Last updated: March 25, 2026

Privacy Policy

Contents

1. Information We Collect
2. How We Use Your Information
3. GPS and Location Data
4. Photo Storage and Retention
5. Third Party Services
6. Data Security
7. Your Data Is Not For Sale
8. Your Rights
9. Contact

1. Information We Collect

We collect information you provide directly, including:

Account information: full name, email address, phone number, company name
Build documentation: photos, construction plans, and notes submitted during certification stages
Payment information: processed by Stripe — we do not store full card numbers
Communications: messages sent to inspectors or support

We also automatically collect certain usage data, including IP addresses, browser type, pages visited, and device information.

2. How We Use Your Information

We use the information we collect to:

Provide, operate, and improve the CERTAFI platform
Process certification submissions and issue certificates
Process payments and send billing-related communications
Respond to support requests and communicate about your account
Send important service announcements and policy updates
Detect and prevent fraud and abuse

We do not sell your personal information to third parties. We do not use your build photos or documentation for marketing without your explicit consent.

3. GPS and Location Data

Photos submitted through the CERTAFI platform may contain embedded GPS metadata (EXIF data). We extract and store this location data as part of the certification record to verify the build location and provide an auditable documentation trail.

GPS coordinates are stored alongside the associated photos and may be visible to CERTAFI inspectors and company administrators. Location data is not shared publicly on the verification page.

You can submit photos without GPS data, but this may affect the completeness of your certification record. Inspectors may request GPS-tagged photos for certain stages.

4. Photo Storage and Retention

Photos and documents submitted to CERTAFI are stored securely using Supabase Storage. Certified unit records, including all submitted photos, are retained indefinitely to support the permanent verifiability of issued certificates.

If your account is terminated, your submitted build documentation is retained for record-keeping purposes. Certificates issued before termination remain publicly verifiable.

You may request deletion of your personal account data by contacting us at support@getcertafi.com. Note that deletion of your account does not remove certification records associated with issued certificates.

5. Third Party Services

CERTAFI uses the following third-party services to operate the platform:

Supabase — Database, authentication, and file storage (including photos and videos). Data is stored in US data centers. Privacy policy
Stripe — Payment processing. Card data is handled entirely by Stripe; we do not store full card numbers on CERTAFI servers. Privacy policy
Resend — Transactional email (e.g. account messages, stage approvals, certificate notifications). Privacy policy
Anthropic — Powers ANNA (in-app building assistant) and the public website assistant; chat messages are sent to Anthropic's API to generate replies. Privacy policy
Sentry — Error and performance monitoring; may receive technical diagnostics and limited context when issues occur. Privacy policy

These services have their own privacy policies and data practices. We encourage you to review them. For more on how we use these relationships and our commitment not to sell your data, see Section 7.

6. Data Security

We implement industry-standard security measures to protect your information, including encrypted connections (HTTPS/TLS), secure authentication via Supabase, and role-based access controls that limit data access to authorized users.

No method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. If you suspect unauthorized access to your account, please change your password immediately and contact us.

7. Your Data Is Not For Sale

CERTAFI does not sell, rent, or trade your personal information to third parties for money or other consideration. Your data is collected and used to operate the certification platform and related services — not for unrelated marketing by us or data brokers.

We do share limited information with trusted service providers ("processors") that help us run CERTAFI. They act on our instructions and are not allowed to use your information for their own marketing. We share only what is reasonably necessary for each service:

Stripe — Processes payments. When you pay, Stripe may collect and retain information such as name, email, phone, and billing details under their privacy policy. We do not store your full credit card details on our systems. Stripe is PCI-DSS compliant.
Supabase — Hosts authentication, application data, and file storage (including photos, videos, and certification records) on our behalf, with access controlled by our product and policies.
Resend — Delivers transactional emails such as stage approvals, certificate issuance, and account-related notices. Message content may include information needed to identify your account or unit.
Anthropic — Powers ANNA (signed-in building assistant) and the public website assistant. Text you send in those chats is transmitted to Anthropic's API to produce responses. Do not include passwords, full payment card numbers, or other highly sensitive data in chat messages.
Sentry — Receives error reports and related technical data (e.g. stack traces, URLs, device or browser metadata) to help us diagnose and fix issues. We configure Sentry to minimize personal data where feasible.

None of these partners may use your personal information for their own advertising or marketing unrelated to providing the service to CERTAFI. If you have questions about how your data is handled, contact us at support@getcertafi.com.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access — Request a copy of the personal data we hold about you
Correction — Request correction of inaccurate or incomplete data
Deletion — Request deletion of your personal account data, subject to retention requirements
Portability — Request your data in a machine-readable format
Objection — Object to certain processing of your data

To exercise any of these rights, contact us at support@getcertafi.com. We will respond within 30 days.

9. Contact

If you have questions about this Privacy Policy or how we handle your data, please contact us at:

support@getcertafi.com