Privacy Policy
Effective June 16, 2026 · Certibee
Plain-language note: This is a starting template, not legal advice. Have it reviewed by qualified counsel and adapted to your jurisdiction and final feature set before launch.
This Privacy Policy explains how Certibee (“we,” “us”) collects, uses, shares, and protects your information when you use the Service. Credential data is sensitive, and our default is simple: your records are private to you, and nothing is shared until you choose to share it.
1. Information we collect
- Account data: name, email, and the identifier from your sign-in provider (Google/Apple).
- Credential data: the documents and images you upload and the fields associated with them (e.g., credential name, issuer, dates, license numbers, holder name).
- Profile data: any display name, headline, or photo you add.
- Sharing data: share links you create, who you grant access to, and access/view events.
- Usage & device data: app interactions, log data, device and approximate location (from IP), and analytics events used to improve the Service.
2. How we use information
To provide and operate the Service; to extract data from documents you upload; to track expiries and send the reminders you enable; to power the sharing you initiate; to secure the Service and prevent abuse; to provide support; to improve features and understand usage; and to comply with law.
3. AI / document processing
When you scan a document, its contents are transmitted to our AI processor (currently Google’s Gemini API) to extract suggested fields, then returned to you for review. We instruct processors to handle this data only to provide the service to us. We do not use your credential documents to train third-party foundation models.
4. When we share information
We do not sell your personal information. We share it only:
- At your direction — with recipients of your share links, connections, or organizations you join.
- With service providers (subprocessors) who operate the Service under contract — e.g., Supabase (database, auth, storage hosting), Google (Gemini AI extraction), and our analytics provider.
- For legal reasons — to comply with law, enforce our Terms, or protect rights and safety.
- In a business transfer — subject to this Policy.
5. Storage, security & access controls
Data is stored with our hosting provider and protected by encryption in transit and at rest, and by row-level security so that, by default, only you can access your records. Sharing is exposed only through controlled, revocable mechanisms (e.g., tokenized links). No system is perfectly secure; we cannot guarantee absolute security.
6. Retention & deletion
We keep your information while your account is active and as needed to provide the Service. You can delete individual credentials or your entire account; on account deletion we delete or anonymize your personal data within a reasonable period, except where retention is required by law. Note that recipients may retain information you previously shared with them.
7. Your rights
Depending on your location (e.g., GDPR/UK GDPR, CCPA/CPRA), you may have rights to access, correct, delete, export (portability), restrict or object to processing, and to withdraw consent. You can export your data from the app and exercise rights by contacting us. We will not discriminate against you for exercising these rights.
8. International transfers
Your information may be processed in countries other than your own, including the United States. Where required, we use appropriate safeguards (such as standard contractual clauses) for such transfers.
9. Children
The Service is not directed to children under 16, and we do not knowingly collect their personal information. If you believe a child has provided us data, contact us and we will delete it.
10. Analytics & cookies
We use cookies/SDKs and analytics (e.g., product-analytics events) to understand usage and improve the Service. You can control cookies via your browser; some features may not function without them.
11. Changes & contact
We may update this Policy; material changes will be notified in-app or by email. For privacy requests or questions, contact our privacy team at privacy@certibee.app.
See also our Terms of Service.