CertScore

Privacy Policy

Last updated: February 2025

1. Introduction

CertScore ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Service").

We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Data Controller

CertScore is the data controller responsible for your personal data. For any questions about this Privacy Policy or our data practices, contact us at: privacy@certscore.org

3. Information We Collect

3.1 Information You Provide

  • Account Information: Name, email address, country, and region when you create an account
  • Profile Information: Display name (alias), profile picture
  • Credential Data: Professional certifications you upload, including issuer, credential name, dates, and verification documents

3.2 Information Collected Automatically

  • Device Information: Device type, operating system, unique device identifiers
  • Usage Data: Features used, time spent, actions taken within the app
  • Log Data: IP address, browser type, access times

3.3 Third-Party Data

  • Credly: When you link your Credly profile, we access your public badge information
  • Google Sign-In: Basic profile information (name, email) when you authenticate
  • Apple Sign-In: Name and email (if provided) when you authenticate

4. How We Use Your Information

We use your information for the following purposes:

  • To provide and maintain our Service
  • To verify and display your professional credentials
  • To calculate and display your ranking on leaderboards
  • To generate shareable profile pages and verification links
  • To send you notifications about credential expiration or rank changes (with your consent)
  • To improve and personalize our Service
  • To detect and prevent fraud or abuse

5. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Contract: Processing necessary to provide our Service to you
  • Consent: Where you have given explicit consent (e.g., marketing communications)
  • Legitimate Interests: For fraud prevention, security, and service improvement
  • Legal Obligation: When required by applicable law

6. Data Sharing and Disclosure

We may share your information with:

  • Public Profiles: Your alias, rank, and verified credentials are publicly visible on your profile page
  • Verification Pages: Your real name and credentials are visible to anyone with your verification link
  • Service Providers: Supabase (database), Cloudflare (hosting), Anthropic (AI processing)
  • Legal Requirements: When required by law or to protect our rights

We do not sell your personal data to third parties.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

8. Data Retention

We retain your personal data for as long as:

  • Your account is active
  • Needed to provide our Service
  • Required by applicable law

When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

9. Your Rights (GDPR)

Under GDPR, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request limitation of processing
  • Portability: Receive your data in a portable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, contact us at privacy@certscore.org or use the "Delete Account" feature in the app settings.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption in transit (TLS) and at rest
  • Row-level security policies in our database
  • Regular security assessments
  • Access controls and authentication

11. Children's Privacy

Our Service is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will provide notice through the app or by email.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

14. Supervisory Authority

If you are in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.