Privacy Policy

Last updated: February 27, 2026

Summary: CertVeo is committed to protecting your privacy. We only collect information necessary to provide our services and will not share your data with third parties without your permission.

1. Introduction

This Privacy Policy explains how CertVeo ("we", "our", "platform") collects, uses, and protects your personal information when you use our services.

2. Information We Collect

2.1 Registration Information

During account registration, we collect:

  • Name - to identify you
  • Email address - for account verification and communication
  • Password - encrypted for account security
  • OAuth information - if you register via Google

2.2 Organization Information

If you create an organization, we collect:

  • Organization name
  • Organization slug (unique identifier)
  • Organization contact information

2.3 Certificate and Participant Information

During platform usage, we store:

  • Certificate names and references
  • Uploaded certificate templates
  • Participant information (name, IC number, etc.) that you enter
  • Certificate metadata for PDF generation

2.4 Technical Information

We automatically collect:

  • IP address
  • Browser and device type
  • Access time and platform activity
  • System logs for troubleshooting
  • reCAPTCHA tokens for security

3. How We Use Information

We use the collected information to:

  • Service provision - generate certificates, store your data
  • Account verification - verify identity and prevent fraud
  • Communication - send important notifications and updates
  • Service improvement - analyze usage for improvements
  • Security - detect and prevent suspicious activities
  • Legal compliance - comply with legal requirements

4. Information Sharing

4.1 We DO NOT Share Data with Third Parties

CertVeo does not sell, rent, or share your personal information with third parties for marketing purposes.

4.2 Sharing Exceptions

We will only share information in the following situations:

  • Service providers - third parties that help operate the platform (e.g., hosting, email) with confidentiality agreements
  • Legal requirements - if required by court or authorities
  • Your consent - if you provide explicit permission

4.3 Public Certificates

Certificates generated through our platform can be accessed publicly via sharing links. You are responsible for determining whether certificates should be public or private.

5. Data Security

We implement appropriate security measures:

  • Encryption - sensitive data is encrypted using industry-standard protocols
  • Access control - only authorized staff can access data
  • Secure authentication - OAuth and email verification
  • Regular backups - to prevent data loss
  • Monitoring - system is monitored for unauthorized activity

Important Note: While we take appropriate security measures, no system is 100% secure. We encourage you to protect your password and account information.

6. Your Rights

You have the right to:

  • Access - request a copy of your personal data
  • Correction - correct inaccurate information
  • Deletion - request deletion of your account and data
  • Export - export your certificate and participant data
  • Objection - object to data use for certain purposes
  • Portability - obtain data in a portable format

6.1 How to Exercise Your Rights

To exercise your rights, please:

  • Log in to your account and use profile settings
  • Contact us through the support page
  • Email us at admin@certveo.com

7. Cookies and Tracking Technologies

CertVeo uses cookies for:

  • Session cookies - maintain your login
  • CSRF tokens - application security
  • reCAPTCHA - prevent spam and bots

You can disable cookies through browser settings, but this may affect platform functionality.

8. Third-Party Integrations

8.1 Google OAuth

If you log in using Google, we receive basic information (name, email) from Google according to Google's Privacy Policy.

8.2 Canva

If you import templates from Canva, we access the design ID you share. See Canva's Privacy Policy.

8.3 reCAPTCHA Enterprise

We use Google reCAPTCHA Enterprise for security. Google collects data to assess risk. See Google's Privacy Policy.

9. Data Storage and Retention

We store your data as long as your account is active. After account deletion:

  • Personal data will be deleted within 30 days
  • Backups may take up to 90 days to be fully deleted
  • Data required for legal compliance will be retained as necessary

10. Children's Privacy

CertVeo is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have information from a child, please contact us for deletion.

11. International Data Transfers

Your data may be stored on servers located outside Malaysia. We ensure equivalent protection through:

  • Data processing agreements with hosting providers
  • Compliance with international security standards
  • Data encryption during transfer

12. Changes to Privacy Policy

We may update this policy from time to time. Changes will be displayed on this page with a new update date. We will notify you via email for material changes.

13. Contact Us

If you have questions or concerns about your privacy:

Our Commitment: CertVeo is committed to protecting your privacy and personal data. If you have any concerns, please do not hesitate to contact us.

Back to Home Terms and Conditions Support