Privacy Policy

Certifym.net — Privacy Policy
Effective date: July 9, 2026
This Privacy Policy explains how Certifym Exam Services, LLC, doing business as Certifym.net (“Certifym,” “we,” “us”), collects, uses, and shares information when you use the website certifym.net and our practice-exam services (the “Service”). By using the Service, you agree to this Policy. Capitalized terms not defined here have the meanings given in our Terms of Service (https://certifym.net/terms/).
1. Information We Collect
Account information. When you register, we collect your name (if provided), email address, username, and password (stored as a salted cryptographic hash — we never store your plain-text password).
Free sample-exam information. Our website offers free sample practice questions that anyone can try without an account. If you choose to receive your sample results, we collect the email address you provide, which sample exam you took, your score, and a record of your consent. Providing an email is optional — it is only required if you want your graded results and explanations.
Payment information. Payments are processed by Stripe, Inc. Your full card number and bank details go directly to Stripe and are never stored on our servers. We receive and retain limited billing metadata from Stripe: the card brand, last four digits, expiration status, billing country/postal code, and your transaction and subscription history.
Exam activity. To operate the Service and show you your results, we record your exam attempts: which exams you start, the questions served to you, your answers, scores, timestamps, and completion status.
Usage and security data. Our servers automatically log technical information including IP address, browser type, device information, pages viewed, API request timing and volume, and login events. We use this data to operate the Service and to detect fraud and abuse — including account sharing, automated scraping, and other violations of our Terms of Service. As described in the Terms, we limit concurrent sessions and monitor unusual access patterns; the data described here is what makes that enforcement possible.
Communications. If you contact support, we keep the correspondence.
We do not knowingly collect sensitive categories of personal information (such as health, biometric, or precise geolocation data), and we do not buy data about you from third parties.
2. How We Use Information
We use the information above to: (a) provide the Service — authenticate you, deliver exams, score attempts, and display your results history; (b) process subscription payments and manage billing; (c) protect the Service and our Exam Content — enforcing account, session, and rate limits, investigating suspected scraping, sharing, or fraud, and pursuing violations; (d) communicate with you about your account, transactions, and material changes to the Service or our terms; (e) respond to support requests; (f) improve the Service, including analyzing aggregate question performance (e.g., which questions are most missed); (g) deliver free sample-exam results you request, and — with your consent — send you study tips and information about our Service; and (h) comply with legal obligations.
Where laws such as the GDPR apply, our legal bases are: performance of our contract with you (a, b, e), our legitimate interests in securing the Service and protecting our intellectual property (c, f), consent where required (marketing email and sample-exam communications, item (g), and compliance with legal obligations (h).
Marketing. We will only send marketing or promotional email if you opt in — for example, by ticking the consent box when requesting your free sample-exam results — and every such message includes an unsubscribe link. Unsubscribing stops all marketing email; we retain a suppression record of your address so we don’t email you again. Transactional messages (receipts, renewal notices, security alerts, and the one-time sample-results email you request) are sent regardless because they are part of delivering what you asked for.
3. Cookies
We use cookies and similar technologies that are strictly necessary to run the Service: WordPress session cookies that keep you logged in, and cookies that support secure checkout. Our payment processor may set its own cookies during checkout for fraud prevention. You can block cookies in your browser settings, but the Service will not function without the essential ones (you cannot stay logged in).
4. How We Share Information
We do not sell your personal information, and we do not share it with third parties for their own advertising. We share information only with:
Service providers acting on our instructions: Stripe (payment processing), our web hosting provider, our email delivery provider, and our email marketing platform (which stores subscriber email addresses and sends the study-tip and promotional messages described above on our behalf). Each receives only what it needs to perform its function.
Legal and safety recipients: we may disclose information if required by law, subpoena, or court order, or as reasonably necessary to enforce our Terms of Service, protect our Exam Content and intellectual property, or protect the rights and safety of Certifym, our users, or others.
Business transfers: if Certifym or Certifym Exam Services, LLC is involved in a merger, acquisition, or sale of assets, your information may transfer as part of that transaction; this Policy will continue to apply, and we will notify you of any material change.
5. Data Retention
We keep account and exam-history data while your account is active, since your results history is part of the Service. If you cancel, we retain your account so you can resubscribe without losing history, unless you ask us to delete it. Sample-exam lead information (your email, sample scores, and consent record) is retained until you unsubscribe or request deletion, after which we remove it, keeping only a suppression record of your address so we honor your opt-out. Upon a verified deletion request we delete or de-identify your personal information within 30 days, except data we must keep for legal, tax, accounting, or fraud-prevention purposes (for example, transaction records, which we retain as required by law) and server logs, which are retained on a rolling basis of up to [12] months for security purposes.
6. Security
We protect information with technical and organizational measures including TLS encryption in transit, hashed passwords, least-privilege access to production systems, session and rate-limit controls, and payment handling delegated entirely to a PCI-DSS–compliant processor. No system is perfectly secure; if we learn of a breach affecting your personal information, we will notify you and the relevant authorities as required by applicable law.
7. Your Rights and Choices
Depending on where you live, you may have the right to: access a copy of the personal information we hold about you; correct inaccurate information; delete your information; port your information to another service; object to or restrict certain processing; and withdraw consent where processing is based on consent. You can exercise these rights by emailing privacy@certifym.net from your account email address (or, for sample-exam leads, from the email address you submitted); we will verify the request and respond within the time required by applicable law (generally 30 days, or 45 days under the CCPA). You may also update your email and billing details directly from your account page, cancel your subscription there at any time, and stop marketing email at any time using the unsubscribe link in any message.
For EEA/UK residents (GDPR): you also have the right to lodge a complaint with your local supervisory authority. Our processing is described in Sections 1–2; where we rely on legitimate interests, you may object as described above.
For California residents (CCPA/CPRA): we do not “sell” or “share” personal information as those terms are defined in the CCPA, and we have not done so in the preceding 12 months. You have the rights to know, delete, correct, and non-discrimination described above. You may designate an authorized agent to submit requests on your behalf.
We do not respond to browser “Do Not Track” signals, as no consistent standard exists; we honor Global Privacy Control signals where legally required.
8. International Transfers
We are based in the United States, and the Service is operated from U.S. infrastructure. If you use the Service from outside the U.S., your information will be transferred to and processed in the United States, which may have different data-protection laws than your jurisdiction. Where required, we rely on appropriate safeguards such as standard contractual clauses with our service providers.
9. Children
The Service is intended for adults and requires users to be at least 18 years old (or the age of majority in their jurisdiction). We do not knowingly collect personal information from children under 13 (or under 16 in the EEA/UK), including through the free sample exams. If you believe a child has provided us personal information, contact privacy@certifym.net and we will delete it.
10. Third-Party Links
The Service may link to third-party websites (for example, certification bodies’ official pages). Their privacy practices are their own; this Policy does not apply to them.
11. Changes to This Policy
We may update this Policy from time to time. Material changes will be announced by email or prominent notice on the Service at least 14 days before taking effect, and the effective date above will be updated. Your continued use after the effective date constitutes acceptance.
12. Contact Us
Questions or requests regarding this Policy or your personal information:
Certifym Exam Services, LLC d/b/a Certifym.net
P.O. Box 253
Tunbridge, VT 05077
privacy@certifym.net