Privacy Policy

1. Introduction

KeepCert (“KeepCert,” “we,” “us,” or “our”) provides a compliance, documents, and projects platform for trade companies and general contractors. This Privacy Policy describes how we collect, use, disclose, and protect information when you use our website and services (collectively, the “Services”).

By using the Services, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Services.

2. Information we collect

Account information. When you create an account, we collect your name, email address, company name, phone number, role, and password credentials.

Customer content. The Services allow you to upload documents, photos, certifications, schedules, and other business records. We process this content on your behalf.

Billing information. If you purchase a paid plan, our payment processor (Stripe) collects and processes your payment details. We do not store full card numbers.

Usage and device information. We automatically collect technical information such as IP address, browser type, device identifiers, operating system, referring pages, and session timestamps.

Communications. If you contact us directly, we keep a record of your messages for support and record-keeping.

3. How we use information

We use the information we collect to provide, maintain, and improve the Services; authenticate users; process payments; send transactional notifications; respond to support requests; prevent fraud and abuse; and comply with legal obligations.

We may use aggregated or de-identified information for analytics and product development. Aggregated information cannot reasonably be used to identify you.

4. SMS messaging and mobile data

KeepCert offers SMS notifications for compliance alerts, credential expirations, project updates, payment notifications, and other transactional purposes. SMS notifications are opt-in only : we collect and process your mobile phone number only after you affirmatively consent to receive SMS messages from KeepCert.

Mobile information will not be shared with third parties or affiliates for marketing or promotional purposes. This excludes text messaging opt-in data and consent, which will not be shared with any third parties.

Your phone number and SMS opt-in consent are stored securely and used solely to deliver SMS notifications you have opted into. Message and data rates may apply. Message frequency varies based on your account activity and notification preferences.

You may revoke SMS consent at any time by replying STOP to any message or by updating your notification preferences within the Services. Revoking SMS consent does not affect other communications (email, in-app notifications) you receive from KeepCert.

5. How we share information

Service providers. We share information with vendors that help us operate the Services, including Supabase (database and authentication), Stripe (payments), Resend (transactional email), Twilio (SMS), and Vercel (hosting). These providers are contractually obligated to protect your information.

Within your organization. Content you upload and actions you take within the Services may be visible to other users in your company account, subject to role-based permissions.

Legal compliance. We may disclose information to comply with legal obligations, enforce our terms, protect the rights and safety of our users, or respond to lawful requests from public authorities.

Business transfers. If KeepCert is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

We do not sell your personal information to third parties.

6. Data retention

We retain account and customer content for as long as your account is active and for a reasonable period after cancellation for backup, legal, and compliance purposes. You may request deletion of your account and content by contacting us.

7. Security

We use industry-standard security measures including encryption in transit, encryption at rest, access controls, and regular security reviews. No method of transmission or storage is perfectly secure. You are responsible for safeguarding your account credentials.

8. Your rights and choices

Depending on where you live, you may have the right to access, correct, delete, or port your personal information, and to object to or restrict certain processing. You may exercise these rights by contacting us at support@keepcert.net.

You can update your account information at any time in the Services and can opt out of non-essential communications via the unsubscribe link in our emails.

9. Children's privacy

The Services are not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. International users

The Services are operated in the United States. If you access the Services from outside the United States, you understand that your information will be transferred to and processed in the United States, which may have data protection laws that differ from those of your country.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the effective date and, where appropriate, by providing additional notice through the Services or by email.

12. Contact us

Questions about this Privacy Policy or our privacy practices can be sent to support@keepcert.net.