Privacy policy
Privacy Policy
Last Updated: May 1, 2026
certiprof LLC ("certiprof," "we," "us," or "our") operates certiprof.com and related platforms, including certification programs, digital credentialing, online exam administration, and partner certification infrastructure (collectively, the "Services"). This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, purchase, or take an exam through our Services, or otherwise communicate with us. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information. Please read it carefully. By using any of the Services, you acknowledge that you have read and understood this notice.
Personal Information We Collect
When we use the term "personal information," we refer to information that identifies you or can reasonably be linked to you. We may collect the following categories depending on how you interact with the Services:
Information You Provide Directly
- · Account and registration data: full name, email address, username, password, country, and professional title
- · Exam and certification data: exam registrations, attempt history, completion status, scores, and pass/fail outcomes
- · Payment and billing data: name, billing address, and payment method details processed via Stripe, PayPal, and Hotmart (in select countries) — we do not store full card numbers
- · Partner and academy data: company name, authorized representative details, tax ID where applicable, and program preferences
- · Support and communications: messages, tickets, survey responses, and information you submit voluntarily
Certification and Digital Badge Data
Because certiprof operates as a certification and validation body, we collect data integral to credential issuance, including exam session logs, time on task, interaction data for anti-fraud purposes, identity verification where required, and credential issuance records (certificate ID, issue date, expiration, certification title).
Digital Badges: When you earn a credential, your full name, certification title, issue date, and expiration date are embedded in publicly verifiable badge metadata. Badges are hosted by Credly (credly.com) and Badge Claimed (badgeclaimed.com). Accepting a badge makes that data publicly visible to employers, institutions, or anyone you share the badge link with. Acceptance is voluntary and does not affect your internal certification record. To remove a published badge, contact the respective platform directly.
Automatically Collected Data
- · IP address and approximate geolocation derived from IP
- · Device and browser type, operating system, and screen resolution
- · Usage behavior: pages visited, features used, time on page, and navigation paths
- · Exam platform telemetry used for session integrity monitoring
Data from Third Parties
- · Training partners and academies who share enrollment and sponsorship data when certifying their learners through certiprof
- · SSO/authentication providers (e.g., Google login): basic profile data you authorize
- · Marketing and analytics platforms: aggregated behavioral signals
How We Use Your Information
Certification and Credentialing Services
Our primary purpose is operating our certification ecosystem: delivering and administering exams, evaluating performance, issuing certificates and digital badges via Credly and Badge Claimed, and maintaining long-term credential records for verification by employers and institutions.
Partner and Academy Programs
When a training partner, academy, or employer sponsors your certification, certiprof processes your data on behalf of that partner (acting as Data Processor), while the partner defines the program purpose (acting as Data Controller). certiprof provides the exam technology, scoring, and credentialing infrastructure.
Payments and Transactions
We use your data to process exam purchases, vouchers, subscriptions, and refunds, and to issue invoices and maintain financial records.
Communications
We send transactional messages (purchase confirmations, exam access, results, badge issuance, security alerts) and certification renewal reminders. These messages are necessary to deliver the services you purchased and cannot be opted out while you have an active account.
Marketing and Advertising
With your consent or as permitted by law, we send newsletters, promotional offers, announcements of new certifications, and partner communications. We also run advertising campaigns on Google, Meta, LinkedIn, and Reddit. You may opt out at any time — see Your Choices below.
Security, Exam Integrity, and Analytics
We use data to detect and prevent fraud, monitor exam sessions for integrity violations, protect the validity of certiprof credentials, and analyze platform usage to improve our certifications, content, and workflows.
Legal and Compliance
We process data to comply with applicable laws, respond to lawful authority requests, enforce our Terms of Service and partner agreements, and investigate potential violations.
How We Disclose Your Information
We do not sell your personal data in any form, to any party, under any circumstance. We may share your information only in the following limited circumstances:
Certification Partners
If your enrollment is sponsored by a training partner or employer, we share your participation status and results with that organization to enable certification tracking and outcome validation.
Digital Credentialing Platforms
Credential data (name, certification, date) is shared with Credly and Badge Claimed to issue and host your digital badges. Once accepted, badges are publicly verifiable.
Service Providers
We share data with trusted vendors who process it on our behalf and only as instructed. See the Third-Party Processors section for the full list.
Relationship with Shopify
The Services are hosted in part by Shopify. Information you submit through the store is transmitted to and processed by Shopify to provide and improve the Services. Shopify may also use data from your interactions with our store, along with other merchants and Shopify, to deliver enhanced features. In those cases, Shopify acts as an independent data controller. To learn more, visit the Shopify Consumer Privacy Policy. To exercise rights related to Shopify's processing, visit the Shopify Privacy Portal.
