Privacy Policy

1. Who We Are

CertyPay (“we”, “us”, “our”) is a product of Certitude. We provide an event payments platform that enables event organisers to sell tickets and collect payments, and enables attendees to purchase tickets. This policy explains how we collect, use, and protect your personal information.

2. What We Collect

We only collect information that is necessary to provide our service. We do not collect data we don’t need. This includes basic contact information, identity documents for verification, bank details for payment settlement, and minimal usage analytics for security and fraud prevention.

We never store payment card details — all card processing is handled by a PCI DSS compliant payment provider.

3. How We Use Your Information

We use your information solely to:

• Provide, maintain, and improve the CertyPay platform
• Process payments and settle funds to organisers
• Send transactional emails (payment confirmations, QR codes, instalment reminders)
• Verify organiser identity for regulatory compliance (KYC)
• Prevent fraud and ensure platform security
• Respond to support requests

4. What We Do NOT Do

We do not sell, rent, trade, or otherwise share your personal data with third parties for their marketing purposes. Ever.

• We do not sell your data
• We do not use your data for advertising
• We do not build profiles for ad targeting
• We do not share your information with data brokers

5. Third-Party Services

We work with trusted service providers to operate the platform, including for authentication, payment processing, identity verification, email delivery, and hosting. These providers process data under their own privacy policies and only as instructed by us to deliver the service.

6. Data Security

We take the security of your data seriously. We implement industry-standard measures including:

• All data transmitted over HTTPS/TLS encryption
• Payment card data handled by a PCI DSS compliant provider — we never see or store card numbers
• Secure authentication and session management
• Access controls ensuring only authorised team members can access data

7. Data Retention

• Active account data is retained for the life of your account
• Deleted organisations are soft-deleted and permanently removed after 90 days
• Payment records are retained for 24 months after the event date for legal and financial compliance, then anonymised
• KYC documents are retained for 12 months after verification, then deleted
• You can request deletion of your account and data at any time by contacting us

8. Your Rights

You have the right to:

• Access — request a copy of the personal data we hold about you
• Correction — ask us to correct inaccurate data
• Deletion — ask us to delete your data (subject to legal retention requirements)
• Portability — receive your data in a portable format
• Objection — object to processing of your data

To exercise any of these rights, contact us at privacy@certypay.com.

9. Cookies

We use only essential cookies required for authentication and session management. We do not use advertising or tracking cookies.

10. Children

CertyPay is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by email or by posting a notice on our platform. Your continued use of CertyPay after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this privacy policy or how we handle your data, please contact us at privacy@certypay.com.