CertiAce
Exam Practice
About
Pricing

Privacy Policy

Last updated: December 12, 2025

Contents

This Privacy Policy explains how CertiAce Oy collects, uses, stores, and protects your personal data when you use the CertiAce platform. We follow the General Data Protection Regulation of the European Union and applicable Finnish privacy laws.

1. Who We Are

CertiAce Oy is the controller of your personal data.

Legal name: CertiAce Oy
Business ID: 3558563-5

If you have questions about this Privacy Policy, contact us at support@certiace.com.

2. Personal Data We Collect

We collect information directly from you when you create an account, from your use of the Service, and from our payment partner Stripe when you complete a purchase.

Account Information

  • Email address
  • Date of account creation
  • Sign-in activity
  • Encrypted passwords

Payment and Billing Information

Your payments are processed through Stripe. We do not store full credit card numbers or bank details. We may receive the following information from Stripe:

  • Payment confirmations and status
  • Billing country
  • Partial payment method details
  • VAT information and tax rate based on your location
  • Subscription status, renewal dates, and payment failures

Service Usage Information

  • Login records and session activity
  • Modules and questions used
  • Scores, progress, and usage logs
  • IP address
  • Device, operating system, and browser details
  • Signals used to detect misuse such as account sharing or automated behaviour

Communication

If you contact support, we collect your message and our replies.

3. How We Use Your Data

We use your personal data for the following purposes.

To Provide the Service

  • Create and manage your account
  • Provide access to paid content
  • Save your learning progress
  • Manage subscription status

To Process Payments

  • Handle payments through Stripe
  • Apply VAT and location based taxes
  • Send receipts and purchase confirmations
  • Maintain accounting records as required by law

To Improve the Service

  • Diagnose technical issues
  • Analyse usage patterns and feature performance
  • Improve reliability, content quality, and platform operations
  • Detect and prevent misuse such as account sharing or scraping

To Communicate with You

  • Send important notices such as subscription changes or payment issues
  • Send transactional emails such as payment confirmations

We do not send marketing emails unless you separately agree.

5. Data Retention

We keep data only as long as needed.

Account Data

Kept as long as your account is active. If you request deletion, we delete or anonymize your data unless we must keep specific information for legal reasons.

Payment and Tax Data

Kept for the period required by Finnish accounting and tax law. These records cannot be deleted even after account deletion.

Technical and Usage Logs

Kept for a limited period for diagnostics, improvement, and security.

6. Sharing Your Data

We share your data only when necessary and only with trusted partners.

Stripe

We share payment and billing information with Stripe for secure payment processing.

Service Providers

We use trusted hosting providers, email delivery services, and analytics tools to operate the platform. These providers process data only according to our instructions and cannot use it for their own purposes.

Legal Requirements

We may share data if required by law or a valid legal request.

We do not sell personal data.

7. International Transfers

Some service providers process data outside the European Union. When this happens, we ensure appropriate safeguards such as standard contractual clauses. These transfers may involve servers located in the United States or other countries.

8. Your Rights

You have the following rights under EU law:

  • Access your data
  • Correct inaccurate data
  • Delete your data
  • Restrict or object to processing
  • Receive your data in a portable format
  • Withdraw consent for optional processing

We may need to verify your identity before processing certain requests.

You also have the right to lodge a complaint with a data protection authority. In Finland, this is the Office of the Data Protection Ombudsman.

9. Cookies and Tracking

We use only essential cookies needed to operate the Service, such as those required for login and security. We do not use third party advertising cookies or tools that track you across other websites.

If we introduce optional analytics cookies in the future, we will request your consent.

10. Children

The Service is intended for individuals at least 18 years old. We do not knowingly collect data from minors. If we learn that we have collected information from a minor, we delete it.

11. Data Security

We use technical and organizational measures to protect your data, including:

  • Encryption of passwords
  • Access controls
  • Secure hosting
  • Limited internal access

12. Changes to This Policy

We may update this Policy from time to time. If we make a significant change, we will notify you by email or through the Service.

13. Contact

CertiAce Oy
Business ID: 3558563-5
Email: support@certiace.com

CertiAceAboutTerms of ServicePrivacy PolicySign up