Privacy Policy

Last updated: May 20, 2026

DM+ LLC (“we,” “our,” or “us”) operates the Certcy mobile application (the “App”), the marketing website at certcy.app (the “Website”), the web application at app.certcy.app (the “Web App”), and the enterprise administration dashboard at admin.certcy.app (the “Admin Dashboard”). This Privacy Policy explains how we collect, use, disclose, and protect your information across all four surfaces. Where you use the Service as part of an organization with an Enterprise subscription, our processing of your Personal Data is also governed by the Data Processing Agreement in effect between us and your organization.

1. Information We Collect

Information You Provide

• Account information: When you create an account, we may collect your name, email address, and profile details.
• Email signup: When you subscribe to our blog or newsletter via the Website, we collect your email address.
• Usage data: Your quiz answers, scores, progress, and preferences within the App.
• Payment information: When you or your organization subscribes to a paid plan, payment details are provided directly to our payment processor, Stripe. We do not see or store your full card number or CVV; we store only a subscription reference, plan tier, and the last four digits of your card for receipts and support.
• Organizational data: If you access the Service as part of an employer or educational organization, your administrator provides us with your email address, display name, team assignment, and role. They also receive reports about your progress and activity within the organization’s Certcy account.

Information Collected Automatically

• Device information: Device type, operating system version, unique device identifiers, and mobile network information.
• Usage analytics: How you interact with the App and Website, including pages viewed, features used, session duration, and crash reports.
• Cookies: Our Website uses cookies for analytics (Google Analytics via Google Tag Manager) and to remember your cookie consent preference. We do not use cookies for advertising on the Website.
• Advertising data: We use third-party advertising services (such as Google Ads and Meta/Facebook) in the App that may collect device identifiers and usage data to serve relevant advertisements and measure ad performance.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the App, Website, and their features
• Personalize your learning experience and track your progress
• Send you blog updates and study tips if you have subscribed (you may unsubscribe at any time)
• Analyze usage patterns to improve content and user satisfaction
• Serve relevant advertisements and measure their effectiveness (App only)
• Detect, prevent, and address technical issues and security threats

3. Third-Party Services

We use the following third-party services to operate the Service. Each has its own privacy practices:

• Google Cloud / Firebase (hosting, database, authentication, analytics) — https://policies.google.com/privacy
• Stripe (payment processing, subscription billing) — https://stripe.com/privacy
• Resend (transactional email delivery) — https://resend.com/legal/privacy-policy
• Sentry (error monitoring and crash reporting) — https://sentry.io/privacy/
• Google Ads and Meta (Facebook) Pixel/SDK for ad delivery and conversion tracking (App only)
• Firebase Crashlytics to identify and fix technical issues on mobile
• Cloudflare (CDN and DDoS protection for certcy.app)

An up-to-date list of sub-processors is available at certcy.app/subprocessors. Enterprise customers are notified of material changes under the Data Processing Agreement.

4. Data Sharing

We do not sell your personal information. We may share your information with:

• Service providers: Third parties that help us operate the App and Website (hosting, analytics, advertising).
• Legal requirements: When required by law, regulation, or legal process.
• Business transfers: In connection with a merger, acquisition, or sale of assets.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide you services. Specifically:

• Account data: Retained while your account is active. Deleted within 30 days of an account deletion request.
• Email subscriptions: Retained until you unsubscribe or request removal.
• Analytics data: Retained per Google Analytics default retention settings (14 months).
• Cookie consent preferences: Stored locally in your browser for 365 days.

You may request deletion of your data at any time by contacting us.

6. Your Rights

Depending on where you live, you may have rights to access, correct, delete, or port your personal information; restrict or object to our processing; and withdraw consent. To exercise any of these rights, email privacy@certcy.app or visit certcy.app/delete-data. We will respond within 30 days. Where you are a learner in an organization’s Enterprise Certcy account, some of these rights may be exercised through your organization’s administrator.

California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect and how it is used
• Request deletion of your personal information
• Opt out of the sale or sharing of your personal information (we do not sell your data)
• Non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us using the information below.

7. Children’s Privacy

The App and Website are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

8. Security

We implement appropriate technical and organizational measures to protect your information, including HTTPS encryption, security headers, and access controls. However, no method of electronic transmission or storage is 100% secure.

9. Enterprise Customers

If you access the Service as part of an organization’s paid Enterprise subscription, the organization is the “Controller” of your Personal Data for most purposes under data protection laws, and DM+ LLC is a “Processor” acting on the organization’s behalf. The organization’s administrator may:

• Provision or remove your access
• View your progress, completion, and engagement data
• Receive reports aggregating your activity with that of other users in the organization
• Export or delete your data on request

If you have questions about how your employer or school handles your data, contact them first. You can still reach us at privacy@certcy.app for data requests that relate to DM+’s processing as a Controller (e.g., billing data, account security).

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy in the App or on the Website. Your continued use of the App or Website after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, contact us at:

DM+ LLC
Privacy Contact: privacy@certcy.app
General Support: support@certcy.app
Website: certcy.app