CertycoCertyco

Privacy Policy

Effective Date: 1 April 2026 · Last Updated: 1 April 2026

Operating Entity: Softassure Technologies Ltd. · Contact: privacy@certyco.com

Privacy at a Glance

At Certyco, privacy is not an afterthought; it is foundational to how trust works on the platform.

  • You control when your profile is visible and who can contact you
  • Interviews are recorded only with your explicit consent (launches May 2026)
  • Hiring Partners never see personal details unless they unlock your profile
  • Industry Experts evaluate independently and do not receive unnecessary personal identifiers before interviews
  • AI Resume Import reads your file in your browser and the file is never uploaded. Extracted text is sent to our servers for AI-powered parsing and is not retained
  • We do not sell personal data, ever
  • You can request deletion of your data at any time

1. Introduction

Certyco is a verification platform where Professionals are evaluated by independent Industry Experts through structured interviews. The resulting 4D Scorecard and Certyco Mark give Hiring Partners pre-validated signal about a Professional's capabilities.

This Privacy Policy explains how Certyco ("we", "our", or "us"), operated by Softassure Technologies Ltd., collects, uses, shares, and protects personal information when you access or use our website, platform, or services.

Certyco operates in Canada, the United States, and India, and complies with applicable privacy laws in those jurisdictions.

By creating an account or using the platform, you acknowledge that you have read and understood this Privacy Policy.

2. Platform Availability & Rollout Status

Certyco is currently operating in an Early Access phase.

Currently Available

  • Account creation (email and password, or OAuth via Google, LinkedIn, or Microsoft)
  • Email verification (standard email for all users; corporate email verification for Industry Experts and Hiring Partners)
  • Profile creation and management (Professional, Industry Expert, and Hiring Partner)
  • AI Resume Import for Professionals and Industry Experts (PDF/DOCX text extraction with AI-powered parsing)
  • Profile onboarding with completion tracking
  • Support page
  • Vercel Analytics (privacy-focused, first-party)

Available in MVP Phase 1 (Planned May 2026)

  • Evaluation interviews and 4D Scorecard scoring
  • Interview recordings (with consent)
  • Certyco Mark tier assignment
  • Hiring Partner search, discovery, and profile unlocking
  • Discreet Mode
  • Payment processing via Stripe
  • Resume export (PDF)

Certain sections of this Privacy Policy describe features that will become active as part of the MVP rollout. Data collection for those features will only begin once the relevant functionality is live. These sections are marked with "(MVP Phase 1)" where applicable.

3. Information We Collect

3.1 Account Information (All Users)

  • Full name and email address
  • Password (hashed via bcrypt, managed by Supabase Auth. Certyco does not store plaintext passwords)
  • Role selection (Professional, Industry Expert, or Hiring Partner)
  • Company name (Industry Expert and Hiring Partner)
  • Corporate email address (Industry Expert and Hiring Partner; verified separately)
  • LinkedIn URL (optional)
  • Account status and timestamps
  • OAuth profile data received from Google, LinkedIn, or Microsoft when you sign in with a social provider (name, email, profile URL)

3.2 Profile Information

From Professionals

  • Professional summary, current and desired role titles
  • Skills (with proficiency levels), domain expertise, and platform expertise
  • Work experience, education history, and certifications
  • Portfolio projects and work samples
  • Languages spoken
  • Job preferences (notice period, work authorization, currency, work mode, job type)
  • Availability status

From Industry Experts

  • All Professional profile fields, plus references, evaluation expertise areas, and dual email fields (corporate and personal)

From Hiring Partners

  • Company information, hiring preferences, and search preferences

Industry References (Third-Party Data)

Professionals and Industry Experts may provide contact details of industry references (name, email, phone, company, job title, and relationship) as part of their profile. This information is provided by the user on behalf of the referenced individual. Reference data is accessible only to the user who submitted it and Certyco administrators for verification purposes. It is not shared with Hiring Partners or any other third party. If you have been listed as a reference and wish to have your information reviewed or removed, please contact privacy@certyco.com.