Relationship with Kajabi
Certain course content and learning experiences are delivered through Kajabi. Information you submit or generate within the Kajabi-powered learning environment is transmitted to and processed by Kajabi to provide and improve those services. Kajabi processes your data on our behalf under a data processing agreement. To learn more, visit the Kajabi Privacy Policy.
Business and Marketing Partners
We may share data with partners to deliver advertising and personalized experiences, as described in the Cookies section. You may opt out of targeted advertising — see Your Choices below.
Affiliates and Corporate Group
We may share data within our corporate structure to operate and improve our Services.
Legal Authorities
We may disclose data to comply with legal obligations, court orders, or lawful government requests, or to protect the rights, safety, or property of certiprof, our users, or the public.
Business Transfers
In the event of a merger, acquisition, or sale of assets, personal data may be transferred. Affected users will be notified as required by law.
Cookies and Tracking Technologies
When you visit certiprof.com, a cookie consent banner is shown before any non-essential tracking activates. You may accept all, reject all, or choose by category.
Strictly Necessary
Required for core functionality and cannot be disabled. Includes session authentication and exam session management, Shopify checkout tokens, and security tokens. Consent is not required for strictly necessary cookies under the ePrivacy Directive.
Analytics and Performance
Activated only with your consent. Includes Google Analytics (traffic and behavior reporting) and Microsoft Clarity (anonymized session recordings and heatmaps). Legal basis: Consent.
Marketing and Advertising
Activated only with your explicit consent. Includes Meta Pixel, Google Ads / GTM, LinkedIn Insight Tag, and Reddit Pixel. Legal basis: Consent.
Managing Your Preferences
- · Re-open the cookie preference center at any time via the Cookie Preferences link in the Site footer
- · Use browser settings to block or delete cookies independently
- · Google Analytics opt-out: tools.google.com/dlpage/gaoptout
- · Meta ad preferences: facebook.com/adpreferences
- · We honor Global Privacy Control (GPC) signals where required by applicable law
Data Retention
How long we retain your personal information depends on the purpose for which it was collected and applicable legal obligations:
| Data Category | Retention Period | Reason |
|---|---|---|
| Certification and credential records | Indefinite (life of credential) | Employer and institution verification |
| Exam results and attempt data | 7 years post-issuance | Audit and integrity compliance |
| Financial and payment records | 5 years minimum, per Florida Statute § 607.1601 and applicable US federal law | Tax, accounting, and legal obligations |
| Account profile data | Duration of account + 3 years | Service continuity and legal claims |
| Marketing preferences | Until opt-out or account deletion | Consent management |
| Support communications | 3 years from last interaction | Dispute resolution |
| Cookie and analytics data | Up to 13 months | Standard analytics retention |
Security and Data Protection
We implement industry-standard technical and organizational measures to protect your personal data, including TLS encryption for all data in transit, role-based access controls, regular security assessments, and exam session integrity controls. certiprof's infrastructure is hosted and protected on Amazon Web Services (AWS), providing enterprise-grade cloud security, redundancy, and data integrity controls.
Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee complete security. We recommend you do not use unsecure channels to communicate sensitive information to us. In the event of a data breach that creates a risk to your rights and freedoms, we will notify the relevant supervisory authority within the timeframes required by applicable law (72 hours under GDPR; 2 business days under Brazil's LGPD) and inform affected users without undue delay.
Your Choices
Your Choices are distinct from your legal Rights (see next section). This section covers the practical controls you have over how certiprof communicates with you.
Communication Preferences
Transactional messages (cannot be opted out): Purchase confirmations, exam access delivery, exam results and badge issuance notifications, and account security alerts are necessary to deliver the services you purchased.
Marketing messages (opt out anytime): You may unsubscribe from newsletters, promotional offers, new certification announcements, partner and academy program communications, and certification renewal reminders at any time by using the unsubscribe link in any email or contacting info@certiprof.com. If you opt out, we may still send non-promotional messages about your account or purchases.
Cookie and Tracking Preferences
Open the cookie preference center at any time via the Cookie Preferences link in the footer. You may also use browser-level controls to block all non-essential cookies.
Badge and Credential Preferences
Badge acceptance is optional. You may decline a digital badge without affecting your internal certification record. To remove a published badge from Credly or Badge Claimed, contact those platforms directly. Sharing your badge to LinkedIn or other platforms is entirely your choice.
Account and Data Preferences
Update your profile information at any time via your certiprof account settings. To request account deletion, contact info@certiprof.com. Certification records may be retained after deletion for credential verification purposes (see the Retention table above).
Your Rights
Depending on where you live, you may have some or all of the following rights. To exercise any right, contact info@certiprof.com with subject line "Privacy Right Request" and your country of residence. We will respond within the timeframe required by applicable law (generally 30 days). We will not discriminate against you for exercising any of these rights.
