Privacy Policy

Committed to transparency, integrity, and protecting your data

Last Updated: May 30, 2026

Your privacy is very important to us. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website and services. By accessing or using our website, you agree to this Privacy Policy.

1. Information We Collect

We collect only the information necessary to provide our services, process transactions, and improve your experience. This includes:

• Account & Order Information: Your name, email address, billing/shipping address, phone number (if provided), purchased products, and transaction details.

• Payment Details: Payments are securely processed by trusted third-party providers (e.g., PayPal and Paddle). We do not store or have access to your full payment card details.

• Communications: Any information you provide when contacting us, subscribing to newsletters, or submitting feedback.

• Technical Data: Your IP address, browser type, device type, operating system, referring URLs, and time/date of visits. (See Section 6 for details on IP address collection.)

• Analytics & Tracking: We use Google Analytics to understand website usage and measure ad performance. These services may use cookies or similar technologies to collect anonymous site usage data.

2. How We Use Your Data

• To process and deliver your orders

• To provide customer support

• To send service-related communications (order confirmations, updates, etc.)

• To send promotional emails (only if you opt in)

• To analyze website performance and improve services

• To comply with legal obligations

3. Your Rights (GDPR & CCPA)

If you are based in the European Union or California, you have the following rights:

• Right to access and request a copy of your data

• Right to request correction or deletion of your data

• Right to restrict or object to processing

• Right to opt out of data sales (we never sell data)

• Right to data portability (receive your data in a transferable format)

We respond to all requests within 30 days. To exercise your rights, email us at support@clevercertificates.com.

4. Data Security

We use SSL encryption, secure hosting, and access controls to protect your data. While no system is 100% secure, we take every reasonable measure to safeguard your personal information.

5. Cookie Policy & Consent

We use cookies and similar technologies to enhance your experience and analyze website performance. Cookies fall into the following categories:

• Essential Cookies: Required for basic website functionality.

• Marketing Cookies: We do not use marketing or advertising cookies.

• Chat Cookies: Set by our live chat provider (Tawk.to) to enable real-time support and remember your session while you navigate the site.

• Analytics Cookies: Used to measure site usage via Google Analytics.

Non-essential cookies are only placed on your device after you provide explicit consent through our cookie consent banner. You can withdraw consent or adjust preferences at any time in your browser or via the banner.

Browser Storage (localStorage)

To improve your editing experience, our Free Design Editor automatically saves your in-progress certificate design to your browser's local storage (localStorage). This allows you to resume editing later without losing your work, even if you close the tab or navigate away.

The following data may be stored locally on your device:

• Your design state — a snapshot of your certificate canvas (text, layout, colours) stored under a key unique to each template (e.g., cc_draft_[template_id]).
• Editor type — a flag indicating whether you are using the Free Editor or the Full Editor (values: lite or full). This contains no personal information.
• UI preferences — dismissal states for optional on-screen prompts (e.g., whether you have closed a help suggestion). These contain no personal information.

Important points:

• This data is stored entirely on your own device and is not transmitted to our servers unless you proceed to checkout, at which point your design is saved server-side as part of your order.
• Draft data stored in localStorage expires automatically after 7 days.
• You can clear this data at any time by clearing your browser's site data, or by using the "Start Fresh" option within the editor.
• No personal information (name, email, payment details) is stored in localStorage through the editor.

6. IP Address Collection for Security, Verification & Refund Compliance

When you access our Live Demo Editor or open a purchased template in the editor, we automatically log your IP address, browser details, and the date/time of access. This data is collected for the following purposes:

• Security & Abuse Prevention: To monitor suspicious activity and protect our services.

• Performance Monitoring: To ensure stable operation of the Live Demo Editor and troubleshoot technical issues.

• Purchase Verification: To confirm that a template has been accessed after purchase (per our Refund Policy).

• Refund & Dispute Compliance: Payment providers allow refund and dispute claims for up to 180 days. Therefore, IP logs and final generated file evidence may be retained for a limited period, as described in our Data Retention section.

