/ Certified data wipe
Proof, not promises. Certificates auditors trust.
Most 'erasure certificates' on the market are static PDFs that can be edited in any browser. Stenfox Orion issues cryptographically signed certificates — PDF for humans, JSON for machines, hash-chained so any post-hoc tampering is detectable. Built for the auditor, not the marketing slide.
What you get
Cryptographic signature
Each certificate is signed with the operator's key. A regulator can verify integrity offline, years after issue.
PDF + verifiable JSON
Human-readable for the customer; machine-readable for the audit pipeline. Same evidence, two surfaces.
Hash chain
Every certificate references the previous one. Replace a certificate and the chain breaks — silently impossible.
Per-device serial + IMEI
Bound to serial number, IMEI/MEID, MAC and device fingerprint. No 'lost certificate' ambiguity.
Operator identity
Signed by both the platform and the human operator. Accountability is concrete, not implied.
Customer portal push
Certificate appears in the customer's portal the second the wipe completes. No emails to chase.
/ FAQ
Frequently asked questions
What's in a Stenfox certificate of data destruction?
Each certificate carries the device serial number, IMEI / MEID where applicable, MAC address, device fingerprint, NIST 800-88 method used (Clear, Purge or crypto-erase), verification result, operator identity, signing key fingerprint, timestamp (UTC and local), and a hash referencing the preceding certificate in the chain. Customer name and lot ID are included where the engagement specifies.
How is this different from Blancco's or BitRaser's certificate?
Legacy certificates from Blancco, BitRaser and WhiteCanyon WipeDrive are typically static PDFs with a logo and a serial number. Orion's certificate is the same artifact plus a cryptographic signature, a hash-chain link to the previous certificate and a machine-readable JSON counterpart. Auditors can verify integrity without trusting the issuer's web portal stays online.
Will the certificate satisfy a SOX, HIPAA or GDPR auditor?
Yes. Orion's certificates have been used in SOX-controlled environments (binding to fixed-asset records), HIPAA disposal documentation (proving secure destruction of ePHI), GDPR Article 17 'right to erasure' evidence (where consumer or employee data needed verifiable destruction) and PCI-DSS retention controls. The signature and hash chain are the differentiators auditors care about — they remove the 'trust us' problem.
What happens if a certificate is lost?
Nothing. Certificates are reissued on-demand from the customer portal. The original signed record never leaves the system, so a reissued copy is identical and verifiable.
Can certificates be branded with our company name and logo?
Yes. ITAD operators and enterprise customers brand certificates with their own logo, lot codes, customer-specific language, and even multi-language layouts where the end customer requires it. The cryptographic signature is unchanged.
/ Ready when you are
See Orion run a real lane.
A 30-minute working demo on your own device mix — phones, laptops, drives, anything. Bring your hardest unit.