Privacy Policy

Last updated: February 2026

CertifyUSA ("we," "us," or "our") operates the website certifyusa.org and provides business certification services, embeddable trust badges, and verification tools. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password. If you sign in with Google OAuth, we receive your name, email address, and profile picture from Google.

Business Information

During the certification application process, we collect your business name, business type, industry, website URL, and responses to profile verification questions. This information is used to evaluate your certification application and displayed on your public verification page.

Payment Information

Payments are processed by Airwallex. We do not store your full credit card number, CVV, or bank account details. Airwallex may collect payment card information, billing address, and transaction details in accordance with their own privacy policy.

Badge Scan Data

When a visitor clicks or verifies one of your trust badges, we collect limited technical data including the visitor's IP address, user agent, referring URL, and timestamp. This data is used to provide badge analytics and detect fraudulent badge usage.

Automatically Collected Data

We automatically collect device information, browser type, IP address, pages visited, and interaction data through cookies and analytics tools when you visit our website.

2. How We Use Your Information

  • Process and manage your certification applications
  • Issue, display, and verify trust badges
  • Process subscription payments and manage your billing cycle
  • Provide badge scan analytics and verification statistics
  • Authenticate your identity and maintain account security
  • Send service-related communications and updates
  • Improve our services through aggregated, anonymized usage data
  • Detect and prevent fraud or abuse of the badge system
  • Comply with legal obligations

3. Cookies and Tracking Technologies

We use the following cookies:

Essential Cookies

  • authjs.session-token — NextAuth session cookie required for authentication. Expires when you close your browser or after 30 days.

Analytics Cookies

  • _ga — Google Analytics identifier used to distinguish users. Expires after 2 years.
  • _ga_G5XRQY46HN — Google Analytics cookie used to maintain session state. Expires after 2 years.

We do not use advertising or marketing cookies. For more details, see our Cookie Policy.

4. Third-Party Services

We share information with the following third-party service providers:

  • Airwallex — Payment processing. Receives billing and transaction data necessary to process your subscription.
  • Google OAuth — Authentication. If you sign in with Google, we receive basic profile information from your Google account.
  • Google Analytics — Website analytics. Collects anonymized usage data to help us understand how visitors interact with our site.

We do not sell your personal information to third parties.

5. Data Retention

We retain your account and certification data for as long as your account is active or as needed to provide our services. Badge scan logs are retained for up to 24 months for analytics purposes. If you delete your account, we will remove your personal data within 30 days, except where we are required to retain it for legal or compliance purposes.

6. Data Security

We implement industry-standard security measures to protect your data, including encrypted connections (TLS/SSL), hashed passwords, and secure server infrastructure. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

7. Your Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information:

  • Right to Know — You may request that we disclose the categories and specific pieces of personal information we have collected about you.
  • Right to Delete — You may request that we delete your personal information, subject to certain exceptions.
  • Right to Non-Discrimination — We will not discriminate against you for exercising your privacy rights.
  • Right to Opt-Out — We do not sell personal information. If this changes, we will provide a "Do Not Sell My Personal Information" link.

To exercise any of these rights, contact us at info@certifyusa.org. We will respond to verifiable requests within 45 days.

8. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from children. If we discover that a child has provided us with personal data, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. Your continued use of our services after changes are posted constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at:

CertifyUSA
Email: info@certifyusa.org
Website: certifyusa.org