CertifyAI ← Back to home

Privacy Policy

Last updated: 2026-03-28

1. Who We Are

CertifyAI (certifyai.life) is an AI-powered skills certification platform. We issue verifiable certificates for demonstrated technical and professional skills. For privacy inquiries contact us at hello@certifyai.life.

2. What Data We Collect

  • Account data: Name, email address, hashed password (or Google OAuth token).
  • Exam data: Test answers, scores, result timestamps.
  • Certificate data: Certificate code, issue date, skill name, score.
  • Payment data: Transaction IDs and payment method (PayPal/Stripe/crypto). We do not store full card numbers — Stripe and PayPal handle card data on their PCI-compliant servers.
  • Technical data: IP address, browser type, session token (stored in a secure HTTP-only cookie).

3. How We Use Your Data

  • To provide the certification service and issue your certificates.
  • To verify certificate authenticity when third parties check your certificate code.
  • To process payments and issue receipts.
  • To send transactional emails (certificate confirmation, password reset). We do not send marketing emails without your consent.
  • To detect fraud and prevent misuse of the platform.
  • To improve the platform using aggregated, anonymized analytics.

4. Legal Basis (GDPR)

For users in the European Union, we process your data under the following legal bases:

  • Contract performance — to deliver the certification service you purchased.
  • Legitimate interest — fraud prevention, security, and platform improvement.
  • Consent — for any optional marketing communications.

5. Data Sharing

We do not sell your personal data. We share data only with:

  • Stripe / PayPal — for payment processing.
  • Google — if you use Google Sign-In.
  • Anthropic (Claude API) — exam questions are generated by AI; no personal data is sent to the AI.
  • Hosting provider (Hostinger) — your data is stored on our dedicated server.
  • Legal authorities — when required by law.

6. Data Retention

  • Account data: retained while your account is active. Deleted within 30 days of account deletion request.
  • Certificates: retained indefinitely to allow third-party verification.
  • Payment records: retained for 7 years for legal/accounting compliance.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your account and personal data (except certificates and payment records required by law).
  • Object to or restrict processing.
  • Data portability (receive your data in a machine-readable format).

To exercise any right, email hello@certifyai.life. We will respond within 30 days.

8. Cookies

  • Session cookie: HTTP-only, secure, no expiry — keeps you logged in during a browser session.
  • We do not use third-party advertising cookies or tracking pixels.
  • Tailwind CSS and Google Fonts are loaded from CDNs — these providers may set their own cookies.

9. Security

Passwords are hashed using PHP's password_hash() (bcrypt). All traffic is encrypted via HTTPS/TLS. Sensitive files are blocked from direct web access via .htaccess.

10. Changes to This Policy

We may update this policy. We will notify registered users by email for material changes. Continued use of the service after changes constitutes acceptance.

11. Contact

CertifyAI — hello@certifyai.life