If I cancel Certaby, do my old audit certificates stay accessible? What about MLR-2017 5-year retention?

Yes. Every Certaby cert ships with a `/verify/<hash>` URL that resolves for 7 years regardless of whether your subscription is active. MLR-2017 reg 40 requires letting agents to keep records for 5 years post-relationship-end; Certaby keeps cert evidence for 7 years to provide a 2-year safety margin. Customers can also download all signed PDFs from the dashboard before cancelling for true offline retention.

How the durable retention works:

1. Every cert produces a SHA-256 hash. The 20-char hex prefix is printed in the PDF footer URL `https://certaby.com/verify/<prefix>`. The full 64-char hash is on the cover.

2. The hash plus the cert's public projection (issuing firm, verdict, list versions used at screening time, timestamp) is stored in our DDB table `stratum-audit-cert-hashes` with a 7-year TTL. The DDB row is brand-segmented and firm-segmented but does not contain party PII.

3. The public `/verify/<hash>` page is Cloudflare-CDN cached and returns only the public projection. Never the party's name, DOB, nationality, or any other identifying field; those live in the issuing firm's records under MLR-2017 retention.

4. The signed PDF download URL on the dashboard is short-lived (1 hour for security) but the verify page stays live for the 7-year window. After cancellation, the firm cannot generate new download URLs from the dashboard, but the verify page remains the authoritative cryptographic proof that the cert existed and was unaltered.

5. The recommended pre-cancellation workflow: download every signed PDF from `/dashboard/checks` for offline retention; keep them in the firm's file system or document-management system; the verify URL on each cert continues to resolve for the remaining retention window.

How this compares with competitor practice. Per published terms of service across the main UK AML tools, SmartSearch + Credas + Veriphy + ThirdFort gate cert retrieval on active subscription: once the contract ends, the firm cannot access historical reports through the vendor's portal. The firm then depends on whatever local copies they downloaded during the subscription. For a letting agent running an MLR-2017-compliant practice, this creates a structural retention problem when switching vendors or pausing operations; you must download everything before the contract ends, and nothing is cryptographically verifiable as authentic post-cancellation.

What HMRC's supervisory guidance says on records surviving vendor changes: the firm is the record holder under MLR-2017, not the vendor. A vendor going out of business or a firm cancelling a subscription does not extinguish the record-keeping obligation. The firm must have a plan for preserving the records independent of vendor availability. Certaby's hash-bound verify URL is built specifically to satisfy this; the verify page can be opened from a printed cert alone, with no Certaby login, for the full 7-year window.

In practice, this matters at two moments: switching vendors (the firm gets a clean break with a verifiable audit trail intact) and HMRC inspection 4-5 years after a tenancy ended (the inspector can re-verify the cert independently). Both moments are when subscription-gated archives create real risk for the firm.

Source: HMRC MLR-2017 record-keeping guidance

Last updated 2026-05-19.