3.3 AI Resume Import Data

AI Resume Import lets Professionals and Industry Experts upload a PDF or DOCX resume to pre-populate their profile. Here is exactly what happens with your data:

  1. Your file is read in your browser using client-side libraries. The file itself is never uploaded to any server. The extracted text is sent to Certyco's servers for AI-powered parsing.
  2. Only the extracted text is sent to our backend, which forwards it to the Anthropic Claude API for structured parsing.
  3. The AI returns structured data (experience, education, skills, certifications) which is stored temporarily in your browser session.
  4. You review and approve each parsed section before anything is saved to your profile.
  5. No resume files are stored on Certyco servers at any point. The extracted text is processed in memory and discarded after parsing.

3.4 Authentication & Security Data

  • JWT access tokens and refresh tokens (managed by Supabase Auth)
  • Session data (default 1 day; up to 7 days with Remember Me)
  • OTP verification codes (6-digit numeric codes that auto-expire after 10 minutes)
  • OAuth tokens from social login providers
  • IP addresses
  • Login history and failed login attempt logs
  • Rate limit tracking data
  • Platform access cookie (functional, HMAC-signed, httpOnly, secure, 24-hour expiry, used for access control, not tracking)

3.5 Interview & Evaluation Data (MVP Phase 1)

This data will be collected when evaluation features launch in May 2026.

  • Scheduled interview dates, times, and duration
  • Interview status and lifecycle data
  • Individual skill ratings (1–5 scale across multiple dimensions)
  • Aggregated evaluation scores and Certyco Mark tier assignment
  • Written evaluation feedback (strengths and development areas)
  • Interview recordings (audio/video, collected only with explicit consent)

3.6 Hiring Partner Interaction Data (MVP Phase 1)

This data will be collected when search and discovery features launch in May 2026.

  • Search activity and filter usage
  • Saved candidates lists
  • Profile unlock history
  • Credit usage and purchase history

3.7 Usage & Audit Data

  • Audit logs (admin actions and authentication events)
  • Profile activity logs
  • Email delivery logs

4. Cookies & Analytics

Analytics

Certyco uses Vercel Analytics, a privacy-focused, first-party analytics service. Vercel Analytics:

  • Does not use cookies
  • Does not perform cross-site tracking
  • Does not build behavioral profiles
  • Collects only page views and anonymized device/browser information

Cookies

Certyco does not use advertising cookies, third-party tracking cookies, or behavioral profiling cookies.

The platform uses the following functional cookies:

  • Authentication cookies: essential cookies managed by Supabase Auth for session management and login state
  • Platform access cookie: an HMAC-signed, httpOnly, secure cookie with 24-hour expiry used for platform access control during Early Access. This cookie is not used for tracking or analytics.

5. How We Use Your Information

We use the information we collect to:

  • Operate, maintain, and improve the Certyco platform
  • Create and manage your account and profile
  • Process AI Resume Import uploads (text extraction and AI-powered parsing)
  • Verify email addresses and corporate email eligibility
  • Generate and deliver OTP codes for verification
  • Facilitate evaluation interviews and scoring (MVP Phase 1)
  • Display verified evaluation signals to Hiring Partners (MVP Phase 1)
  • Process payments and manage credits (MVP Phase 1)
  • Enforce fairness, quality control, and platform integrity
  • Enforce rate limits and prevent abuse
  • Communicate important updates, notifications, and support responses
  • Maintain audit trails for security and compliance
  • Comply with legal and regulatory obligations

We do not use your information for advertising, behavioral profiling, or sale to third parties.

6. Interview Recordings & Consent

This section describes functionality planned for MVP Phase 1 (May 2026). Recording features are not active during Early Access.

Interview recordings are a core part of Certyco's fairness and accountability model.