- · Right to Access / Know: Request a copy of the personal data we hold about you
- · Right to Delete: Request deletion of your personal data, subject to legal retention obligations
- · Right to Correct: Request correction of inaccurate or incomplete data
- · Right of Portability: Receive your data in a structured, machine-readable format
- · Right to Opt Out of Sale or Sharing for Targeted Advertising: Contact info@certiprof.com to opt out of sharing for cross-context behavioral advertising
- · Managing Communication Preferences: Unsubscribe from marketing emails via the link in any email
If you reside in the EEA or UK, you additionally have the right to object to or restrict processing, and to withdraw consent at any time. See the Additional Notices below.
We may need to verify your identity before processing your request. You may designate an authorized agent to submit requests on your behalf by providing written authorization. To learn more about how Shopify processes your data and exercise related rights, visit privacy.shopify.com. If you have complaints about how we process your personal information, you may lodge a complaint with your local data protection authority. For the EEA, see edpb.europa.eu.
Data Storage
certiprof stores and maintains all personal data within its own certified ecosystem, hosted on Amazon Web Services (AWS) servers located in the United States. We do not transfer, sell, or provide your personal data to third parties outside of this ecosystem for their independent use.
Service providers listed in the Third-Party Processors section below may access or process data solely to deliver the specific services they provide to certiprof, under strict data processing agreements, and only to the extent necessary for that purpose. They are not permitted to use your data for their own independent purposes.
Automated Decision-Making and Profiling
certiprof uses automated systems in the administration and evaluation of certification exams. These systems process exam responses, timing data, and session interaction patterns to produce results without direct human review of each individual response.
- · What is automated: Exam scoring and pass/fail determination; anti-fraud and integrity controls flagging anomalous session behavior; automatic eligibility for retakes and credential issuance based on exam outcomes
- · Right to human review (EEA/UK): Under Article 22 GDPR, if an automated decision significantly affects you, you may request human review by emailing info@certiprof.com with subject line "Automated Decision Review"
- · Profiling: We may use your certification history to suggest relevant certifications or learning paths. This does not produce legal or similarly significant effects and is used solely to improve your experience
Third-Party Processors
certiprof engages the following service providers to process personal data on our behalf. All providers are bound by data processing agreements and may only use data as instructed by certiprof.
| Service Provider | Purpose | Location | Safeguard |
|---|---|---|---|
| AWS (Amazon Web Services) | Cloud infrastructure and data hosting | USA | DPA |
| Shopify | E-commerce platform and checkout | Canada / Global | SCCs / DPA |
| Kajabi | Learning platform and course content delivery | USA | SCCs / DPA |
| ExamCloud | Exam access control and platform integration (integrates ClassMarker and EasyLMS) | USA | SCCs / DPA |
| ClassMarker | Online exam delivery (integrated via ExamCloud) | USA | SCCs / DPA |
| EasyLMS | Learning management and exam delivery (integrated via ExamCloud) | USA | SCCs / DPA |
| Stripe | Payment processing | USA | SCCs / DPA |
| PayPal | Payment processing | USA | SCCs / DPA |
| Hotmart | Payment processing (select countries) | Brazil / Global | SCCs / DPA |
| HubSpot | CRM and marketing communications | USA | SCCs / DPA |
| Go High Level | Marketing automation and partner communications | USA | SCCs / DPA |
| Apollo | Sales intelligence and outreach | USA | SCCs / DPA |
| LinkedIn Sales Navigator | Sales intelligence and prospecting | USA | SCCs / DPA |
| Credly | Digital badge issuance and hosting | USA | SCCs / DPA |
| Badge Claimed | Digital credential issuance and hosting | USA | SCCs / DPA |
| Google Analytics | Website analytics and traffic reporting | USA | SCCs / DPA |
| Microsoft Clarity | Session recordings and heatmaps (anonymized) | USA | SCCs / DPA |
| Google Ads / GTM | Advertising and conversion tracking | USA | SCCs / DPA |
| Meta (Facebook) | Advertising and conversion tracking | USA | SCCs / DPA |
| B2B advertising and analytics | USA | SCCs / DPA | |
| Community advertising and retargeting | USA | SCCs / DPA | |
| Streamyard | Webinar and live stream production | USA | SCCs / DPA |
| Zoom | Video conferencing and virtual events | USA | SCCs / DPA |
This list is updated periodically. For sub-processor details, contact info@certiprof.com.
Children's Privacy
Our Services are intended for professional development and are not directed to individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal data from minors. We do not sell personal data belonging to any individual, regardless of age. If you are the parent or guardian of a child who has provided us with their personal information, please contact us using the details below to request its deletion.
