Certy ("we", "our", or "us") operates getcerty.com. This Privacy Policy explains how we collect, use, and protect your information when you use our service.
We collect information you provide directly to us:
Your data is stored in a secured SQLite database hosted on Render. Azure client secrets are encrypted at rest with AES-256 before being stored. We use HTTPS for all data in transit. We do not sell your data to third parties.
We use the following third-party services:
Expiry alert emails are sent using SMTP credentials you configure in your own settings; those credentials are encrypted at rest and used only to send your alerts.
We retain your account data for as long as your account is active. Check history is retained for the most recent 100 checks per tenant, and audit logs for the most recent 1,000 entries per organisation. You may request deletion of your account and all associated data at any time by emailing [email protected].
You have the right to access, correct, or delete your personal data. You may also object to or restrict processing of your data. To exercise these rights, contact us at [email protected].
Certy does not use tracking or advertising cookies. Authentication uses a token kept in your browser's local storage, which is essential for the service to function and is removed when you sign out.
Certy is not directed at children under 16. We do not knowingly collect personal information from children.
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by displaying a notice in the app. Continued use of Certy after changes constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy, please contact us at [email protected].