  • Consent is obtained during interview scheduling and confirmed before recording begins
  • Recordings are not shared or accessed without explicit authorization

Access Rules

  • ProfessionalsFull access to their own recordings
  • Industry ExpertsAccess for up to 24 hours after the interview for evaluation submission
  • Certyco AdminsOngoing access for quality review, audit, and platform integrity
  • Hiring PartnersAccess only with explicit, additional consent from the Professional

Recordings are retained until the Professional requests deletion. They do not expire automatically.

7. Profile Visibility, Unlocking & Discreet Mode

By default, Professional profiles are private. Personal and contact details are not visible to Hiring Partners or Industry Experts.

  • Hiring Partners can view verified evaluation data (scores, feedback, Mark tier) without seeing personal or contact details (MVP Phase 1)
  • Personal and contact details are revealed only when a Hiring Partner unlocks the profile (MVP Phase 1)
  • Availability controls determine whether a Professional can be discovered and contacted
  • Industry Experts do not see unnecessary personal identifiers before interviews (MVP Phase 1)

Discreet Mode (MVP Phase 1, May 2026)

Discreet Mode allows:

  • Professionals to hide their profile from up to 2 specific companies
  • Industry Experts to hide their identity and details from Hiring Partners at the same employer

Discreet Mode is designed to prevent conflicts, protect careers, and preserve evaluation neutrality.

8. Data Sharing & Third-Party Services

When We Share Information

We share personal information only in the following circumstances:

  • With Industry Experts: limited Professional data necessary to conduct evaluations (MVP Phase 1)
  • With Hiring Partners: verified evaluation data by default; personal and contact details only after profile unlock (MVP Phase 1)
  • With third-party service providers: as described below, to operate the platform
  • With legal or regulatory authorities: when required by applicable law

We do not sell personal data to third parties.

Third-Party Services

ServicePurposeData Shared
SupabaseDatabase and authentication (password hashing, JWT management)Account data, profile data, all platform data
Google OAuthSocial loginEmail, name, profile URL (only if you choose to sign in with Google)
LinkedIn OAuthSocial loginEmail, name, profile URL (only if you choose to sign in with LinkedIn)
Microsoft OAuthSocial loginEmail, name, profile URL (only if you choose to sign in with Microsoft)
ResendEmail delivery (OTP codes, welcome emails, notifications)Email addresses and email content
VercelHosting and analyticsPage views, anonymized device/browser info
Anthropic Claude APIAI Resume Import parsingResume text only (no files). Processed under Anthropic's Commercial Terms and Data Processing Addendum. Anthropic does not train models on data submitted via the API. Text is not retained after processing.
Stripe (planned)Payment processingPayment card details, transaction data

Each third-party service processes data according to its own privacy policy and terms. We select service providers that maintain appropriate security and privacy standards.

9. Conflicts, Fairness & Safeguards

This section describes functionality planned for MVP Phase 1 (May 2026).

To protect the integrity of evaluations:

  • Industry Experts cannot evaluate Professionals with whom they have a personal or professional relationship
  • Industry Experts may decline evaluations involving current or recent employers, or organizations where a conflict of interest may exist
  • Matching between Industry Experts and Professionals is based on role relevance, domain expertise, platform familiarity, and availability
  • Certyco administrators may silently monitor live interviews for quality control, fairness, and platform integrity
  • Evaluation quality is periodically reviewed by Certyco

10. Data Retention & Deletion

We retain data only as long as necessary to operate the platform, maintain evaluation integrity, and meet legal obligations.

Data TypeRetention Period
Account dataRetained until you request account deletion
Profile dataRetained until you request account deletion
Evaluation data24 months after evaluation date
Interview recordingsRetained until the Professional requests deletion
Audit logs36 months
OTP verification codesAuto-expire after 10 minutes
Session dataUntil logout or session expiry (1–7 days)
AI Resume Import filesNot retained. Processed in your browser and discarded

Account Deletion

You may request deletion of your account and personal data at any time by emailing privacy@certyco.com. Upon receiving a valid deletion request:

  • Your account will be deactivated and personal data will be removed
  • Certain records may be retained where required by law or necessary to maintain the integrity of completed evaluations (e.g., anonymized evaluation records)
  • We will confirm completion of your deletion request

11. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data
  • Correct inaccurate or incomplete data
  • Request deletion of your data
  • Withdraw consent (where processing is based on consent)
  • Object to processing of your data
  • Restrict processing of your data
  • Request data portability
  • Lodge a complaint with a data protection authority

To exercise any of these rights, contact us at privacy@certyco.com. We will respond to valid requests within the timeframes required by applicable law.

