Universal Time (UTC) at the exact moment of completion — providing a precise, unambiguous timestamp that cannot be adjusted after the fact.

The Outcome Is Tamper-Evident Protected

Each certificate includes a Record Fingerprint (SHA-256). If any part of the draw record were changed after issuance, the fingerprint would no longer match — making tampering immediately detectable.

Public Verification Is Available Protected

Anyone can independently verify a draw result using the certificate ID or fingerprint — no account required, no approval needed.

Reserve Winners Are Transparent Protected

If reserve winners were selected, they are listed in order of priority on the certificate. If none were selected, the certificate clearly states this — no hidden selections, no ambiguity.

Organisational Safeguards

For Organisations

Safeguards designed to protect draw integrity and the security of your data throughout the process.

Encrypted Transmission

All data is transmitted over HTTPS with TLS encryption. No data is sent in plain text.

Controlled Administrative Access

Access to draw management is restricted to authorised users within your organisation.

Role-Based Permissions

Granular permission controls ensure users only access what they are authorised to see and do.

Internal Audit Logging

Key actions are logged internally, providing a traceable record of platform activity.

Secure Certificate Generation

Certificates are generated at draw completion with a cryptographic fingerprint applied immediately.

Structured Record Storage

Draw records are stored in a structured format designed to preserve integrity and support verification.

Data Handling

Data Protection

We limit public visibility to essential, non-sensitive information. Sensitive data is never exposed through public verification pages.

Publicly Visible

Certificate ID

Draw completion timestamp (UTC)

Organisation name

Draw name and winner entry reference

Record Fingerprint (SHA-256)

Not Publicly Shown

Full entry lists

Contact details of any participant

Uploaded CSV or entry files

Private internal notes

Account or billing information

Continuous Oversight

System Monitoring

Core services are continuously monitored. Security updates and improvements are applied as needed to maintain platform resilience.

Availability

Core services monitored for uptime

Performance Stability

Response and processing benchmarks tracked

Unauthorised Access Attempts

Suspicious activity flagged and reviewed

Integrity Anomalies

Certificate and record consistency verified

Independence & Scope

Our Role

We operate as an independent adjudication and certification platform. Our role is clearly defined — and clearly bounded.

We Are Responsible For

Recording draw outcomes accurately

UTC timestamping at draw completion

Issuing tamper-evident certificates

Enabling public certificate verification

We Do Not

Sell or manage competition entries

Manage prize fulfilment or delivery

Control promotional activity

Adjudicate disputes between parties

Our role is to ensure the recorded draw outcome is accurate, timestamped, and verifiable. The organisation running the draw is responsible for its promotion, entry collection, and prize distribution.

Structural Security

Transparency First

Security is not just technical — it is structural. By combining four core principles, we create an environment where participants and organisations can rely on recorded outcomes.

Tamper-Evident Certification

Every certificate carries a SHA-256 fingerprint. Any modification to the record invalidates the fingerprint, making tampering immediately detectable.

Public Verification

Anyone can verify any certificate at any time using just a Certificate ID. No account required. No access restrictions on issued certificates.

Timestamped Records

All outcomes are recorded in UTC at the exact moment of draw completion — providing a precise, unambiguous point-in-time reference that cannot be altered.

Clear Role Separation

CertifiedDraw operates independently from the organisations using the platform — ensuring the certification record is objective and impartial.

Security & Trust at Every Step

From the moment a draw is run to the moment anyone verifies its outcome — every step is designed around integrity, transparency, and responsible data handling.

Secure Transparent Verifiable