CertClass

Training Management Platform

Back to Home

Privacy Policy

Last Updated: January 27, 2025

1. Introduction

CertClass ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our training management platform (the "Platform").

This policy applies to information we collect through the Platform and through email, text, and other electronic communications. By using CertClass, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

When you register for or use the Platform, we collect:

  • Account Information: Name, email address, password, phone number, company name, business address
  • Student Data: Names, email addresses, phone numbers, payment information, attendance records, certification status
  • Class Information: Class titles, descriptions, schedules, locations, pricing, instructor assignments
  • Payment Information: Billing details processed through Stripe (we do not store credit card numbers)
  • Communication Data: Email content, message logs, notification preferences

2.2 Information Collected Automatically

When you use the Platform, we automatically collect:

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages visited, features used, time spent, click patterns, session data
  • Location Data: General geographic location based on IP address
  • Cookies and Tracking: Session tokens, authentication data, preferences (see Section 7)

2.3 Information from Third Parties

We may receive information about you from third-party services integrated with the Platform, including Stripe (payment processing), Resend (email delivery), and Supabase (data hosting).

3. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Create and manage accounts, process transactions, enable class management features
  • Communicate: Send transactional emails, class reminders, account notifications, and support responses
  • Improve the Platform: Analyze usage patterns, fix bugs, develop new features, enhance user experience
  • Ensure Security: Detect and prevent fraud, unauthorized access, and security threats
  • Comply with Legal Obligations: Respond to legal requests, enforce our Terms of Service, protect our rights
  • Marketing: Send promotional emails about new features and updates (you can opt out anytime)

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share data with trusted third-party service providers who assist us in operating the Platform:

  • Stripe: Payment processing (subject to Stripe's privacy policy)
  • Resend: Transactional email delivery
  • Supabase: Database hosting and authentication
  • Vercel: Application hosting and infrastructure

These service providers are contractually obligated to protect your data and may only use it to provide services to us.

4.2 Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy.

4.3 Legal Requirements

We may disclose your information if required by law or in response to:

  • Valid legal requests (subpoenas, court orders, search warrants)
  • Enforcement of our Terms of Service
  • Protection of our rights, property, or safety
  • Prevention of fraud or illegal activity

4.4 With Your Consent

We may share your information for purposes not described in this policy with your explicit consent.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: SSL/TLS encryption for data in transit; AES-256 encryption for data at rest
  • Access Controls: Role-based permissions, multi-factor authentication, secure password requirements
  • Infrastructure Security: Secure hosting with Vercel and Supabase, regular security audits
  • Monitoring: Continuous monitoring for suspicious activity and unauthorized access
  • Data Isolation: Multi-tenant architecture with strict tenant-level data isolation

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

6. Data Retention

We retain your information for as long as necessary to:

  • Provide the Platform and fulfill your requests
  • Comply with legal obligations (tax records, financial reporting)
  • Resolve disputes and enforce agreements
  • Support business operations and analytics

Account Deletion: If you cancel your subscription, we will retain your data for 30 days to allow for reactivation. After 30 days, we will delete your account data, except for information we are required to retain by law.

Backups: Deleted data may persist in backups for up to 90 days before being permanently removed.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Essential Cookies: Authentication, session management, security (required for the Platform to function)
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Understand usage patterns and improve the Platform

Most browsers allow you to control cookies through settings. However, disabling essential cookies may prevent you from using certain features of the Platform.

We do not use third-party advertising cookies or tracking pixels for marketing purposes.

8. Your Privacy Rights

Depending on your location, you may have the following rights:

8.1 General Rights

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Portability: Request a copy of your data in a machine-readable format
  • Objection: Object to certain processing activities
  • Opt-Out: Unsubscribe from marketing emails (use the unsubscribe link or contact us)

8.2 GDPR Rights (EU/EEA Users)

If you are located in the European Union or European Economic Area, you have additional rights under GDPR:

  • Right to restrict processing
  • Right to data portability
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

8.3 CCPA Rights (California Users)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to deletion
  • Right to non-discrimination for exercising your rights

8.4 Exercising Your Rights

To exercise any of these rights, contact us at privacy@certclass.io. We will respond to your request within 30 days. You may need to verify your identity before we process your request.

9. International Data Transfers

CertClass is based in the United States. If you are accessing the Platform from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

These countries may have data protection laws that differ from those in your country. By using the Platform, you consent to the transfer of your information to the United States and other countries.

For users in the EU/EEA, we ensure adequate protection of your data through Standard Contractual Clauses approved by the European Commission.

10. Children's Privacy

Platform Accounts: CertClass accounts (for training providers) are only available to individuals 18 years of age or older. You must be at least 18 years old to create an account and use the Platform as a training provider, administrator, or instructor.

Student Data for Minors: We understand that training providers using our Platform may enroll students who are minors (typically ages 15-17) in certification courses such as lifeguard training, CPR, and First Aid. When training providers collect information about minor students:

  • Your Responsibility: As the training provider (data controller), you are solely responsible for obtaining all necessary parental or guardian consents before enrolling minors and collecting their personal information
  • Our Role: CertClass acts only as a data processor for student information. We process minor student data solely on your instructions to provide class management services
  • Parental Rights: You must provide parents/guardians with the ability to access, correct, or request deletion of their child's information in accordance with applicable laws (COPPA, GDPR, etc.)
  • Compliance: You are responsible for complying with all children's privacy laws applicable to your jurisdiction, including obtaining verifiable parental consent where required

For Parents and Guardians: If your child is enrolled in a certification class through one of our training provider customers, the training provider is responsible for your child's data. Contact the training provider directly to:

  • Access your child's information
  • Request corrections or updates
  • Request deletion of your child's data
  • Withdraw consent for data processing

If you have concerns about how a training provider is handling your child's information, or if you believe a training provider is not obtaining proper parental consent, please contact us at privacy@certclass.io, and we will work with the training provider to address your concerns.

11. Third-Party Links and Services

The Platform may contain links to third-party websites or integrate with third-party services (e.g., Stripe, Calendly). We are not responsible for the privacy practices of these third parties.

We encourage you to review the privacy policies of any third-party services before providing your personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

We will notify you of material changes by:

  • Posting the updated policy on this page with a new "Last Updated" date
  • Sending you an email notification
  • Displaying a prominent notice within the Platform

Your continued use of the Platform after changes are posted constitutes acceptance of the updated policy.

13. Data Controller and Processor

CertClass as Data Processor: When you use the Platform to manage your students and classes, you are the data controller, and we act as a data processor. You are responsible for:

  • Obtaining necessary consents from your students
  • Complying with data protection laws (GDPR, CCPA, etc.)
  • Providing privacy notices to your students
  • Handling data subject requests from your students

CertClass as Data Controller: For your account information and usage data, we are the data controller and are responsible for compliance with data protection laws.

14. Do Not Track

Some browsers have a "Do Not Track" feature that signals websites not to track users. We do not currently respond to Do Not Track signals because there is no industry standard for compliance.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@certclass.io

Support: support@certclass.io

Website: https://certclass.io

Your Privacy Matters: We are committed to protecting your privacy and handling your data responsibly. If you have any concerns about how we handle your information, please don't hesitate to contact us.