Privacy Policy

TrueCerta ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our digital certificate verification platform.

2.1 Information You Provide

• Account Information: name, email address, password, organization name
• Certificate Data: recipient names, course information, completion dates
• Profile Information: professional bio, location, profile photo
• Payment Information: billing details processed securely through Stripe

2.2 Information Collected Automatically

• Device and browser information
• IP address and approximate location data
• Usage patterns and analytics
• Cookies and similar technologies

We use the collected information to:

• Provide and maintain our services
• Process certificate issuance and verification
• Send transactional emails and notifications
• Improve and personalize the user experience
• Ensure platform security and prevent fraud
• Comply with legal obligations

We may share your information with:

• Service Providers: third parties that help us operate the platform (Supabase, Vercel, Stripe, Resend)
• Verification Requests: certificate details are publicly accessible via verification pages (by design)
• Legal Requirements: when required by law or to protect our rights

We do not sell your personal information to third parties. Ever.

We implement appropriate technical and organizational measures to protect your data:

• AES-256 encryption at rest and TLS 1.3 in transit
• Regular security audits and dependency scanning
• Role-based access controls and authentication
• EU-based data centers with GDPR safeguards

We retain your information for as long as your account is active or as needed to provide services. Certificate records are retained indefinitely to ensure verification availability — that's the whole point of a verifiable credential. You may request deletion of your account and personal data at any time.

Under the GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Request deletion of your data
• Object to processing
• Data portability (export your data)
• Withdraw consent at any time

To exercise these rights, email privacy@truecerta.com. We respond within 30 days.

We use cookies to enhance your experience. Essential cookies are required for the platform to function; analytics cookies help us improve. You can manage cookie preferences through your browser settings.

Your data may be transferred to and processed in countries outside the EU. We ensure appropriate safeguards through Standard Contractual Clauses or adequacy decisions.

Our services are not intended for children under 16. We do not knowingly collect personal information from children.

We may update this Privacy Policy periodically. We will notify you of significant changes via email or platform notification, at least 14 days before they take effect.

For privacy-related questions or to exercise your rights, contact our Data Protection Officer:

• Email: privacy@truecerta.com
• Address: Amsterdam, Netherlands