---

1. Scope and Key Definitions

This Privacy Policy applies to information we process in connection with your access to and use of the Service, including our website, application, and support channels.

Third-Party Services means external websites, software, and services we integrate with or that you choose to connect (for example, Certiport/Pearson VUE systems).

Certiport credentials means the username/password (or equivalent authentication factors) that you provide to enable the Service to authenticate to a Third-Party Service at your request.

---

2. What Information We Collect

We collect information to provide and improve the Service. The types of information we collect include:

• Information you provide directly to us
  • Account information: when you create an account, we collect your name (if provided), email address, and password (stored in hashed form).
  • Certiport credentials: if you choose to connect a Certiport account, you provide the credentials required for the Service to authenticate to Certiport on your behalf, solely to perform actions you initiate.
  • Communications: if you contact us, we collect the content of your message and related contact details.
  • Billing information: if you subscribe to a paid plan, our payment processor processes billing and payment details. We do not store full payment card details on our servers.
• Information we collect automatically
  • Usage data: information about how you use the Service, such as feature usage, job/task status, timestamps, and error codes.
  • Technical data: IP address, browser type, device and operating system information, and similar diagnostic information.
  • Cookies and similar technologies: we may use cookies or similar technologies for authentication, preferences, and security.

What we do not collect from Certiport: The Service is designed not to fetch, ingest, store, or process examinee/candidate personal data (such as candidate name, address, identification numbers, or test scores) from Certiport systems.

---

3. How We Use Your Information

We use information for the following purposes:

• To provide and operate the Service:
  • To create and manage your account and provide access to the Service.
  • To authenticate to Third-Party Services (such as Certiport) using the credentials you provide, and to execute administrative actions you explicitly initiate.
  • To display operational results about actions you initiate (for example, success/ failure status, timestamps, and aggregated counts), while minimizing collection of any Third-Party Service content.
• For security and fraud prevention: to secure the Service, protect accounts, prevent abuse, and diagnose issues.
• To provide support and communicate with you: to respond to requests, send service-related notices, and communicate about changes to the Service.
• To improve the Service: to analyze performance, debug, and develop new features.
• To comply with legal obligations and enforce terms: to comply with law, respond to lawful requests, and enforce our Terms of Service.

---

4. How We Share Your Information

We do not sell, rent, or trade your personal data. We share information only as described below:

• With Third-Party Services at your direction: when you connect a Third-Party Service, we transmit the minimum information necessary to authenticate and perform the actions you request. For example, when you connect Certiport, we use your Certiport credentials to authenticate to Certiport and carry out actions you initiate.
• With service providers: we use third-party vendors to help operate the Service (for example, hosting, email delivery, payment processing, and error monitoring). These vendors are authorized to process data on our behalf only as necessary to provide services to us and are required to protect it.
  
  Certiport credentials: we do not disclose your Certiport credentials to service providers for their own use. We also take measures to prevent credentials from being included in analytics and logs.
• For legal reasons: we may disclose information if we believe disclosure is required by law or necessary to comply with a legal process, protect rights and safety, or investigate abuse.
• Business transfers: if we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will provide notice as required by law.

---

5. Certiport Credential Management and Security

Because Certiport credentials are sensitive, we implement measures designed to reduce risk, including:

• Encryption in transit: we use TLS to protect data transmitted between your device and the Service.
• Encryption at rest (when stored): where credentials must be stored to provide the Service, they are stored in encrypted form.
• Session-limited use: for interactive use, credentials are associated with your authenticated session and are used to execute actions you initiate.
• Background tasks: if you initiate background tasks, we use credentials only as necessary to execute the task and then delete them from the systems used to run the task as part of normal task completion.
• Access controls: access to systems that may handle credentials is restricted to authorized personnel and protected by access controls.
• Log and analytics hygiene: we take steps designed to prevent credentials from appearing in logs, monitoring, and analytics systems.

Your responsibility: you are responsible for maintaining the confidentiality of your Third-Party Service accounts, including Certiport credentials, and for ensuring you have the rights and permissions to allow the Service to access and perform actions on your behalf.

---

6. Data Retention

We retain personal information only as long as necessary to provide the Service and for legitimate business purposes such as security, auditability, and legal compliance.

• Account data: retained while your account is active. If you request deletion, we delete or anonymize your account data within a reasonable timeframe, unless we must retain certain information to comply with legal obligations or to establish, exercise, or defend legal claims.
• Certiport credentials: retained only as needed to provide the Service features you use (for example, during an authenticated session and for the duration of any task you initiate), and then deleted as part of normal operation.
• Operational logs: we may retain security and operational logs for a limited period for debugging, fraud prevention, and security. These logs are designed to exclude credentials.

---

7. Your Rights and Choices

Depending on where you live, you may have rights regarding your personal data, such as access, correction, deletion, objection, restriction, and data portability. You may also have the right to lodge a complaint with a data protection authority.

To exercise rights or make requests, contact us using the details in Section 10.

---

8. International Data Transfers

Your information may be processed in countries other than your country of residence, depending on where we and our service providers operate. Where required by applicable law, we use appropriate safeguards for international transfers.

---

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will post the updated policy and update the Effective Date. If changes are material, we will provide additional notice as required by law.

---

10. Contact Us

If you have questions or requests regarding this Privacy Policy, please contact us:

• By email: support@catc.ly
• By visiting: Contact page