Privacy Policy

Last Updated: January 3, 2025

1. Information We Collect

1.1 Information You Provide to Us

When you create an account or use CertLabs, we collect the following information that you voluntarily provide:

• Account Information: Name, email address, password, country of residence
• Profile Information: Company name (optional), profile picture, bio
• Payment Information: Billing address, payment method details (processed securely by Stripe and PayPal—we do not store credit card numbers)
• Communications: Messages, feedback, support requests, and other correspondence with us

1.2 Information Collected Automatically

When you access CertLabs, we automatically collect certain information about your device and usage:

• Usage Data: Pages viewed, time spent, features used, quiz scores, progress tracking, completion rates
• Device Information: IP address, browser type, operating system, device identifiers
• Location Data: Approximate geographic location based on IP address
• Cookies and Tracking Technologies: Session cookies, analytics cookies, preference cookies (see Section 7 for details)

1.3 Information from Third Parties

If you sign in using Google OAuth or other third-party authentication services, we receive:

• Your name, email address, and profile picture from the third-party provider
• We only request the minimum permissions necessary for authentication

2. How We Use Your Information

We use your personal information for the following purposes:

2.1 Providing and Improving Our Services

• Create and manage your account
• Deliver educational content, labs, and practice exams
• Track your progress and provide personalized recommendations
• Generate performance analytics and insights
• Improve platform functionality and user experience

2.2 Processing Payments

• Process subscription payments and manage billing
• Detect and prevent fraud
• Issue invoices and receipts

2.3 Communication

• Send transactional emails (account verification, password resets, payment confirmations)
• Provide customer support
• Send important service updates and announcements
• Send promotional emails and newsletters (you can opt out at any time)

2.4 Analytics and Research

• Analyze user behavior and platform performance
• Conduct research to improve our educational offerings
• Generate aggregated, anonymized statistics for internal use

2.5 Legal and Security

• Comply with legal obligations and enforce our Terms of Use
• Protect against fraudulent, unauthorized, or illegal activity
• Maintain the security and integrity of our platform

3. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following limited circumstances:

3.1 Service Providers

We work with trusted third-party service providers who assist us in operating our platform. These providers have access to your information only to perform specific tasks on our behalf and are obligated to protect your data:

• Payment Processors: Stripe, PayPal (for processing payments securely)
• Cloud Hosting: Vercel, AWS, Neon (for hosting our platform and database)
• Email Services: For sending transactional and marketing emails
• Analytics: Google Analytics, Mixpanel (for understanding user behavior)
• Customer Support: Support ticketing and communication tools

3.2 Business Transfers

If CertLabs is involved in a merger, acquisition, sale of assets, or bankruptcy, your personal information may be transferred to the acquiring entity.

3.3 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

• Comply with legal obligations
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Respond to lawful requests from public authorities

3.4 With Your Consent

We may share your information with third parties if you explicitly consent to such sharing.

4. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention Periods:

• Account Data: Retained while your account is active and for up to 2 years after account deletion (for legal and fraud prevention purposes)
• Payment Records: Retained for 7 years for tax and accounting compliance
• Usage Logs: Retained for 12-24 months for analytics and security
• Support Communications: Retained for 3 years for customer service purposes

You may request deletion of your account and personal data at any time (see Section 9).

5. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

5.1 Access and Portability

• Request a copy of the personal information we hold about you
• Request your data in a portable, machine-readable format

5.2 Correction

• Update or correct inaccurate or incomplete information
• You can update most information directly in your account settings

5.3 Deletion

• Request deletion of your account and personal data
• Note: Some data may be retained for legal, security, or fraud prevention purposes

5.4 Opt-Out of Marketing

• Unsubscribe from promotional emails by clicking the "unsubscribe" link in any marketing email
• You cannot opt out of transactional emails (e.g., payment confirmations, account security alerts)

5.5 Do Not Track

• Our platform does not currently respond to "Do Not Track" browser signals

5.6 How to Exercise Your Rights

To exercise any of these rights, please contact us at support@certlabs.com. We will respond to your request within 30 days.

6. Security Measures

We take the security of your personal information seriously and implement industry-standard measures to protect it:

Technical Safeguards:

• Encryption: All data is encrypted in transit using TLS/SSL and at rest using AES-256 encryption
• Secure Payment Processing: Payment information is handled by PCI-DSS compliant providers (Stripe, PayPal)
• Access Controls: Strict access controls and authentication mechanisms for our systems
• Regular Security Audits: Periodic security assessments and vulnerability testing
• Secure Infrastructure: Hosted on secure, enterprise-grade cloud platforms

7. Cookies and Tracking Technologies

CertLabs uses cookies and similar tracking technologies to enhance your experience. A cookie is a small text file stored on your device.

Types of Cookies We Use:

Type	Purpose	Duration
Essential Cookies	Required for login, session management, and core functionality	Session or 30 days
Analytics Cookies	Track usage patterns and platform performance (Google Analytics)	Up to 2 years
Preference Cookies	Remember your settings and preferences	Up to 1 year
Advertising Cookies	Track conversions and retargeting (if applicable)	Up to 1 year

Managing Cookies:

• You can control cookies through your browser settings
• Blocking essential cookies may affect platform functionality
• Most browsers allow you to refuse or delete cookies

8. Children's Privacy

CertLabs is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@certlabs.com, and we will delete the information promptly.

Users aged 13-17 must have parental consent to use CertLabs.

9. International Data Transfers

CertLabs is based in the United States. If you access our platform from outside the U.S., your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

By using CertLabs, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

European Users (GDPR Compliance):

If you are located in the European Economic Area (EEA), UK, or Switzerland, we comply with the General Data Protection Regulation (GDPR). Your rights under GDPR include:

• Right to access your personal data
• Right to rectification (correction) of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict or object to processing
• Right to data portability
• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of personal information we have collected about you
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the sale of personal information (Note: We do not sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise these rights, contact us at support@certlabs.com.

11. Third-Party Links

CertLabs may contain links to third-party websites, services, or resources. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

• We will update the "Last Updated" date at the top of this page
• Material changes will be communicated via email or prominent notice on the platform
• Your continued use of CertLabs after changes are posted constitutes acceptance of the updated Privacy Policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Contact Us

14. Your Consent

By using CertLabs, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal information as described herein.

© 2025 CertLabs PBQ. All rights reserved. We are committed to protecting your privacy and handling your data with care and transparency.