Privacy Policy

CertLedge, operated by [COMPANY NAME] ("we", "us"), collects the information you provide when you create and use an account: your email address and password, your company name, and the records you choose to store — employee names, contact details, departments, work sites, certification details, expiry dates, notes, and uploaded certificate files. We also collect standard technical data needed to operate the service, such as authentication session data and basic request logs.

We do not sell personal data, and we do not collect more than the service needs to function.

We use your data solely to provide CertLedge's features:

• Displaying your compliance dashboard and certification records
• Sending expiry alert emails at the intervals you configure
• Generating audit reports and data exports you request
• Processing your subscription and billing
• Responding to support requests and sending service notices

Your data is stored in a managed PostgreSQL database and object storage hosted by Supabase. Data is encrypted in transit (TLS) and at rest. Access is isolated per company using database-level row security, so one customer can never read another customer's records. Uploaded certificate files are stored in a private bucket and served only through short-lived signed links.

We rely on a small number of processors to run the service:

• Supabase — database, authentication, and file storage
• Stripe — payment processing. We never see or store your full card details.
• Resend — transactional email delivery (expiry alerts and account emails)

Each processor receives only the data required to perform its function.

We retain your data for as long as your account is active. If you cancel your subscription, your data is retained for 90 days so you can reactivate without losing anything, after which it is permanently deleted. You can also delete your account immediately from Settings, which removes all of your data right away.

You may at any time:

• Access and export your data (CSV export is available in Settings)
• Correct any record through the app
• Delete your account and all associated data
• Request a copy or erasure of your data by contacting us

We acknowledge the rights granted by the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), including the rights of access, rectification, erasure, portability, and the right to opt out of the sale of personal information (we do not sell personal information). To exercise any of these rights, contact us at the address below.

Questions about this policy or your data: [CONTACT EMAIL]