Privacy Policy

Last Updated: April 20, 2026

CertForge ("CertForge," "we," "us," or "our") values your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website, applications, and services (collectively, the "Service").

By using CertForge, you agree to the practices described in this Privacy Policy.

1. Information We Collect

1.1 Information You Provide Directly

When you create an account or use the Service, we may collect:

  • Name
  • Email address
  • Authentication identifiers
  • Subscription and billing status
  • Study progress and usage data related to certification preparation

Important: We do not collect or store passwords directly.

1.2 Authentication Information

  • User authentication is handled by Auth0.
  • CertForge does not store or process user passwords.
  • Auth0 may collect and process authentication data in accordance with their own privacy policies.

1.3 Payment Information

All subscription payments and billing transactions are processed securely by Stripe.

CertForge does not store:

  • Credit card numbers
  • Bank account details
  • Payment credentials

Stripe handles this information in compliance with industry security standards (including PCI-DSS).

1.4 Automatically Collected Information

We may automatically collect limited technical information such as:

  • IP address
  • Browser type
  • Device type
  • Usage activity within the Service (e.g., page views, feature usage)

This data is used solely for improving performance, reliability, and user experience.

2. How We Use Your Information

We use collected information to:

  • Provide and operate the Service
  • Authenticate users securely
  • Manage subscriptions and billing
  • Track learning progress and platform performance
  • Improve features, content, and user experience
  • Communicate service-related updates (e.g., account or billing notices)

We do not use your data for targeted advertising.

3. Data Storage and Security

3.1 Data Storage

Application data is stored in a PostgreSQL database hosted on infrastructure provided by AWS.

Data is primarily processed and stored in the United States.

3.2 Security Measures

We take reasonable and appropriate security measures to protect your information, including:

  • Encrypted connections (HTTPS)
  • Access controls and role-based permissions
  • Secure infrastructure and database configurations

While no system can be guaranteed 100% secure, we strive to protect your data using industry best practices.

In the event of a data breach that affects your personal information, we will notify affected users and relevant authorities as required by applicable law.

4. Data Sharing and Disclosure

4.1 No Sale of Personal Data

CertForge does not sell, rent, or trade your personal information to third parties.

4.2 Service Providers

We may share limited data with trusted third-party service providers only as necessary to operate the Service, including:

  • Auth0 (authentication)
  • Stripe (payments)
  • DigitalOcean (hosting infrastructure)

These providers are authorized to use your information only to perform services on our behalf.

4.3 Legal Requirements

We may disclose information if required to do so by law or in response to valid legal requests.

5. Data Retention

We retain your information only for as long as:

  • Your account remains active, or
  • It is necessary to provide the Service and comply with legal obligations

You may request account deletion at any time.

Upon deletion request, we will delete or anonymize your personal data within a reasonable timeframe, except where retention is required for legal, security, or operational purposes, including limited backup and recovery systems.

6. Your Rights and Choices

Depending on your location, you may have the right to:

If you are located in the European Economic Area (EEA), United Kingdom, or California, additional rights may apply under applicable data protection laws, including the GDPR and CCPA/CPRA.

  • Access your personal data
  • Request correction of inaccurate information
  • Request deletion of your account and associated data
  • Object to or restrict certain processing activities

To exercise these rights, contact us using the information below.

7. Cookies and Tracking Technologies

CertForge may use essential cookies and similar technologies to:

  • Maintain user sessions
  • Enable authentication
  • Improve performance and reliability

We only use essential cookies required for authentication and core functionality. We do not use third-party tracking, advertising, or cross-site tracking cookies.

These cookies are used for session management and service operation. Most browsers allow you to control or disable cookies, but doing so may affect core functionality such as sign-in and account access.

8. Children's Privacy

CertForge is not intended for individuals under the age of 13. We do not knowingly collect personal data from children.

If we become aware that we have collected personal data from a child under 13, we will delete it.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last Updated" date.

Continued use of the Service after changes indicates acceptance of the updated policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy or your data, please contact us: