Privacy Policy

Your privacy matters to us. This page explains what we collect, why we collect it, and how you can control your information.

Last updated: December 13, 2025

Privacy at a Glance

Built for certificate creation & verification
We do not sell personal data
You control what recipients see

Table of Contents

1. Overview

CertifyLink ("we," "our," or "us") provides tools to design, generate, and verify digital certificates. This Privacy Policy explains what data we collect, how we use it, and the choices you have.

This policy applies to everyone who uses CertifyLink: account holders, collaborators, recipients listed on certificates, and people who view verification pages.

2. Data We Collect

Account & Authentication

  • Name, email address, and password (hashed) when you sign up
  • Session details such as IP address and browser user agent to keep your account secure
  • Social login identifiers if you choose to sign in with Google

Workspace & Certificate Data

  • Organization and event details you add
  • Certificate layouts, components, and backgrounds (uploaded files are stored in Cloudflare R2)
  • Recipient data you supply (names, emails, custom fields, and other details you enter)

Please avoid uploading highly sensitive information (government IDs, health data, or payment card numbers); the platform is not built to handle those categories.

Billing

  • Plan selection and subscription status
  • Billing contact details. Payments are processed by Polar, so we do not store full payment card numbers.

Product Usage & Diagnostics

  • App interactions, error logs, and device/browser information to maintain reliability
  • Aggregated, privacy-focused analytics collected through Vercel Analytics

Support

  • Messages and contact details you send to our support channels

3. How We Use Data

We use the information above to:

  • Authenticate accounts and keep sessions secure
  • Generate, deliver, and verify certificates (including QR codes and verification pages)
  • Send necessary emails, such as verification, receipts, or service notices (via Resend)
  • Maintain and improve the platform, enforce plan limits, and prevent abuse
  • Provide support and respond to requests
  • Meet legal, security, and compliance requirements

4. Sharing & Disclosure

We do not sell personal data. We share information only as needed to deliver the Service or when legally required.

Service Providers

  • Hosting and analytics: Vercel (includes @vercel/analytics)
  • File storage: Cloudflare R2 for uploaded assets
  • Email delivery: Resend for account and service emails
  • Authentication & social sign-in: Better Auth and Google
  • Billing: Polar for payments and subscription management

Certificate verification pages are visible to anyone with the verification link or QR code and may show recipient details you provided.

We may disclose information if required by law, to protect rights or safety, or in connection with a business transaction (such as a merger or acquisition).

5. Data Retention

We keep data for as long as needed to provide the Service and comply with legal requirements.

  • Account, organization, event, and certificate data remain while your account is active or until you delete them.
  • Verification data is retained so recipients can confirm certificates; deleting a certificate or event may break verification.
  • Billing and audit records are kept as required by law.
  • Logs and analytics are kept for a limited period needed to operate and secure the Service.

If you request deletion, we remove or anonymize data where feasible, subject to legal or operational requirements (for example, safety, billing, or dispute resolution).

6. Security

We use reasonable safeguards, including encryption in transit, access controls, session protections, file-type and size validation for uploads, and monitoring for abuse.

No system is perfectly secure. Please use strong passwords, protect verification links and QR codes, and contact us promptly if you suspect unauthorized access.

7. Your Choices

  • Account data: You can update your profile and organization information in the app.
  • Certificates and recipients: You can edit or delete certificates, events, and recipient details you control; removal may disable verification.
  • Access or deletion requests: Contact us if you want to request access, correction, or deletion of your data.
  • Emails: Essential service emails cannot be opted out of; if we ever send marketing, you can opt out through the message or by contacting us.

8. Cookies & Tracking

We use cookies and similar technologies for authentication, session security, and product analytics.

  • Essential cookies keep you signed in and secure.
  • First-party analytics (Vercel Analytics) help us understand product usage in an aggregated, privacy-focused way.

You can control cookies through your browser settings, but the Service may not work correctly without essential cookies.

9. Children

CertifyLink is intended for professional and educational use by adults. We do not knowingly collect personal information from children under 16 (or the minimum age required in your region).

If you believe a child has provided us information, please contact us so we can take appropriate action.

10. Changes

We may update this Privacy Policy to reflect product changes, legal requirements, or security practices. When we make material changes, we will provide notice (for example, in-app or by email) and update the "Last updated" date above.

Continued use of CertifyLink after changes take effect means you accept the updated policy.

11. Contact

Questions or requests about privacy or your data? Reach us here:

Privacy & Data

Email: support@certifylink.com

Response Time: We aim to respond to privacy-related inquiries promptly and will confirm receipt within a reasonable time.