OnChainCert OnChainCert
Sign inGet Started →

Privacy Policy

Last updated: December 2, 2024

1. Introduction

OnChainCert ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our blockchain certificate verification service.

We comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

2. Data Controller

OnChainCert acts as the data controller for personal data collected through our Service. For any privacy-related inquiries, contact us at:

Email: support@onchaincert.org

3. Information We Collect

3.1 Information You Provide

  • Account Information: Name, email address, password (hashed)
  • Certificate Data: Recipient names, certificate titles, issuer information, and other metadata you include in certificates
  • Payment Information: Billing details processed securely through our payment provider (Polar)
  • Communications: Messages you send to our support team

3.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent on the Service
  • Device Information: Browser type, operating system, device identifiers
  • Log Data: IP address, access times, referring URLs
  • Cookies: Session cookies for authentication and analytics cookies (with consent)

4. How We Use Your Information

We use your information for the following purposes:

  • Service Delivery: To provide, maintain, and improve our certificate verification service
  • Account Management: To create and manage your account, process payments
  • Communication: To send service-related notifications, respond to inquiries
  • Security: To detect, prevent, and address fraud, abuse, and technical issues
  • Analytics: To understand how users interact with our Service and improve user experience
  • Legal Compliance: To comply with applicable laws and regulations

5. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our Service to you
  • Legitimate Interests: For security, fraud prevention, and service improvement
  • Consent: For marketing communications and analytics cookies
  • Legal Obligation: To comply with applicable laws

6. Blockchain Data

Important: Certificate data recorded on the Polygon blockchain is permanent and publicly accessible. This includes certificate IDs, hashes, and metadata. Due to the immutable nature of blockchain technology, this data cannot be modified or deleted. We recommend minimizing personal data in certificate metadata.

Public blockchain data includes:

  • Certificate ID (unique identifier)
  • Certificate hash (cryptographic proof)
  • Timestamp of issuance
  • Metadata (recipient name, certificate title, issuer - as provided by you)

7. Data Sharing

We may share your information with:

  • Service Providers: Third parties that help us operate our Service (hosting, payment processing, analytics)
  • Blockchain Network: Certificate data is recorded on the public Polygon blockchain
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

We do not sell your personal data to third parties.

8. International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data processing agreements with our service providers
  • Compliance with Privacy Shield principles where applicable

9. Data Retention

We retain your personal data for as long as necessary to:

  • Provide our Service and maintain your account
  • Comply with legal obligations
  • Resolve disputes and enforce agreements

Account data is retained until you request deletion. Blockchain records are permanent and cannot be deleted.

10. Your Rights

Depending on your location, you may have the following rights:

GDPR Rights (EU/EEA)

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request limitation of processing
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time

CCPA Rights (California)

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale (we do not sell data)
  • Right to non-discrimination

To exercise your rights, contact us at support@onchaincert.org. We will respond within 30 days.

11. Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of data in transit (TLS) and at rest
  • Secure authentication and access controls
  • Regular security assessments and monitoring
  • Employee training on data protection

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

12. Cookies

We use the following types of cookies:

  • Essential Cookies: Required for authentication and basic functionality
  • Analytics Cookies: Help us understand how users interact with our Service (Google Analytics via GTM)

You can manage cookie preferences through your browser settings.

13. Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the Service. Your continued use of the Service after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: support@onchaincert.org

General: support@onchaincert.org

For EU residents, you have the right to lodge a complaint with your local supervisory authority if you believe your data protection rights have been violated.