Legal

Privacy Policy

Effective date: May 16, 2025

Contents
  1. Overview
  2. Information We Collect
  3. How We Use Your Information
  4. How We Share Your Information
  5. Cookies and Tracking
  6. Data Retention
  7. Security
  8. Your Rights and Choices
  9. Children's Privacy
  10. International Data Transfers
  11. Third-Party Links and Services
  12. Changes to This Policy
  13. Contact Us

1. Overview

CertifyCrafter ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and certificate generation service (collectively, the "Service").

By using the Service, you consent to the collection and use of information as described in this Privacy Policy. If you do not agree with the terms of this policy, please do not access the Service.

2. Information We Collect

Information You Provide Directly

  • Account information: When you register, we collect your name, email address, and (if signing in via a third party such as Google) your profile photo and OAuth token identifier.
  • Certificate content: The certificate titles, recipient names, dates, custom text, and logos you enter to generate certificates.
  • Payment information: When you purchase a credit pack, payment details are collected and processed directly by our payment provider, Paddle. We receive only a transaction confirmation and the credit amount; we do not store your card number or full payment details.
  • Communications: If you contact us for support or feedback, we retain the content of those communications.

Information Collected Automatically

  • Usage data: Pages visited, features used, certificate templates selected, generation counts, and timestamps of activity.
  • Device and browser information: Browser type and version, operating system, screen resolution, language settings, and referring URLs.
  • IP address: Collected for security, fraud prevention, and approximate geographic analysis (country/region level). We do not correlate your IP address to your personal identity for advertising purposes.
  • Cookies and local storage: See the Cookies section below for details.

Information from Third Parties

If you sign in using a third-party OAuth provider (such as Google), we receive the information that provider shares with us based on your authorization — typically your name, email address, and profile photo. We do not receive your provider password.

3. How We Use Your Information

We use the information we collect to:

  • Provide and operate the Service: Process certificate generation requests, maintain your credit balance, and enable re-download of past certificates.
  • Process transactions: Verify purchases, credit your account, and issue receipts.
  • Enable certificate verification: For certificates generated from a paid balance, publish a publicly accessible verification page that confirms certificate authenticity without exposing personal account details beyond the certificate content itself.
  • Improve the Service: Analyze usage patterns to identify bugs, improve performance, and develop new features.
  • Communicate with you: Send transactional emails (purchase confirmations, security notices) and, where you have opted in, occasional product updates. You can opt out of marketing emails at any time.
  • Protect against fraud and abuse: Monitor for suspicious activity and enforce our Terms of Service.
  • Comply with legal obligations: Retain records as required by applicable law.

We do not sell your personal information. We do not use your certificate content for advertising or train AI models on your data.

4. How We Share Your Information

We do not sell or rent your personal information. We share information only in the following circumstances:

  • Service providers: We share information with trusted third-party vendors who assist us in operating the Service, including:
    • Google Firebase — authentication, Firestore database, and cloud storage for your account data and certificate records.
    • Paddle — payment processing. Paddle acts as our Merchant of Record and handles all payment card data under its own privacy policy.
    • Hosting and infrastructure providers — for serving the web application.
    These providers are contractually obligated to process your data only as directed by us and in compliance with applicable privacy laws.
  • Legal requirements: We may disclose your information if required to do so by law or in response to valid legal process (such as a court order or government request), or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business transfers: In the event of a merger, acquisition, or sale of substantially all our assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on the Service before your information is transferred and becomes subject to a different privacy policy.
  • With your consent: We may share your information for any other purpose with your explicit prior consent.

Public Verification Pages

Certificates generated from a paid credit balance include a unique verification URL. The corresponding public verification page displays the certificate content (recipient name, title, issuer, and date) and confirmation of authenticity. This page is accessible to anyone who has the verification URL. If you do not wish certificate content to be publicly verifiable, use the free tier, which does not include verification pages.

5. Cookies and Tracking

We use cookies and similar technologies to operate and improve the Service:

  • Authentication cookies: Set by Firebase Authentication to maintain your signed-in session. Essential for account features; cannot be disabled without losing account access.
  • Local storage: Used to persist your certificate credit balance, generation preferences, and in-progress certificate data across page reloads — stored locally in your browser, not transmitted to our servers until you take an action.
  • Analytics: We may use privacy-respecting analytics tools to understand aggregate usage patterns. Any such tools are configured to anonymize IP addresses and not collect personally identifiable data for advertising purposes.

Most browsers allow you to control cookies through their settings. Note that disabling authentication cookies will sign you out and prevent access to account-dependent features.

6. Data Retention

We retain your account data and certificate records for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal information within 90 days, except where we are required to retain it for legal or accounting purposes (typically up to 7 years for financial records).

Certificate content stored on public verification pages may remain accessible for a period after account deletion as part of the public record. If you require specific certificate records to be removed, please contact us at support@certifycrafter.com.

Anonymous usage analytics data (with no personal identifiers) may be retained indefinitely for service improvement purposes.

7. Security

We implement industry-standard security measures to protect your information, including TLS encryption for data in transit, Firebase's built-in security rules for data at rest, and restricted access to production systems. Authentication is handled by Google Firebase, which maintains its own robust security infrastructure.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. If you suspect unauthorized access to your account, contact us immediately at support@certifycrafter.com.

8. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal information.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Portability: Request a machine-readable copy of the personal data you provided to us.
  • Objection / Restriction: Object to or request restriction of certain processing activities.
  • Withdrawal of consent: Where processing is based on consent, withdraw your consent at any time without affecting prior processing.
  • Marketing opt-out: Unsubscribe from marketing emails using the link included in every such email, or by contacting us directly.

To exercise any of these rights, contact us at support@certifycrafter.com. We will respond within the timeframe required by applicable law (generally 30 days). We may ask you to verify your identity before fulfilling your request.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) or equivalent legislation. The legal bases for our processing of your personal data are: (a) contract performance — processing necessary to provide the Service you requested; (b) legitimate interests — analytics and fraud prevention; and (c) legal obligation — compliance with applicable law.

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA). We do not sell personal information as defined by the CCPA.

9. Children's Privacy

The Service is not directed to children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at support@certifycrafter.com and we will take steps to delete such information promptly.

10. International Data Transfers

CertifyCrafter uses Google Firebase and other service providers whose infrastructure may be located in the United States and other countries. If you are located outside the United States, your information may be transferred to and processed in countries that may have different data protection laws than your own.

Where required by applicable law (such as GDPR), we rely on appropriate safeguards for international transfers, including Google's standard contractual clauses and Paddle's compliance mechanisms. By using the Service, you acknowledge and consent to this transfer.

11. Third-Party Links and Services

The Service may contain links to third-party websites or services that are not operated by CertifyCrafter. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of those third parties. We encourage you to review the privacy policies of every website you visit.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Effective date" at the top of this page and, where appropriate, by sending an email to your registered address. Your continued use of the Service after any changes take effect constitutes your acceptance of the revised policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

CertifyCrafter — Privacy
Email: support@certifycrafter.com