Each TrustedForm certificate captures a session replay of what the consumer saw when they filled out the offer form.
The full certificate, including the replay, is visiable to any account holder that has retained the certificate
using the retain operation. In order to protect consumer privacy, the certificate hides form input
fields recorded in the session replay by default. The In other words, simply retaining a certificate is insufficient
for accessing the consumer's PII because it cannot be seen in the replay.
This means that a certificate URL can be safely passed to a lead buyer on ping. As long as the phone number and email address
are withheld, the buyer cannot access the consumer's PII. The buyer can only examine the certificate using insights
to see if it meets their requirements. When the lead is posted with the certificate URL and the email or phone, the
buyer can use match_lead and retain together to both unlock the PII in the session replay
and also store the certificate.
Important: If you are pinging a buyer who uses LeadConduit, none of the data you provide on ping can be accessed by the buyer. Because of this, it's prefectly safe to pass the certificate URL and all PII on ping to LeadConduit. Doing so can dramatically reduce post-rejects since LeadConduit is able to evaluate the entire lead on ping.