← Back to Certy

Privacy Policy

Last updated: 25 May 2026

Certy ("we", "our", or "us") operates getcerty.com. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

1. Information We Collect

We collect information you provide directly to us:

  • Account information — name, email address, and password when you register.
  • Azure tenant credentials — client IDs, tenant IDs, and client secrets you add to monitor your Azure environments. Client secrets are encrypted at rest using AES-256.
  • Billing information — payment details are handled by Stripe and are never stored on our servers.
  • Audit log — security-relevant actions within the app (such as sign-ins and configuration changes) are recorded in your organisation's audit log. We do not use analytics or track pages you visit.

2. How We Use Your Information

  • To provide, maintain, and improve the Certy service.
  • To send transactional emails (account verification, password resets, expiry alerts).
  • To process payments via Stripe.
  • To respond to your support requests.
  • To monitor service health and prevent abuse.

3. Data Storage and Security

Your data is stored in a secured SQLite database hosted on Render. Azure client secrets are encrypted at rest with AES-256 before being stored. We use HTTPS for all data in transit. We do not sell your data to third parties.

4. Third-Party Services

We use the following third-party services:

  • Stripe — payment processing. See Stripe's Privacy Policy.
  • Resend — transactional email delivery. See Resend's Privacy Policy.
  • Render — cloud hosting. See Render's Privacy Policy.
  • Microsoft Graph API — used to read your Azure tenant data. No data is shared with Microsoft beyond what is required for API authentication.

Expiry alert emails are sent using SMTP credentials you configure in your own settings; those credentials are encrypted at rest and used only to send your alerts.

5. Data Retention

We retain your account data for as long as your account is active. Check history is retained for the most recent 100 checks per tenant, and audit logs for the most recent 1,000 entries per organisation. You may request deletion of your account and all associated data at any time by emailing [email protected].

6. Your Rights

You have the right to access, correct, or delete your personal data. You may also object to or restrict processing of your data. To exercise these rights, contact us at [email protected].

7. Cookies

Certy does not use tracking or advertising cookies. Authentication uses a token kept in your browser's local storage, which is essential for the service to function and is removed when you sign out.

8. Children's Privacy

Certy is not directed at children under 16. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by displaying a notice in the app. Continued use of Certy after changes constitutes acceptance of the updated policy.

10. Contact

If you have questions about this Privacy Policy, please contact us at [email protected].