1. Introduction

CertTracker ("we," "our," or "us") operates the getcerttracker.com website and CertTracker application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

Account Information: When you create an account, we collect your name, email address, company name, and industry.

Employee Data: You may input employee names, email addresses, phone numbers, job titles, locations, and employee IDs into the platform.

Certification Data: You may input certification types, issue dates, expiry dates, and upload certification documents (PDFs, images).

Usage Data: We automatically collect information about how you interact with our service, including IP address, browser type, pages visited, and timestamps.

Payment Information: Payment processing is handled by Lemon Squeezy. We do not store your credit card details on our servers.

3. How We Use Your Information

We use your information to:

Provide and maintain our certification tracking service
Send automated expiry reminder notifications via email and SMS
Generate compliance reports on your behalf
Process payments and manage your subscription
Communicate with you about service updates and support
Improve our service and develop new features

4. Data Storage & Security

Your data is stored on Supabase infrastructure (built on PostgreSQL) with enterprise-grade security measures including:

256-bit SSL/TLS encryption for all data in transit
Encryption at rest for stored data
Row-level security policies ensuring data isolation between companies
Regular automated backups
Access controls limiting data access to authorized personnel only

5. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your information only with:

Payment Processor: Lemon Squeezy processes payments on our behalf
Email/SMS Providers: To deliver reminder notifications
Legal Requirements: When required by law, subpoena, or government request

6. Your Rights

You have the right to:

Access: Request a copy of the personal data we hold about you
Correction: Update or correct inaccurate information
Deletion: Request deletion of your account and associated data
Export: Download your data in CSV format from the Reports section
Opt-out: Unsubscribe from marketing communications at any time

7. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt-out of the sale of personal information. We do not sell personal information.

8. Cookies

We use essential cookies to maintain your session and authentication state. We do not use third-party tracking cookies or advertising cookies.

9. Data Retention

We retain your data for as long as your account is active. Upon account deletion, we remove your personal data and employee records within 30 days. Anonymized usage data may be retained for analytics purposes.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

Email: support@getcerttracker.com

Website: getcerttracker.com