7. Legal Basis for Processing (GDPR)

We process personal data only when we have a valid legal basis under the GDPR, including:

• Contractual Necessity – to fulfill orders and provide requested services.

• Legal Obligation – to comply with tax, accounting, or regulatory requirements.

• Legitimate Interests – to maintain security, prevent fraud, and improve services, provided your rights are not overridden.

• Consent – for non-essential cookies, newsletters, or marketing communications (which you may withdraw at any time).

8. Data Retention

We retain personal data only as long as necessary to fulfill orders, comply with legal obligations, or resolve disputes. For example:

• Order information may be retained for up to 7 years to comply with tax and accounting laws.

• Access logs (including IP addresses) and final generated file evidence are retained for up to 190 days (180 days plus a short buffer) to resolve disputes, prevent fraud, and comply with payment provider policies. After this period, IP logs are either deleted or anonymized (e.g., truncating the last segment: 202.47.32.xxx) to minimize identifiability.

For Academy Subscription holders, we additionally collect records of certificates issued through the Issuer Dashboard, including recipient names, issue dates, and certificate codes. This data is used solely for the purpose of QR code verification, account management, and support. This data is retained for the duration of the subscription plus 30 days, after which it is permanently deleted unless legally required to be kept longer.

Draft design data stored in your browser's local storage is retained for up to 7 days and is automatically deleted thereafter. This data never leaves your device unless you choose to proceed to checkout.

9. Third-Party Services

We use trusted third-party services to operate and improve our website. These providers only receive the minimum information necessary to deliver their services and process your data under their own privacy policies:

• Payments – PayPal and Paddle (secure payment processing; we do not store full payment details).

• Analytics – Google Analytics (site traffic and usage analysis).

• Live Chat Support – Tawk.to (real-time customer support; may collect IP and chat session details).

• Advertising – We promote products via Google Ads and Meta (Facebook). We do not use tracking cookies, remarketing, or advertising pixels on our site.

• Email Marketing – Promotional emails are sent directly via our servers hosted by A2 Hosting. You can unsubscribe at any time.

10. International Data Transfers

We operate globally, which means your information may be transferred to and processed in countries outside of your place of residence.

If you are located in the EEA or UK, this may include transfers to countries that do not provide the same level of protection as your home country. To safeguard your information, we rely on:

• Standard Contractual Clauses approved by the European Commission,

• Adequacy decisions for countries deemed to provide adequate protection, or

• Other lawful safeguards under applicable data protection laws.

By using our services, you acknowledge that your data may be transferred internationally, subject to these protections.

11. Changes to This Policy

This policy may be updated periodically. The “Last Updated” date at the top of this page reflects the latest version. Continued use of our website indicates your acceptance of these changes.

12. Contact Us

If you have questions about this Privacy Policy, data practices, or your rights, please contact us:

• Email: support@clevercertificates.com

• Privacy Contact: privacy@clevercertificates.com

• Mailing Address: Suite # B-5, Building All Blocks, Sun City, Sehba Akhtar Road, Block 13/D-2, Gulshan-e-Iqbal, Karachi, Pakistan.

We are committed to responding to all privacy-related inquiries within 30 days.

13. Analytics & Third-Party Service Providers

We use third-party analytics tools to understand how visitors interact with our website and to improve our services. These tools may collect information such as your IP address, browser type, pages visited, time spent on the site, and referring URLs. Visitor data collected through these services may be shared with and processed by the respective third-party providers under their own privacy policies.

The analytics services we currently use include:

Google Analytics — policies.google.com/privacy
PostHog — posthog.com/privacy

You can opt out of analytics data collection at any time using the Cookie Preferences option in the footer of our website. If you choose to reject analytics cookies, no data will be sent to these third-party providers. PostHog is used for product analytics, session insights, and A/B experimentation to improve the site experience. It is active for all visitors and does not require consent as it is used for functional improvement purposes. Data processed by PostHog is subject to