Privacy Policy

1. Information We Collect

We collect information you provide directly, including:

• Account information: full name, email address, phone number, company name
• Build documentation: photos, construction plans, and notes submitted during certification stages
• Payment information: processed by Stripe — we do not store full card numbers
• Communications: messages sent to inspectors or support

We also automatically collect certain usage data, including IP addresses, browser type, pages visited, and device information.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the CERTAFI platform
• Process certification submissions and issue certificates
• Process payments and send billing-related communications
• Respond to support requests and communicate about your account
• Send important service announcements and policy updates
• Detect and prevent fraud and abuse

We do not sell your personal information to third parties. We do not use your build photos or documentation for marketing without your explicit consent.

3. GPS and Location Data

Photos submitted through the CERTAFI app may contain embedded GPS metadata (EXIF data). We extract and store this location data as part of the certification record to verify the build location and provide an auditable documentation trail.

GPS coordinates are stored alongside the associated photos and may be visible to CERTAFI inspectors and company administrators. Location data is not shared publicly on the verification page.

You can submit photos without GPS data, but this may affect the completeness of your certification record. Inspectors may request GPS-tagged photos for certain stages.

4. Photo Storage and Retention

Photos and documents submitted to CERTAFI are stored securely using Supabase Storage. Certified unit records, including all submitted photos, are retained indefinitely to support the permanent verifiability of issued certificates.

If your account is terminated, your submitted build documentation is retained for record-keeping purposes. Certificates issued before termination remain publicly verifiable.

You may request deletion of your personal account data by contacting us at hello@getcertafi.com. Note that deletion of your account does not remove certification records associated with issued certificates.

5. Third Party Services

CERTAFI uses the following third-party services to operate the platform:

• Supabase — Database, authentication, and file storage. Data is stored in US data centers. Privacy policy
• Stripe — Payment processing. Card data is handled entirely by Stripe and never stored on CERTAFI servers. Privacy policy
• Resend — Transactional email delivery for account notifications and certificates. Privacy policy

These services have their own privacy policies and data practices. We encourage you to review them.

6. Data Security

We implement industry-standard security measures to protect your information, including encrypted connections (HTTPS/TLS), secure authentication via Supabase, and role-based access controls that limit data access to authorized users.

No method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. If you suspect unauthorized access to your account, please change your password immediately and contact us.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access — Request a copy of the personal data we hold about you
• Correction — Request correction of inaccurate or incomplete data
• Deletion — Request deletion of your personal account data, subject to retention requirements
• Portability — Request your data in a machine-readable format
• Objection — Object to certain processing of your data

To exercise any of these rights, contact us at hello@getcertafi.com. We will respond within 30 days.

8. Contact

If you have questions about this Privacy Policy or how we handle your data, please contact us at:

hello@getcertafi.com