Privacy Policy

CertArch is operated by Arcan Dinç ("we", "us", "our"). Our platform is available at certarch.com. For any privacy-related queries, contact us at contact@certarch.com.

We are committed to protecting your personal data and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We collect the following categories of personal data:

• Account data: your name and email address when you register
• Business data: company name, industry, employee count, departments, processes, sites, and other information you enter during onboarding
• Quiz responses: your answers to the ISO 9001 readiness quiz and your readiness score
• Usage data: pages visited, features used, documents generated, and platform interactions
• Payment data: payments are processed entirely by Stripe — we do not store your card details
• Communications: any messages you send us by email

• To create and manage your CertArch account
• To generate your gap analysis, implementation roadmap, and QMS documents using your business data
• To process your payment via Stripe
• To send transactional emails such as account verification and payment confirmation
• To respond to your support enquiries
• To improve and develop the platform based on usage patterns
• We do not sell your personal data to third parties
• We do not use your data for advertising purposes

• Contract performance: processing necessary to provide the service you signed up for
• Legitimate interests: improving the platform, preventing fraud, and ensuring security
• Legal obligation: retaining financial records as required by law
• Consent: where you have explicitly agreed, such as receiving marketing emails

We share your data only with the following trusted third-party services that are necessary to operate the platform:

• Supabase — database and authentication provider. Data stored within the EU.
• Anthropic — AI provider used to generate gap analysis, roadmap, and documents. Your business data is included in prompts sent to Anthropic's API.
• Stripe — payment processing. Subject to Stripe's own privacy policy.
• Vercel — platform hosting. Data may be processed in the USA under standard contractual clauses.

We do not share your data with any other third parties without your explicit consent.

• Account and business data is retained while your account is active
• Following an account deletion request, personal data is deleted within 30 days
• Payment records are retained for 7 years to comply with UK tax and accounting obligations
• You may request deletion of your data at any time by emailing contact@certarch.com

You have the following rights regarding your personal data:

• Right of access: request a copy of the data we hold about you
• Right to rectification: request correction of inaccurate data
• Right to erasure: request deletion of your data
• Right to object: object to certain types of processing
• Right to data portability: receive your data in a machine-readable format
• Right to withdraw consent: where processing is based on consent

To exercise any of these rights, contact us at contact@certarch.com. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

We use essential cookies only. These are strictly necessary for the platform to function and include:

• Authentication cookies to keep you logged in
• Session cookies to maintain your platform state

We do not use advertising cookies, tracking cookies, or any third-party analytics cookies. You can control cookies through your browser settings, however disabling essential cookies will prevent the platform from functioning correctly.

We take the security of your data seriously and implement the following measures:

• All data is transmitted over encrypted HTTPS connections
• Passwords are hashed and never stored in plain text
• Database access is protected by row-level security
• Access to production systems is strictly limited

However, no system is completely secure. We cannot guarantee the absolute security of your data and encourage you to use a strong, unique password for your account.

We may update this Privacy Policy from time to time. We will notify you of any significant changes by email. The date at the top of this page indicates when it was last updated. Continued use of the platform after changes are posted constitutes your acceptance of the updated policy.

For any questions or concerns about this Privacy Policy or how we handle your data, please contact us at contact@certarch.com.