12. Security Measures

We apply reasonable administrative, technical, and organizational safeguards to protect your data, including:

  • Password hashing via bcrypt (managed by Supabase Auth. Plaintext passwords are never stored)
  • Encrypted data transmission via HTTPS/TLS for all connections
  • HMAC-signed cookies for session integrity and access control
  • JWT-based authentication with token expiry
  • Role-based access controls and Row Level Security on database queries
  • Rate limiting on sensitive endpoints (authentication, OTP generation)
  • Internal access logging and audit trails
  • Periodic security reviews

No system is completely secure. While we take reasonable measures to protect your data, we cannot guarantee absolute security.

13. Jurisdiction-Specific Disclosures

Certyco operates in Canada, the United States, and India. The following disclosures apply based on your jurisdiction of residence. Your rights under Section 11 include all applicable rights under these frameworks.

Canada (PIPEDA)

Certyco complies with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.

  • We collect, use, and disclose personal information only for the purposes identified in this Privacy Policy, with your knowledge and consent
  • You may withdraw consent at any time, subject to legal or contractual restrictions, by contacting privacy@certyco.com
  • You have the right to access your personal information held by Certyco and to challenge its accuracy
  • You may file a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated

United States: CCPA / CPRA (California)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

  • Right to know: You may request the categories and specific pieces of personal information we have collected about you
  • Right to delete: You may request deletion of your personal information, subject to certain exceptions
  • Right to opt out of sale: Certyco does not sell personal information. We do not sell, rent, or trade your data to third parties for monetary or other valuable consideration
  • Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights
  • Right to correct: You may request correction of inaccurate personal information

Other U.S. states may have similar privacy rights. We honor all valid data subject requests regardless of state of residence.

India (DPDPA 2023)

Certyco complies with the Digital Personal Data Protection Act, 2023 (DPDPA) for users in India.

  • We process personal data based on your consent or for legitimate uses as defined under the DPDPA
  • You have the right to access, correct, and erase your personal data as a Data Principal
  • You may withdraw consent at any time through the mechanisms described in this policy
  • You may file a complaint with the Data Protection Board of India if you believe your rights have been violated

Cross-Border Data Transfers

Certyco's infrastructure and third-party service providers may process your data in jurisdictions outside your country of residence, including Canada, the United States, and other countries where our service providers operate. When your data is transferred across borders, we ensure that appropriate safeguards are in place consistent with applicable data protection laws.

Legal Basis for Processing

Depending on your jurisdiction, we process personal information on the following bases:

  • Consent: where you have given explicit consent (e.g., interview recordings, AI Resume Import)
  • Contractual necessity: to provide the services you have requested (e.g., account creation, profile management, evaluations)
  • Legitimate interest: to operate, maintain, and improve the platform, enforce quality and fairness, and prevent abuse
  • Legal obligation: to comply with applicable laws and regulatory requirements

A comprehensive jurisdiction-specific annex with detailed disclosures for each applicable framework will be published before Certyco's full public launch.

14. Children's Privacy

Certyco is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a person under 18, we will take steps to delete that information promptly.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the platform or via email. The "Last Updated" date at the top of this page indicates when the policy was last revised.

Continued use of the platform after changes are posted constitutes acceptance of the revised policy.

16. Contact Us

For privacy-related questions, data requests, or concerns, contact:

Certyco, Privacy Team

privacy@certyco.com

Operating Entity: Softassure Technologies Ltd.