Privacy Policy
Effective date: July 6, 2026
This Privacy Policy explains, in plain language, what information CertStudio LLC ("CertStudio," "we," "us," or "our") collects when you use the CertStudio application and related services (the "Service"), how we use and protect that information, and the choices you have. By using the Service, you agree to this Policy.
1. Our Privacy Commitment
We collect only the information we need to run the Service, and we never sell, rent, or trade your personal information to anyone. We use your information for one purpose: to provide, protect, and improve CertStudio.
2. Information You Give Us
Depending on how you use the Service, you may give us:
- •Account information — the email address and password you use to sign up and sign in.
- •Purchase information — your payment is handled directly by our payment processor (Stripe). We are told that your payment succeeded, but we never see or store your full card number.
- •Support requests — your name, email, optional account number, and the message you send us through the support form.
- •Account deletion requests — the name, email, and account number you submit so we can verify the request is really from you.
3. How Your Email and Password Are Stored
Your email address is stored in our account system in readable form — we need it to identify your account, let you sign in, and send you essential messages such as password resets and purchase receipts.
Your password is different: it is never stored in readable form — not by us, and not by anyone. The moment you create your account, your password is converted into a scrambled code (called a "hash") using bcrypt, an industry-standard one-way process that cannot be reversed. Only that code is saved. When you sign in, the password you type is scrambled the same way and the two codes are compared. If they match, you're in.
This means no one — including us, our staff, or our service providers — can look up or recover your actual password. It also means that if you forget your password, we cannot tell you what it was; the only option is to reset it.
Because your password only exists in your head, keeping it strong, unique, and private is your responsibility. Do not reuse a password from another website, and do not share it with anyone.
4. Information Collected Automatically
Like almost every online service, some basic technical information is handled automatically when you use CertStudio — things like your general device and browser type, and routine security and delivery logs kept by the companies that host and protect the Service. This information is used only to keep the Service fast, reliable, and secure.
When you sign in, we also record a basic description of the browser you signed in from (for example, "Chrome on Windows"), the date of the sign-in, and the network (IP) address and approximate location (city and country) the sign-in came from. This is used to enforce the device limit described below, to detect suspicious account activity such as account sharing or a stolen password, and to help you if you contact support about account access. We never use it for advertising or tracking.
5. Cookies and Signed-In Devices
CertStudio uses only essential cookies — the kind needed for the Service to work. We do not use advertising cookies, tracking cookies, or third-party analytics.
We set two kinds of essential cookies: a session cookie that keeps you signed in, and a device cookie containing a random identifier that marks the browser you signed in from. Both are protected so that scripts running in the page cannot read them.
The device cookie exists because each account may be signed in on a limited number of devices at a time (currently two). This is a security and anti-sharing measure. Signing out of a device frees up its slot, and the record we keep about a device is deleted when you sign out on it or delete your account.
6. Study Progress and Local Data
Your study progress (such as confidence levels, streaks, daily goals, and quiz history) is stored on your own device in your browser's storage. If you are signed in, some progress may also be saved to your account so it can follow you across devices. Clearing your browser storage or deleting your account removes this data.
7. How We Use Your Information
We use the information we collect to:
- •Create and manage your account and let you sign in.
- •Process purchases and provide customer support.
- •Save and sync your study progress.
- •Enforce the signed-in device limit and protect accounts from unauthorized use.
- •Keep the Service secure and running properly.
- •Meet our legal, tax, and accounting obligations.
8. We Do Not Sell Your Data
We do not sell, rent, or trade your personal information to anyone, for any reason. We do not use your data for advertising, we do not share it with marketers, and we do not run third-party analytics or tracking scripts in the app.
9. Service Providers We Rely On
We use a small number of trusted companies to run the Service. Each one handles only the data it needs to do its job, and each is bound by its own privacy and security commitments:
- •Supabase — securely stores account information (including your email and the scrambled password code described above), synced study progress, and support requests.
- •Stripe — processes payments. Your card details go directly to Stripe and are never stored by us.
- •Cloudflare — helps deliver the Service quickly and protects it from attacks.
10. When We May Disclose Information
We may disclose personal information if we are required to do so by law — for example, in response to a valid subpoena, court order, or other lawful request — or if disclosure is reasonably necessary to protect the safety, rights, or property of our users, the public, or CertStudio.
11. Data Retention
We keep your personal information for as long as your account is active or as needed to provide the Service. Device sign-in records are removed when you sign out on a device. When you request account deletion, we delete your account and associated personal information — including your progress and device records — within seven (7) business days, except for limited records we are required to keep for legal, tax, accounting, or fraud-prevention reasons.
12. Your Rights and Choices
You can view and update your account information from the Account Settings screen, request deletion of your account through the app, and reset your locally stored progress at any time. Depending on where you live, you may have additional legal rights — such as the right to access, correct, or delete your personal data — which you can exercise by contacting us.
13. How We Protect Your Information
We built CertStudio with security in mind from the start. The specific safeguards we use include:
- •Encryption in transit — all traffic between your device and our servers is encrypted (HTTPS/TLS), and browsers are instructed to never connect insecurely.
- •Encryption at rest — the databases where your information lives are encrypted on disk by our infrastructure provider.
- •Password hashing — passwords are stored only as irreversible bcrypt hashes, never in readable form (see "How Your Email and Password Are Stored" above).
- •Account isolation — database-level access rules ("row-level security") ensure each signed-in account can only read and change its own records, enforced by the database itself, not just the app.
- •Device limits — each account can be signed in on a limited number of devices, reducing the impact of a stolen password.
- •Payment isolation — card details go directly to Stripe and never pass through or rest on our systems.
- •Restricted access — administrative access to account data is limited, credential-protected, and denied by default.
- •Hardened browser protections — security headers prevent our pages from being embedded in other sites or downgraded to insecure connections.
14. Security Is a Shared Responsibility
Even with these safeguards, we want to be honest with you: no website, app, or online service can guarantee perfect security. Methods of attack change constantly, and even well-defended companies can be affected. By using the Service, you acknowledge and accept that the security of information transmitted or stored online can never be absolutely guaranteed, and that you provide your information at your own risk to the extent permitted by law.
You also play a part in keeping your account safe: use a strong password you don't use anywhere else, keep it private, sign out on shared devices, and let us know right away if you think someone else has accessed your account.
15. Security Incidents
If we learn that personal information in our care has been accessed or taken without authorization, we will act promptly to investigate, contain the issue, and notify affected users and any relevant authorities as required by applicable law.
To the fullest extent permitted by law, CertStudio LLC is not liable for damages resulting from unauthorized access to, or theft, alteration, or destruction of, your information by third parties — including criminal acts such as hacking — that occur despite the reasonable safeguards described in this Policy. Any liability we may have is further limited as described in the "Limits on Our Liability" section of our Terms of Service, which applies to this Policy as well.
16. Children's Privacy
The Service is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, please contact us and we will delete it.
17. International Users
The Service is operated from the United States. If you use it from another country, your information will be transferred to and stored in the United States, where privacy laws may differ from those where you live. By using the Service, you consent to that transfer.
18. Changes to This Policy
We may update this Privacy Policy from time to time. When we make meaningful changes, we will update the "Effective date" above and, where appropriate, let you know within the app. Continuing to use the Service after a change takes effect means you accept the updated Policy.
19. Contact Us
If you have questions about this Privacy Policy or your data, please reach out by submitting a support ticket from the Help screen in the app.
This document is provided for general informational purposes and is not legal advice.
← Back to Dashboard