Effective Date: 1 April 2026 · Last Updated: 1 June 2026 · Versao portuguesa
Operating Entity: Softassure Technologies Ltd. · Contact: privacy@certyco.com
Certyco exists to give Professionals honest expert feedback and verified signal that Hiring Partners can trust. Privacy is foundational to how that trust works.
Certyco is a platform where Professionals receive structured, expert-led evaluations that produce actionable career feedback and verified hiring signal. The resulting 4D Scorecard and Certyco Mark give Hiring Partners pre-validated signal about a Professional's capabilities.
This Privacy Policy explains how Certyco ("we", "our", or "us"), operated by Softassure Technologies Ltd., collects, uses, shares, and protects personal information when you access or use our website, platform, or services.
Certyco operates in Canada, the United States, India, the United Kingdom, and Portugal, and complies with applicable privacy laws in those jurisdictions, including PIPEDA, CCPA/CPRA, India's DPDPA 2023, the UK GDPR, and the EU GDPR.
By creating an account or using the platform, you acknowledge that you have read and understood this Privacy Policy.
Certyco is currently operating in its Full Launch phase.
Professionals and Industry Experts may provide contact details of industry references (name, email, phone, company, job title, and relationship) as part of their profile. This information is provided by the user on behalf of the referenced individual. Reference data is accessible only to the user who submitted it and Certyco administrators for verification purposes. It is not shared with Hiring Partners or any other third party. If you have been listed as a reference and wish to have your information reviewed or removed, please contact privacy@certyco.com.
AI Resume Import lets Professionals and Industry Experts upload a PDF or DOCX resume to pre-populate their profile. Here is exactly what happens with your data:
We use the information we collect to:
We do not use your information for advertising, behavioral profiling, or sale to third parties.
The Certyco Mark tier (Mark III, Mark II, Mark I, or No Mark) is assigned automatically based on a Professional's aggregated evaluation score using a fixed formula. The evaluation scores themselves are determined entirely by a human Industry Expert -- no AI or automated systems are involved in scoring. The tier assignment determines the Professional's visibility level to Hiring Partners. If you believe your tier assignment is incorrect, you may contact privacy@certyco.com to request a review.
Interview recordings are a core part of Certyco's fairness and accountability model.
Recordings are retained until the Professional requests deletion. They do not expire automatically.
By default, Professional profiles and evaluation results are completely private. No Hiring Partner or Industry Expert can discover, view, or access your profile or scorecard unless you explicitly choose to make yourself visible.
Visibility to Hiring Partners is controlled through two sequential gates:
Discreet Mode allows:
Discreet Mode is designed to prevent conflicts, protect careers, and preserve evaluation neutrality.
To protect the integrity of evaluations:
We retain data only as long as necessary to operate the platform, maintain evaluation integrity, and meet legal obligations.
| Data Type | Retention Period |
|---|---|
| Account data | Retained until you request account deletion |
| Profile data | Retained until you request account deletion |
| Evaluation data | 24 months after evaluation date |
| Interview recordings | Retained until the Professional requests deletion |
| Banking and payout details (Industry Experts) | Duration of contractual relationship plus 10 years (to satisfy tax record retention obligations across all operating jurisdictions). You may request earlier deletion, subject to applicable legal retention requirements. |
| Payout transaction records | Duration of contractual relationship plus 10 years (tax compliance) |
| Audit logs | 36 months |
| OTP verification codes | Auto-expire after 10 minutes |
| Session data | Until logout or session expiry (1–7 days) |
| AI Resume Import files | Not retained. Processed in your browser and discarded |
You may request deletion of your account and personal data at any time by emailing privacy@certyco.com. Upon receiving a valid deletion request:
Depending on your jurisdiction, you may have the right to:
To exercise any of these rights, contact us at privacy@certyco.com. We will respond to valid requests within 30 days (or within 90 days for India DPDPA requests, as permitted by that law). If we need additional time due to the complexity of your request, we will notify you of the extension and the reason for it.
If you wish to access, correct, delete, or export your personal data, follow this process:
You do not need to pay a fee to exercise your rights. We may refuse requests that are manifestly unfounded or excessive, in which case we will explain our reasons.
We apply reasonable administrative, technical, and organizational safeguards to protect your data, including:
No system is completely secure. While we take reasonable measures to protect your data, we cannot guarantee absolute security.
Certyco operates in Canada, the United States, and India. The following disclosures apply based on your jurisdiction of residence. Your rights under Section 11 include all applicable rights under these frameworks.
Certyco complies with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation, including Quebec's Act respecting the protection of personal information in the private sector (Law 25), Alberta's Personal Information Protection Act (PIPA), and British Columbia's Personal Information Protection Act (PIPA).
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).
Other U.S. states may have similar privacy rights. We honor all valid data subject requests regardless of state of residence.
Certyco complies with the Digital Personal Data Protection Act, 2023 (DPDPA) for users in India.
Certyco's primary database is hosted in Canada (Montreal). Some third-party service providers (such as Stripe, Vercel, and Anthropic) may process data in the United States. When data is transferred to US-based providers, they are either certified under the EU-US Data Privacy Framework or covered by their own Data Processing Agreements. Transfers between Canada and the UK/EU are covered by Canada's adequacy decisions (EU Commission Decision 2002/2 and UK Adequacy Regulation 2021).
Certyco's core Industry Expert community is based in Canada, the United States and India. As part of a time-bounded pilot programme, we also engage a small number of senior Industry Experts based in the United Kingdom and in Portugal. When you schedule an evaluation, you will see the country of the Industry Expert at the point of selection and may choose any available expert that matches your skill profile.
For evaluations conducted by Industry Experts in the UK or the EU, the following applies:
Depending on your jurisdiction, we process personal information on the following bases:
Certyco is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a person under 18, we will take steps to delete that information promptly.
We may update this Privacy Policy from time to time. Material changes will be communicated through the platform or via email. The "Last Updated" date at the top of this page indicates when the policy was last revised.
Continued use of the platform after changes are posted constitutes acceptance of the revised policy.
For privacy-related questions, data requests, or concerns, contact:
Privacy Officer
Sharique Shaikh, Founder
Softassure Technologies Ltd.
222 - 3265 Carding Mill Trail, Suite 222, Oakville, Ontario, L6M 5P7, Canada
The Privacy Officer is responsible for overseeing compliance with applicable data protection laws, including PIPEDA, Quebec's Law 25, CCPA/CPRA, India's DPDPA 2023, the UK GDPR, and the EU GDPR.