Last updated: February 2026
At Certifyd, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our digital certificate management platform, website, and related services (collectively, the "Service").
We are committed to protecting the personal information of our users, certificate recipients, and website visitors. This policy applies to all information collected through our platform, including data processed on behalf of organizations that use Certifyd to issue and manage digital certificates.
By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this policy, please do not access or use our Service.
We collect information that you provide directly to us, information that is generated through your use of the Service, and information from third-party sources. The types of information we collect include:
When you create an account, we collect your name, email address, organization name, job title, and password. If you subscribe to a paid plan, we collect billing information such as your payment method details, billing address, and transaction history. We may also collect your phone number if you choose to provide it for account recovery or two-factor authentication.
When you create and issue certificates through our platform, we collect and store the certificate content, recipient names and email addresses, issuance dates, expiration dates, verification codes, and any custom fields you include on your certificates. This data is necessary to provide the certification and verification services that are core to our platform.
We automatically collect information about how you interact with our Service, including the pages you visit, features you use, actions you take, the time and duration of your visits, and your navigation patterns. This information helps us understand how our users engage with the platform and allows us to improve the user experience.
When you access our Service, we automatically collect certain technical information from your device, including your IP address, browser type and version, operating system, device identifiers, screen resolution, and language preferences. This information is used for analytics, security monitoring, and to ensure our Service functions correctly across different devices and browsers.
We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities on our Service. Cookies are small text files stored on your device that help us recognize you, remember your preferences, and provide a personalized experience. For more details, see the "Cookies and Tracking" section below.
We use the information we collect for a variety of purposes related to providing, maintaining, and improving our Service. Primarily, we use your information to operate the core functionality of our platform, including creating and managing your account, processing certificate creation and issuance, enabling certificate verification, and facilitating integrations with third-party meeting platforms such as Zoom, Microsoft Teams, and Webex.
We also use your information to communicate with you about your account, respond to your inquiries and support requests, send you important service updates and notifications about certificates you have issued or received, and provide you with information about new features or changes to our Service that may be relevant to you.
Additionally, we use aggregated and anonymized usage data to analyze trends, monitor the effectiveness of our Service, identify areas for improvement, and develop new features and products. We may also use your information to detect, prevent, and address technical issues, fraud, and security threats, and to comply with our legal obligations.
We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We are committed to keeping your data confidential and only share it in the limited circumstances described below.
We may share your information with trusted third-party service providers who assist us in operating our platform, such as cloud hosting providers, payment processors, email delivery services, and analytics tools. These providers are contractually obligated to use your information only for the purposes of providing services to us and are bound by confidentiality agreements that are consistent with this Privacy Policy.
When a certificate is verified through our platform, limited certificate information (such as the recipient name, issuing organization, certificate title, date, and validity status) is displayed on the verification page. This is a core feature of the Service and is necessary to enable certificate authentication.
We may also disclose your information if required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
We implement robust technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256 encryption. Our infrastructure is hosted on enterprise-grade cloud platforms with SOC 2 Type II certification.
We enforce strict access controls within our organization, ensuring that only authorized personnel with a legitimate business need can access personal data. All access is logged and monitored. We conduct regular security audits, vulnerability assessments, and penetration testing to identify and address potential security risks.
While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incidents and notifying affected users as required by applicable law.
We retain your personal information for as long as your account is active or as needed to provide you with our Service. Account data, including your profile information and billing records, is retained for the duration of your account and for a reasonable period afterward to fulfill our legal and contractual obligations.
Certificate data is retained for as long as the issuing organization maintains an active account, unless the organization requests earlier deletion. Verified certificates may be retained for an additional period after account closure to support ongoing verification needs, after which they are securely deleted or anonymized.
You may request deletion of your personal data at any time by contacting us at support@certifyd.cloud. Upon receiving a valid deletion request, we will remove your personal information from our active systems within 30 days, except where retention is required by law or for legitimate business purposes such as fraud prevention or dispute resolution.
Depending on your location, you may have certain rights regarding your personal information under applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
Under the GDPR, if you are located in the European Economic Area (EEA), you have the right to access the personal data we hold about you, the right to request rectification of inaccurate data, the right to request erasure of your data (the "right to be forgotten"), the right to restrict processing of your data, the right to data portability (receiving your data in a structured, commonly used format), and the right to object to processing of your data for certain purposes. You also have the right to withdraw consent at any time where processing is based on consent, and the right to lodge a complaint with a supervisory authority.
Under the CCPA, California residents have the right to know what personal information is collected, the right to know whether personal information is sold or disclosed and to whom, the right to opt out of the sale of personal information, the right to request deletion of personal information, and the right to equal service and price even if you exercise your privacy rights.
To exercise any of these rights, please contact us at support@certifyd.cloud. We will respond to your request within the timeframes required by applicable law, typically within 30 days. We may need to verify your identity before processing your request.
Our Service uses several types of cookies to enhance your experience. Essential cookies are strictly necessary for the operation of our Service, enabling core functionality such as authentication, session management, and security features. These cookies cannot be disabled without affecting the functionality of the Service.
Analytics cookies help us understand how visitors interact with our Service by collecting and reporting information anonymously. We use these insights to improve our platform and user experience. Performance cookies allow us to count visits and traffic sources so we can measure and improve the performance of our Service. Preference cookies enable the Service to remember choices you make (such as your language or display preferences) and provide enhanced, personalized features.
You can manage your cookie preferences through your browser settings. Most browsers allow you to block or delete cookies, though doing so may affect your ability to use certain features of our Service. You can also opt out of analytics tracking by using browser extensions designed for that purpose.
Certifyd is operated from the United States, and our primary data processing facilities are located in the United States. If you access our Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our service providers maintain facilities.
When we transfer personal data from the EEA, the United Kingdom, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, or other legally recognized transfer mechanisms to ensure your data is protected in accordance with this Privacy Policy and applicable law.
By using our Service, you acknowledge and consent to the transfer of your information to the United States and other jurisdictions as described in this policy. We take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.
Our Service is not directed to individuals under the age of 16, and we do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us at support@certifyd.cloud.
If we become aware that we have collected personal information from a child under the age of 16 without verification of parental consent, we will take immediate steps to remove that information from our servers and delete the associated account.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes to this policy, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, by sending you an email notification or displaying a prominent notice within our Service.
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us:
Email: support@certifyd.cloud
Company: Certifyd Inc.
Address: 123 Innovation Drive, Suite 400, San Francisco, CA 94105, United States
For data protection inquiries from the European Economic Area, you may also contact our Data Protection Officer at the email address listed above. We aim to respond to all legitimate inquiries within 30 days.
Join thousands of organizations using Certifyd
Get Started Free