Legal

Privacy policy

Effective: TBD — pending counsel review

Draft template. This document is a working draft and has not been reviewed by counsel. Do not rely on it for legal purposes. Before launch we will replace this with a reviewed version. Questions in the meantime: hello@certsafe.ai.

This policy describes how CertSafe collects, uses, shares, and protects personal information when you use the CertSafe website at certsafe.ai, the CertSafe issuer portal, the CertSafe worker web wallet, the CertSafe mobile app, and the public certificate verification flow (collectively, the "Services").

CertSafe is operated by a company registered in the State of Utah, USA. Questions: hello@certsafe.ai.

1. The three sides of CertSafe

CertSafe connects three audiences. The information we collect and what we do with it depend on which side you use:

  • Issuers (training companies, licensing bodies, employers): paying customers who issue certifications to their workers through the issuer portal.
  • Workers: individuals who hold certifications. You can sign up directly through the worker wallet (web or mobile) or by claiming a certificate sent to you by an issuer.
  • Verifiers (site supervisors, gate keepers): anyone who scans a certificate QR code. Verifiers do not need an account.

2. Information we collect

From issuers and their team members

  • Account information: name, work email, company name, password (stored as a salted hash by our auth provider), and role.
  • Organisation information: business name, business registration number, accreditation body, contact details, and supporting documents you upload during application review.
  • Certificate templates and rosters: cert types, validity periods, branding (logo, accent colour), and the worker contact details you import for batch issuance.
  • Billing information: handled by our payment processor (Stripe). We store a customer reference and subscription metadata but do not store full payment card numbers.

From workers

  • Account information: full name, email, password (salted hash), and optionally phone number and state of residence.
  • Certifications issued to you by an issuer: the issuer's name and branding, certificate name and type, issue and expiry dates, and a snapshot of your name at issue time. This data originates from the issuer; we display it to you.
  • Self-uploaded certifications: certificate name, type, ID number, issuing authority you enter, dates, and the image or PDF file you upload.
  • Training records you log: training name, topic, conducting organisation, completion date, and optional notes.
  • Mobile device push token: when you allow notifications, your device's Expo push token so we can send you expiry reminders.
  • Communications: messages you send through the contact form, support channels, or by email.

From verifiers

The public verification page is read-only and does not require an account. We collect the verifier's IP address and request metadata in standard server logs for security and abuse detection only.

Collected automatically

  • Usage data: pages viewed, features used, timestamps.
  • Device data: device type, operating system, browser, and general location derived from IP address.
  • Log data: server logs that capture request and error information for security and debugging.

3. Your public profile QR

When you create a worker account, we generate a random unguessable URL (your "public profile token") that anyone with the link can view. The page shows your name, email, phone, state, and the list of certifications you have on file. This page exists so a supervisor can scan your QR at a site gate and see what you hold, without you having to hand over your phone.

The URL contains a random UUID. Search engines are instructed not to index it (X-Robots-Tag: noindex, nofollow), but it is not password-protected. Anyone who has the URL can view the page.

4. How we use information

  • To provide, operate, and improve the Services.
  • To deliver certificates issued to you by an issuer and to let you manage your own self-uploaded certificates.
  • To send expiry reminders for certificates on file — 30 days, 7 days, and on the day they expire — via email and, where you have opted in, mobile push notifications. You can disable email notifications from your profile.
  • To support the public certificate verification flow used by supervisors at site entry.
  • To bill issuers and manage subscriptions.
  • To respond to support requests.
  • To detect, investigate, and prevent fraud and abuse.
  • To comply with legal obligations.

5. Who we share information with

We do not sell personal information and do not share it for advertising. We share only as described below:

  • Workers ↔ issuers. An issuer who issues a certificate to you can see the certificates they themselves issued, the lifecycle of those certificates, and the contact information you provided when claiming. They cannot see certificates issued to you by anyone else.
  • Verifiers. The public verification page shows the worker name, the issuing organisation name, certificate status, and certificate metadata necessary for verification. It does not expose passwords, payment information, or self-uploaded certificate images.
  • Sub-processors who help us run the Services under written data-processing terms:
    • Supabase — authentication, database, and file storage.
    • Vercel — hosting for the website, issuer portal, and worker wallet web app.
    • Stripe — billing for issuer subscriptions.
    • Resend — transactional email (expiry reminders, claim invitations, onboarding).
    • Expo Push Service — routing mobile push notifications to Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM).
    • Upstash — rate limiting for the issuer portal.
  • Legal reasons. We may disclose information when required by law, subpoena, court order, or to protect rights, property, or safety.
  • Business transfers. If CertSafe is acquired or merged, information may transfer as part of the transaction. Affected users will be notified.

6. Account deletion and data retention

Workers can delete their account from inside the worker wallet (Profile → Delete account). If you no longer have the app installed, see our account deletion page for an email-based path. Deletion is irreversible and removes your account, your self-uploaded certificates and uploaded files, your training records, your notification history, your push tokens, and your authentication record. Certificates issued to you by an issuer stay in the issuer's system — you must contact the issuer if you want them removed there too.

Issuers can cancel their subscription from the billing portal. We retain organisation data for up to 30 days after cancellation, then delete it unless a longer period is required by law or by your organisation's audit defensibility obligations. Enterprise customers can negotiate alternative retention in writing.

Certificates already issued by an issuer remain valid in workers' wallets after the issuer's subscription ends — those are a worker-side asset.

7. Your rights

Depending on your jurisdiction (including under GDPR, UK GDPR, CCPA / CPRA, and similar laws) you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate information.
  • Delete your personal information (workers can do this themselves from the app; for issuer accounts, email us).
  • Export your data in a portable format.
  • Object to or restrict certain processing.
  • Withdraw consent for marketing communications.
  • Lodge a complaint with a data protection authority in your jurisdiction.

To exercise any of these rights, email hello@certsafe.ai. We respond within the time period your local law requires.

8. Security

We use industry-standard technical and organisational measures: TLS 1.2+ in transit, encryption at rest, role-based access control, salted-hash password storage, server-mediated access to uploaded files (never publicly addressable URLs), tamper-evident audit logs of certificate events, and row-level security on the database. See our Security page and email security@certsafe.ai to report a vulnerability.

9. International transfers and data residency

CertSafe is based in the United States and our default region for data processing is North America. Information you provide may be processed in the United States or other countries where our sub-processors operate. Canadian data residency is available to issuer customers whose regulatory posture requires it — tell us during onboarding if this applies.

10. Cookies

We use the minimum cookies necessary to operate the Services. This includes:

  • Authentication cookies — httpOnly, secure cookies set by Supabase that keep you signed in. These are essential and cannot be disabled while you have an active session.
  • Preference cookies — minimal local state for UI preferences.

We do not currently use advertising cookies or third-party analytics that track you across sites.

11. Children

CertSafe is intended for use by adults (18+) in occupational settings. We do not knowingly collect personal information from children under 18. If you believe a child has provided personal information to us, contact hello@certsafe.ai and we will delete it.

12. Changes to this policy

We may update this policy from time to time. Material changes will be communicated to active customers by email and posted on this page with an updated effective date. Continued use of the Services after a change constitutes acceptance.

13. Contact

Privacy questions, rights requests, and complaints: hello@certsafe.ai. Our postal address will be added before launch.

See also: Privacy · Terms · Security