eComFax® Security

There are sectors that handle sensitive or highly confidential information, and that are subject to strict regulations to protect the client and their data against companies and possible security breaches.

eComFax® has been designed with the security and encryption necessary to comply with all these regulations, in such a way that we help our clients meet all the requirements to ensure complete privacy of their clients' information and compliance with regulations.

In addition, the information systems that eComFax support have been certified by a third party approved company in National Scheme of Security. This certification is mandatory for providers that treat Spanish public administration and ensures that certified systems comply with minimum requirements that protect this information.

eComFax® includes functionalities that contemplate different regulations or scenarios in which a security plus is required

PCIFax®: Designed to protect credit card information and to ensure compliance with the PCI DSS regulation.

SecureFax®: This functionality can be set to both send and receive faxes, complying with HIPAA regulations. In either case, the user can guarantee security and proof of delivery, the recipient must register on the eComFax® page if they want to view the fax. Delivery will be made only in the eComFax® application.

Certifax® y CertiSMS®: Designed to certify that the information was sent on a specific date and time, with a specific content and giving validity to the fax and / or SMS to be used as evidence in a judicial process.

SecureFax® and PCIFax®

The reason why the fax has not disappeared, despite having the image of an obsolete technology, is because of the security it offers during the transmission of information, compared to that of electronic mail that can be intercepted. Despite the security offered by standard fax, at eComFax® we have developed functionalities with advanced security protocols that completely shield the transmission of the most sensitive information.

It is important to protect sensitive information such as credit and debit card data, therefore maximum security must be guaranteed for communications with specific economic or financial information regulated by international controls, as in the case of the PCI DSS (Payment Card Industry Data Security Standard).

In addition to the business environment, some clients in the Public Administrations, Government and Defense sector make use of SecureFax as a method of secure transmission of documents.

SecureFax® is a way of sending information through the eComFax® interface. The only way in which both the sender and the recipient can access faxes is through the eComFax® platform, in which they must be registered. The recipient must authenticate on the platform through a two-factor authentication procedure (an SMS code will be sent to their mobile phone).

SecureFax allows the sending of information with an electronic certificate, time stamp and acknowledgment of receipt. This information is guaranteed not to have been modified and includes the date of creation by a certified authority using an advanced digital certificate.

PCIFax® works the same as SecureFax®, but goes one step further; PCIFax® also guarantees that documents cannot be printed, forwarded, downloaded, or intercepted, thus complying with the PCI DSS regulation, which precisely prohibits the ability to store, print or forward the information.

Within SecureFax® and PCIFax® the following advantages stand out:

  • Acknowledgment of receipt and download
  • HTTPS and TLS secure connections
  • Automation from ERP and third-party applications
  • Web and SMTP interface
  • Post registration
  • Possibility of deleting sent documents
  • Custody of the documents sent
  • Access Audit.


The main objective of the CertiFax® certified fax service is to add evidentiary value to sending faxes. The CertiFax® service acts as a trusted third party, since it is not a party involved in the transaction, that is, neither the sender nor the recipient of the certified fax, it acts as an independent witness, certifying that the transaction has been completed and all the information of the process was kept safe for future use, whether as evidence, for example, in court proceedings or bill recovery.


Some companies need proof that an SMS message has been sent without any doubt. Accordingly, they can use that proof in a legal process with the assurance that the communication occurred on a specific date and time, that the content was specific (as proof of authenticity), that the communication occurred between two addresses, and that an independent third party guarantees that this actually happened.

EComFax® Regulatory Compliance

There are industries in which it is not possible to operate without complying with international regulations that protect consumer privacy. The requirements of these regulations are clear and violating them can result in heavy fines and damage to the reputation of your brand or company. Some of the regulations that eComFax® complies with are HIPAA, PCI-DSS, MIFID II, GDPR or Dodd-Frank Act.


If you contract with another HIPAA covered organization (any entity that provides treatment, payment, and healthcare operations) to create, maintain, receive, or transmit PHI (protected health information) on behalf of your organization, then it is your partner. commercial. Therefore, you will need to sign a BAA with them.

EComFax® technology is designed to be fully HIPAA compliant, and we sign Business Associate Agreement, if our clients require it (available only in our Enterprise subscription).

More about HIPAA compliance with eComFax®


eComFax® complies with the Payment Card Industry Data Security Standard (PCI-DSS), which requires financial information to be stored securely and protected against data breaches.


From eComFax® we guarantee security through data encryption or encryption and through advanced user controls and permissions. We encrypt all files from the upload point to the delivery point using either AES-256 bit encryption technology or symmetric encryption algorithms, combined with TLS 1.2 encryption protocols.

  • 2-factor authentication (2FA) available and recommended for all users
  • User access and permission controls at the account level
  • Automated session timeouts
  • Advanced tracking, reporting and audit trail features

  • TLS 1.2 encryption for files in transit
  • Secure HTTPS connections for both the web interface and the API