Privacy Policy

Last updated: February 7, 2026

1. Introduction

Certico ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our Digital Product Passport platform.

We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Information We Collect

Account Information

• Name and email address
• Company/brand name
• Password (encrypted)
• Billing information (for paid plans)

Product Data

• Product names, descriptions, and images
• Material compositions
• Supply chain information (mills, facilities, locations)
• Environmental data (carbon footprint, water usage)
• Certifications

Usage Data

• Log data (IP address, browser type, pages visited)
• Passport scan analytics (when, where, how often)
• Feature usage patterns

Supplier Portal Data

• Facility information and location
• Sustainability metrics
• Certifications and compliance data

3. How We Use Your Information

Purpose	Legal Basis
Provide and maintain the Service	Contract performance
Process payments	Contract performance
Send service-related communications	Legitimate interest
Improve our Service	Legitimate interest
Provide analytics and insights	Contract performance
Ensure security and prevent fraud	Legitimate interest
Comply with legal obligations	Legal obligation

4. Data Sharing

We do not sell your personal data. We may share data with:

Service Providers

• Cloud hosting providers (for data storage)
• Payment processors (for billing)
• Email service providers (for communications)
• Analytics tools (for usage insights)

Public Passport Data

When you create a Digital Product Passport, certain information is intentionally made public to consumers who scan the QR code. This includes product details, materials, and supply chain information you choose to include.

Legal Requirements

We may disclose data if required by law, court order, or government request.

5. Data Security

We implement industry-standard security measures:

• Encryption in transit (TLS/SSL)
• Encryption at rest for sensitive data
• Regular security audits
• Access controls and authentication
• Secure cloud infrastructure

While we strive to protect your data, no method of transmission over the Internet is 100% secure.

6. Data Retention

• Active accounts: Data retained while account is active
• Deleted accounts: Data deleted within 30 days, except where required for legal purposes
• Published passports: Remain accessible until deleted by account holder
• Analytics data: Aggregated and anonymized after 24 months

7. Your Rights (GDPR)

If you are in the EU/EEA, you have the right to:

• Access — Request a copy of your personal data
• Rectification — Correct inaccurate data
• Erasure — Request deletion of your data ("right to be forgotten")
• Portability — Receive your data in a machine-readable format
• Restriction — Limit how we process your data
• Object — Object to processing based on legitimate interests
• Withdraw consent — Where processing is based on consent

To exercise these rights, contact us at hello@certico.io. We will respond within 30 days.

8. Cookies

We use cookies and similar technologies for:

• Essential cookies: Required for the Service to function (authentication, security)
• Analytics cookies: Help us understand how users interact with our Service

You can control cookies through your browser settings. Disabling essential cookies may affect Service functionality.

9. International Transfers

Your data may be processed in countries outside your residence. We ensure appropriate safeguards are in place, including Standard Contractual Clauses for transfers outside the EU/EEA.

10. Children's Privacy

Our Service is not directed to individuals under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or through the Service. The "Last updated" date at the top indicates when the policy was last revised.

12. Contact Us

For privacy-related questions or to exercise your rights:

• Email: hello@certico.io

13. Data Controller

Certico is the data controller for personal data collected through the Service.