/ Legal
Privacy Policy
Última actualización: July 6, 2026
Este documento está disponible actualmente en inglés. Una versión traducida está en preparación. Para consultas en tu idioma, escribe a info@certiglobal.org.
This Privacy Policy explains how Certidemy (“Certidemy”, “we”, “us”, or “our”), operated by CertiGlobal [FULL LEGAL ENTITY NAME], a company [registered in / with its principal place of business at [ADDRESS]] (the “Company”), collects, uses, shares, and protects personal data when you use the Certidemy website at certidemy.com and our related learning and certification services (the “Services”).
We provide professional certifications built to the ISO/IEC 17024 framework. Because a core purpose of the Services is to issue and independently verify credentials, some of the data you provide is, by design, made publicly verifiable — this is explained in detail below. Please read this Policy carefully.
If you have questions about this Policy or how we handle your data, contact us at info@certiglobal.org.
1. Who is responsible for your data
The data controller responsible for your personal data is CertiGlobal [FULL LEGAL ENTITY NAME], contactable at info@certiglobal.org.
[If the Company offers services to individuals in the European Economic Area (EEA) or United Kingdom and is required to appoint a representative under Article 27 GDPR, name that representative here.]
2. Information we collect
Account information you provide: your full name, email address, a password (which is stored only in hashed form — we never see or store your plaintext password), and your preferred language.
Authentication data: if you sign in using Google, we receive basic profile information from Google (such as your name and email address) as permitted by the scopes you approve. We do not receive your Google password.
Learning and assessment data: the certifications you enroll in, lessons and practice questions you access, your practice attempts and responses, mock and formal exam results and scores, readiness indicators, and your progress through the curriculum.
Credential data: the certifications you earn, the unique credential code assigned to each, and the issue and expiry dates.
Payment information: when you purchase a certification or related service, payment is processed by a third-party payment processor ([PAYMENT PROCESSOR NAME]). We do not collect or store full payment card numbers. We may retain limited transaction records (such as amount, date, and a payment reference) for accounting and support.
Organizational data: if you are enrolled or sponsored through an employer or organization (for example, via a voucher or team account), we process information necessary to associate your account with that organization and to report progress and outcomes to it as described below.
Technical and usage data: your IP address, device and browser type, approximate location derived from IP, pages viewed, referring pages, and similar log data, collected automatically when you use the Services.
Communications: the content of messages you send us, such as support requests.
3. How we use your information
To provide, operate, and maintain the Services, including delivering learning content, administering practice and exams, and issuing credentials.
To create and manage your account and authenticate you when you sign in.
To issue, display, and independently verify your credentials, including through the public credential-verification feature described in Section 4.
To personalize your learning experience, such as readiness indicators and study guidance.
To process payments and manage vouchers, enrollments, and organizational sponsorships.
To communicate with you about your account, transactions, credentials, and support requests, and — where permitted — about changes to the Services.
To maintain the security and integrity of the Services and our certifications, including detecting and preventing fraud, cheating, and misuse.
To improve the Services and develop new features.
To comply with legal obligations and enforce our Terms of Service.
4. Public credential verification (important)
A defining feature of the Services is that credentials can be independently verified by third parties. When you earn a credential, the following information is made publicly accessible through our verification page (for example, at certidemy.com/verify) to anyone who has your credential link or credential code: your name, the certification earned, the credential code, the issue date, the expiry date, and the credential’s current status (active, expired, or revoked). Your exam score is never shown.
This public verifiability is intentional and is what gives your credential value — it lets employers and others confirm the credential is genuine. By earning a credential, you understand and agree that this specific information will be publicly verifiable for the purpose of confirming authenticity.
You may also choose to share a credential (for example, by adding it to your LinkedIn profile). Any information you choose to share in this way is shared at your discretion and becomes subject to the practices of the platform you share it on.
5. Legal bases for processing (EEA/UK users)
Where GDPR applies, we rely on the following legal bases: performance of a contract (to provide the Services and issue credentials you request); your consent (for example, for certain optional communications or cookies, which you may withdraw at any time); our legitimate interests (such as securing the Services, preventing fraud, protecting exam integrity, and improving our offerings), balanced against your rights; and compliance with legal obligations.
