CertSentry — Compliance Reminders for UK Businesses

Under UK Data Protection Law, we process your information under the following legal bases:

Performance of a Contract: We need to process your data (email, certificate dates, uploads) to provide the CertSentry service you have subscribed to.
Consent: For optional marketing communications or cookies, we process data only where you have given explicit consent.
Legitimate Interests: We may use anonymized aggregated data to improve our platform security and performance.
Legal Obligation: We may retain financial transaction records to comply with HMRC and tax regulations.

Like most website operators, CertSentry collects non-personally-identifying information such as browser type, language preference, referring site, and the date and time of each visitor request. CertSentry’s purpose in collecting this information is to better understand how visitors use our website. We may release non-personally-identifying information in the aggregate, e.g., by publishing a report on usage trends.

CertSentry also collects potentially personally-identifying information like IP addresses for logged-in users. We only disclose logged-in user IP addresses under the same circumstances that we use and disclose personally-identifying information as described below.

Certain visitors interact with CertSentry in ways that require us to gather personally-identifying information. The amount and type of information depends on the nature of the interaction. For example, we ask visitors who sign up for an account to provide a name, email address, and organization. Those who engage in transactions (e.g., purchasing a paid subscription) are asked to provide additional information, including personal and financial details required to process those transactions. CertSentry collects such information only as necessary to fulfill the purpose of the visitor’s interaction. We do not store credit card details; payment information is sent to Stripe (our payment processor), and we only store necessary references to securely interact with the Stripe API. CertSentry does not disclose personally-identifying information other than as described below. Visitors can always refuse to supply personally-identifying information, with the caveat that it may prevent them from engaging in certain website-related activities.

CertSentry discloses potentially personally-identifying and personally-identifying information only to those of its employees, contractors, and affiliated organizations that (i) need to know that information to process it on CertSentry’s behalf or to provide services available at CertSentry, and (ii) have agreed not to disclose it to others. Some may be located outside your home country; by using CertSentry, you consent to the transfer of such information. CertSentry will not rent or sell this information to anyone. Other than to employees, contractors, and affiliated organizations, CertSentry discloses information only in response to a subpoena, court order, or other governmental request, or when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of CertSentry, third parties, or the public. If you are a registered user and have supplied your email address, CertSentry may occasionally send you an email about new features, solicit feedback, or keep you up to date. We primarily use our product blog for updates, so expect minimal email. If you send us a request, we reserve the right to publish it to help clarify or respond, or to support other users. CertSentry takes all measures reasonably necessary to protect against unauthorized access, use, alteration, or destruction of information.

CertSentry displays third-party ads only to users on the Free plan. If you are on a paid plan (such as Pro or Business), you will not see any ads or ad network code. Ads may be delivered by third-party networks, which may use cookies or similar technologies to personalize content and measure effectiveness. You can manage your ad preferences or opt out of personalized ads as provided by the ad network. CertSentry does not sell your personal information to advertisers. For more details, see the privacy policies of our ad partners (links will be provided in the app where relevant).

CertSentry makes use of the following third-party integrations / APIs. By using CertSentry, you also agree to be bound by the following Privacy Policies:

Stripe (Payments): We use Stripe for secure payment processing. See the Stripe Privacy Policy.
Supabase (Backend): We use Supabase for secure data storage and authentication. See the Supabase Privacy Policy.
Google Analytics: We use Google Analytics to analyze website usage and improve user experience. See the Google Privacy Policy.

We will only hold data about you for as long as necessary to provide the CertSentry service, or as required by law.

Active Accounts: We retain your documents and data for the duration of your subscription.
Cancelled Accounts: If you cancel, you may request immediate deletion of your data. Otherwise, we may retain account details for a grace period (typically 90 days) to allow for reactivation, after which data is permanently anonymized or deleted.
Financial Records: Transaction data is kept for 6 years to comply with UK tax laws.

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make material changes, we will notify users by posting a notice on our website, updating the effective date, or contacting you directly if required by law.

We encourage you to review this page regularly for any updates. Your continued use of CertSentry after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

Effective as of December 25, 2025.