Privacy Policy

1. Information We Collect

We collect information you provide directly:

• Account information: name, email address, password
• Organization information: company name, industry
• Employee data: names, emails, department, certification records
• Payment information: processed securely by Paddle (we do not store card details)

2. How We Use Your Information

• To provide and improve the CertHub service
• To send certification expiry reminder emails
• To process subscription payments via Paddle
• To respond to support requests
• To send service-related notifications

3. Data Sharing

We do not sell your personal data. We share data only with service providers necessary to operate the Service:

• Paddle — payment processing and tax compliance
• Resend — transactional email delivery
• Redis — temporary session and OTP storage

4. Data Retention

We retain your data for as long as your account is active. You may request deletion of your account and associated data at any time by contacting us. Deleted data is removed within 30 days.

5. Security

We implement industry-standard security measures including encryption in transit (TLS), hashed passwords (bcrypt), and JWT-based authentication.

6. Cookies

We use only essential cookies and local storage for authentication tokens. We do not use tracking or advertising cookies.

7. Your Rights

You may have rights to access, correct, or delete your personal data. To exercise these rights, contact us at support@certhub.work.

8. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by email or prominent notice on the Service.

9. Contact Us

For privacy questions, contact support@certhub.work.