Privacy Policy

Last updated: July 7, 2025

Welcome to CertPad, a product of SuperSphere Labs LLP. ("we," "us," or "our"). We value your privacy and are committed to protecting your personal information and educational data. This Privacy Policy outlines how we collect, use, store, and protect information when you use our AI-powered certificate generation platform.

1. Information We Collect

Account Information

  • Name, email address, and password for account creation
  • Institution or organization details
  • Professional role and contact information
  • Billing information for paid subscriptions

Certificate and Educational Data

  • Student names, grades, and achievement data
  • Certificate templates and customizations you create
  • Generated certificates and report cards
  • Course information and academic records
  • Institution branding and logos

Usage and Technical Data

  • IP address, browser type, and device information
  • Pages visited and features used
  • Log files and analytics data
  • Performance metrics and error reports

2. How We Use Your Information

  • Certificate Generation: Process student data to create personalized certificates, diplomas, and report cards using our AI-powered platform.
  • Service Delivery: Maintain your account, store templates, and provide access to generated certificates and analytics.
  • Platform Improvement: Analyze usage patterns to enhance our AI algorithms, user interface, and overall service quality.
  • Communication: Send service updates, security alerts, billing notifications, and educational content related to certificate management.
  • Compliance: Meet educational data protection requirements and maintain audit trails for certificate verification.

3. Data Security & Protection

Security Measures

  • 256-bit SSL encryption for all data transmission
  • AES-256 encryption for data at rest
  • Multi-factor authentication options
  • Regular security audits and penetration testing
  • SOC 2 Type II compliance

Data Storage

  • Data stored in secure, FERPA-compliant cloud infrastructure
  • Automated daily backups with 99.9% uptime guarantee
  • Geographic data residency options available
  • Regular backup testing and disaster recovery procedures

4. Data Sharing & Third Parties

We do not sell, rent, or share your personal or educational data with third parties for marketing purposes.

  • Service Providers: We work with trusted vendors for hosting, payment processing, and customer support, all bound by strict data protection agreements.
  • Educational Partners: Data may be shared with your institution's authorized personnel or integrated systems as configured by your administrators.
  • Legal Requirements: We may disclose data when required by law, court order, or to protect our rights and user safety.
  • Business Transfers: In the event of a merger or acquisition, user data may be transferred with appropriate notice and consent procedures.

5. Your Rights & Choices

Data Access & Control

  • View and update your account information
  • Download your certificate data
  • Delete specific certificates or templates
  • Request complete data export

Privacy Controls

  • Manage email communication preferences
  • Control data sharing with integrations
  • Set certificate access permissions
  • Request account deletion

6. Educational Privacy Compliance

FERPA Compliance

CertPad is fully compliant with the Family Educational Rights and Privacy Act (FERPA) and maintains appropriate safeguards for educational records.

  • Student data used only for legitimate educational purposes
  • Strict access controls and audit logging
  • Regular compliance reviews and staff training
  • Data retention policies aligned with educational requirements

7. Cookies & Tracking

We use cookies and similar technologies to enhance your experience, remember your preferences, and analyze platform usage. You can control cookie settings through your browser, but some features may be limited if cookies are disabled.

Essential Cookies

Required for basic functionality

Analytics Cookies

Help us improve our services

Preference Cookies

Remember your settings

8. Data Retention

  • Account Data: Retained for the duration of your account plus 30 days after deletion request.
  • Certificate Data: Maintained for verification purposes as long as certificates remain valid, typically 7 years.
  • Usage Logs: Anonymized and retained for up to 2 years for security and improvement purposes.
  • Billing Records: Kept for 7 years to comply with financial regulations.

9. International Data Transfers

CertPad operates globally and may transfer data across borders to provide our services. We ensure appropriate safeguards are in place, including Standard Contractual Clauses and adequacy decisions, to protect your data during international transfers.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes via email and through our platform. Your continued use of CertPad after such changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, please contact our Data Protection team:

Response Time: Within 30 days