6. Cookies and similar technologies
We use cookies and similar technologies that are necessary to operate the Services (for example, to keep you signed in and to secure your session). We may also use cookies to remember preferences and, where permitted, to understand how the Services are used so we can improve them.
You can control cookies through your browser settings. Disabling necessary cookies may prevent parts of the Services from working. [If analytics or non-essential cookies are used, describe them here and provide a consent mechanism where required.]
7. How we share information
Service providers (sub-processors): we share data with vendors that process it on our behalf to run the Services, under contracts requiring appropriate protection. These include: Supabase (database hosting and authentication), Cloudflare (website hosting and content delivery), Google (when you choose Google sign-in), [PAYMENT PROCESSOR NAME] (payment processing), and [EMAIL PROVIDER NAME] (transactional email such as confirmation and password-reset messages).
Public verification: the limited credential information described in Section 4 is publicly accessible by design.
Organizations: if you are sponsored or enrolled through an employer or organization, we may share your enrollment status, progress, readiness, and credential outcomes with that organization, consistent with your relationship with them.
Legal and safety: we may disclose information where required by law, to respond to lawful requests, or to protect the rights, safety, and integrity of Certidemy, our users, and the public (including to investigate fraud or exam misconduct).
Business transfers: if we are involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction, subject to this Policy.
We do not sell your personal data.
8. International data transfers
Certidemy serves users across Latin America and other regions, and our service providers may process data in countries other than your own, including the United States and the European Union. Where we transfer personal data across borders, we take steps to ensure it receives an adequate level of protection, such as relying on service providers that offer recognized transfer mechanisms (for example, Standard Contractual Clauses) where applicable.
9. Data retention
We retain personal data for as long as your account is active or as needed to provide the Services.
Because credentials are meant to be verifiable over time, we retain the credential record (including holder name, certification, credential code, and issue/expiry/status) for as long as necessary to preserve the integrity and verifiability of the credential, even after account closure, unless we are required to delete it.
We retain transaction records as needed for accounting, tax, and legal purposes, and other data for as long as necessary for the purposes described in this Policy or as required by law.
10. How we protect your data
We use technical and organizational measures designed to protect personal data, including encryption in transit, hashing of passwords, and access controls at the database level. Exam content is held under stricter access controls than general learning content to protect assessment integrity.
No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential.
11. Your rights
Depending on where you live, you may have rights over your personal data. We honor these rights regardless of location where practicable.
Under the EU/UK GDPR, you may have the right to access, rectify, erase, restrict, or object to processing of your data; to data portability; and to withdraw consent. You also have the right to lodge a complaint with a supervisory authority.
Under Colombia’s Ley 1581 de 2012 (and Ley 1266 de 2008), you may have the right to know, update, and rectify your data; to request proof of the authorization granted; to be informed of the use made of your data; to revoke authorization and/or request deletion where legally permitted; and to access your data free of charge.
Under Brazil’s LGPD, you may have the right to confirm the existence of processing; to access, correct, anonymize, block, or delete data; to data portability; to information about sharing; and to withdraw consent.
Note that some data — in particular the credential record that makes your certification verifiable — may be retained even if you request deletion of other data, to preserve the integrity of issued credentials. We will explain any such limitation when you make a request.
To exercise any of these rights, contact us at info@certiglobal.org. We may need to verify your identity before acting on your request.
12. Children’s privacy
The Services are intended for professionals and are not directed to children. We do not knowingly collect personal data from anyone under the age of 16 (or the higher minimum age required in your jurisdiction). If you believe a minor has provided us personal data, contact us at info@certiglobal.org and we will take appropriate steps.
13. Changes to this Policy
We may update this Policy from time to time. When we make material changes, we will update the “last updated” date and, where appropriate, provide additional notice. Your continued use of the Services after an update means you accept the revised Policy.
14. Contact us
For any privacy question or to exercise your rights, contact us at info@certiglobal.org, or write to [FULL LEGAL ENTITY NAME AND POSTAL ADDRESS].