Third-Party Websites and Links
The Services may contain links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies. We do not guarantee and are not responsible for the privacy or security of such sites. Our inclusion of such links does not imply any endorsement of their content or operators.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised policy on this website, update the "Last Updated" date, and provide notice as required by applicable law. For material changes, we will notify affected users by email and obtain your explicit consent where legally required.
EEA · UK · Switzerland
Additional Notice — GDPR
This Additional Notice applies if you are located in the European Economic Area, the United Kingdom, or Switzerland. It is governed by the GDPR, UK GDPR, and the Swiss Federal Act on Data Protection (nFADP).
Legal Bases for Processing
Contractual Necessity (Art. 6(1)(b)): Account creation, exam registration, delivery, and result issuance; payment processing; certificate and digital badge issuance.
Legitimate Interests (Art. 6(1)(f)): Exam integrity monitoring and fraud prevention; platform analytics to improve certification quality; service-related communications to existing users; maintaining and defending legal claims. You may object at any time by contacting info@certiprof.com.
Consent (Art. 6(1)(a)): Analytics and performance cookies; marketing and advertising cookies; promotional email communications. To withdraw consent, use the unsubscribe link in any email or the Cookie Preferences footer link. Withdrawal does not affect the lawfulness of prior processing.
Legal Obligation (Art. 6(1)(c)): Tax, accounting, and financial reporting obligations; responses to court orders and lawful regulatory requests.
Special Category Data
certiprof does not intentionally collect special category data. If identity verification for a specific program requires biometric data, we will obtain your explicit consent in advance.
Contact for EEA and UK Inquiries
certiprof LLC is established in the United States. We do not currently have a formally appointed EU or UK representative. EEA and UK residents may direct GDPR-related requests, inquiries, or complaints directly to info@certiprof.com with the subject line "GDPR Inquiry." You also retain the right to lodge a complaint with your national supervisory authority at any time. EEA directory: edpb.europa.eu. UK: ico.org.uk.
Your Additional GDPR Rights
EEA/UK residents additionally have the right to object to or restrict processing for certain purposes; not be subject to solely automated decisions with significant legal effects (see Automated Decision-Making above); and lodge a complaint with their national supervisory authority at any time.
California · USA
Additional Notice — CCPA / CPRA
This Additional Notice applies to residents of California. certiprof does not sell your personal data in any form. We may share certain identifiers with advertising partners (Google, Meta, LinkedIn, Reddit) for targeted advertising purposes, which may constitute "sharing" under CPRA.
California residents have the right to: know what personal information we collect, use, and share; request deletion; correct inaccurate information; opt out of the sharing of personal information for cross-context behavioral advertising; limit the use of sensitive personal information; and non-discrimination for exercising these rights.
To submit a California rights request, email info@certiprof.com with subject line "CCPA Request" or use the "Do Not Sell or Share My Personal Information" link in the Site footer. We honor GPC signals as opt-outs from sharing for advertising. You may designate an authorized agent to submit requests on your behalf by providing written authorization.
Brazil
Additional Notice — LGPD
This Additional Notice applies to residents of Brazil under the Lei Geral de Proteção de Dados (LGPD, Lei nº 13.709/2018).
Brazilian residents have the right to: confirm data processing exists and access their data; correct incomplete or inaccurate data; request anonymization, blocking, or deletion of unnecessary data; request data portability; receive information about third parties with whom we share data; be informed of the consequences of not providing consent; and revoke consent at any time.
Legal bases under LGPD: Contractual performance (Art. 7, VI); legitimate interest (Art. 7, IX); legal obligation (Art. 7, II); and consent (Art. 7, I) for marketing and non-essential cookies.
Supervisory Authority: Autoridade Nacional de Proteção de Dados (ANPD) — gov.br/anpd. Contact: info@certiprof.com — Subject: "LGPD – Solicitação"
Canada
Additional Notice — Canada
How Canadians Access certiprof
Canadian users access certiprof.com directly, purchase and register for exams online, and take exams entirely within our digital platform. No physical exam center is involved. Your data is processed by certiprof LLC in the United States and by our service providers as described in this policy.
Consent and Transfers
We obtain consent before or at the time of collecting personal data, or rely on implied consent where appropriate. You may withdraw consent at any time by contacting info@certiprof.com, though this may affect our ability to provide certain Services. Your personal data is stored and processed in the United States. We implement contractual safeguards with all processors to ensure your data remains protected.
Contact Us
Should you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of the rights available to you, please contact us:
certiprof LLC
1401 Sawgrass Corporate Pkwy, Sunrise, FL 33323, US
Email: info@certiprof.com
For the purpose of applicable data protection laws, certiprof LLC is the data controller of your personal information.
