CertReady
Certification Education
Legal

Privacy Policy

How we collect, use, and protect your information.

Effective May 28, 2026 · CertReady is a product of Practical AI Solutions LLC.

Overview

This Privacy Policy explains how Practical AI Solutions LLC, operating as CertReady (“CertReady,” “we,” “our,” or “us”), collects, uses, and protects information when you use certready.organd our certification training services (the “Service”). It applies to all users of the Service, including students, business accounts, and state regulatory reviewers.

We designed CertReady to collect only the information necessary to deliver the course, issue certificates, and meet the legal reporting requirements of state regulatory agencies. We do not sell your personal information.

Information We Collect

Information you provide

  • Account and profile: first name, middle initial, last name, email address, date of birth, phone number, and mailing address (street, city, state, zip).
  • Language preference: English or Spanish.
  • Course responses: answers to quiz and exam questions, time spent on modules, and completion timestamps.
  • Payment information: processed directly by our payment processor (Stripe). We do not store full card numbers or bank account details on our servers.

Information collected during the proctored final exam

State law requires the final exam to be proctored. When you take the proctored final exam, our proctoring vendor collects and analyzes the following during the exam session only:

  • Webcam video and audio from your device
  • Screen activity (tab switching, application switching, full-screen enforcement)
  • A pre-exam facial photograph for identity verification
  • Random snapshot captures during the session
  • Violation flags (e.g., additional persons visible, voices in the room, attempted tab switches)

This data is used solely to confirm exam integrity. It is stored in US data centers by our proctoring vendor, transmitted over TLS-encrypted connections, and encrypted at rest.

Biometric information

The pre-exam facial photograph and webcam imagery described above may be a “biometric identifier” or “biometric information” under laws such as the Illinois Biometric Information Privacy Act (BIPA) and similar laws in other states. We want to be clear about how we handle it:

  • Why we collect it: solely to verify that the person taking the proctored final exam is the enrolled student, because a state regulator requires the exam to be proctored.
  • Consent: we collect it only after you provide informed consent at the start of the exam. You may decline by not starting the proctored exam and contacting us about alternatives.
  • We never sell it: we do not sell, lease, trade, or otherwise profit from your biometric data, and we do not disclose it except to our proctoring vendor (acting under contract to provide the proctoring service) or where required by law.
  • Retention and destruction: we and our proctoring vendor retain biometric data only as long as needed to verify your identity and complete review of the exam session, and then permanently destroy it. In no event do we keep biometric data longer than three (3) years after your last interaction with us. This is separate from your completion record (your name, certificate number, and completion date), which state law requires us to keep for five (5) years; that completion record does not contain biometric data.
  • Protection: biometric data is stored using the same or a higher standard of care than we use for other confidential information, encrypted in transit and at rest.

Information collected automatically

  • Device and browser information: browser type and version, operating system, IP address, and general geographic region.
  • Functional cookies and session tokens: used to keep you signed in and to remember your language preference.
  • Analytics cookies: we use Google Analytics 4, which sets first-party cookies (such as _ga) to help us understand how visitors find and use the Service. See “Cookies, Analytics, and Advertising” below for what this involves and how to opt out.
  • Advertising cookies: we use Google Ads and related Google advertising features (including remarketing and conversion measurement) to promote the Service and measure the effectiveness of our ads. These technologies may set cookies or similar identifiers that let Google show you our ads on other websites and apps. See “Cookies, Analytics, and Advertising” below for how to opt out.

How We Use Your Information

  • Deliver the course and track your progress
  • Verify your identity and monitor the proctored final exam
  • Issue and maintain your certificate of completion
  • Report completions to state regulatory agencies as required by law (for example, South Carolina Code §61-3-120)
  • Respond to your questions, support requests, and account-related notifications
  • Detect and prevent fraud, abuse, and violations of our Terms
  • Comply with our legal obligations

We do not sell your personal information for money. We do use Google Analytics to understand how the Service is used, and we use Google Ads and its remarketing and conversion features to promote the Service and measure our advertising (see “Cookies, Analytics, and Advertising” below). Because these advertising features can involve disclosing online identifiers to Google so that we can reach you with our ads on other sites, they may be treated as “sharing” for “cross-context behavioral advertising” under California and other state privacy laws. You can opt out at any time using the methods described in “Cookies, Analytics, and Advertising” and “Do Not Sell or Share” below.

Cookies, Analytics, and Advertising

We use a small number of cookies and similar technologies:

  • Essential cookies and session tokens keep you signed in and remember your language preference. The Service does not function correctly without them.
  • Analytics cookies (Google Analytics 4): we use Google Analytics to measure traffic and understand how visitors use the Service (for example, which pages are visited and how users arrive). This sets first-party cookies and shares limited usage data, such as a randomized identifier and your IP address, with Google acting as our service provider.
  • Advertising cookies (Google Ads): we use Google Ads, including its remarketing and conversion-tracking features, to show our ads to people who have visited the Service and to measure how well those ads perform. This can involve setting cookies or sharing online identifiers with Google so that our ads can be shown to you on other websites and apps. We do not give Google your name, and we do not authorize Google to use the data we share to build its own profile of you for other advertisers.

You have several ways to control this:

We honor recognized browser opt-out signals (such as Global Privacy Control). When we detect such a signal, we treat it as a request to opt out of the sharing of your information for cross-context behavioral advertising.

Who We Share Information With

We share information only with service providers who help us operate the Service and with government agencies as required by law.

  • Supabase — our database, authentication, and storage provider (US-hosted, encrypted).
  • AutoProctor — our primary online proctoring vendor; OctoProctor is identified as a secondary/backup vendor. Proctoring data is stored in US data centers.
  • Stripe — our payment processor. Payment data is sent directly to Stripe; we retain only a transaction reference.
  • ElevenLabs — text-to-speech service used to generate course audio narration. No user personal information is sent.
  • Google: analytics (Google Analytics 4) and advertising (Google Ads, including remarketing and conversion measurement). For advertising, we may share online identifiers so Google can show our ads to you on other sites and report on their performance. You can opt out as described in “Cookies, Analytics, and Advertising” above.
  • Hosting and content delivery — Vercel (application hosting).
  • State regulatory agencies — certificate completion records are transmitted to the relevant state (e.g., the South Carolina Department of Revenue) as required by law, within the timeframe the agency specifies.
  • Employers you have linked your training to — see “Employer Accounts and Visibility” below for the full list of what an employer sees, the four ways your training can become linked to an employer, and your right to unlink at any time.
  • Law enforcement or regulators — we may disclose information when legally required to do so, such as in response to a valid subpoena, court order, or government investigation.

Employer Accounts and Visibility

CertReady offers business accounts so a restaurant, bar, or other employer can track the certification status of staff who train through us. If your training is linked to an employer’s account, that employer’s authorized administrators can see a limited set of information about your enrollment.

What an employer can see about you

  • Your name and email
  • The course you are enrolled in and your enrollment status (in progress, completed, expired)
  • The date you started and the date you completed the course
  • Your certificate number and expiration date
  • The language you took the course in (English or Spanish)

What an employer cannot see

  • Your date of birth, home address, or phone number
  • Your individual answers to quiz or exam questions
  • Proctoring video, audio, screen recordings, or violation flags
  • Your payment information
  • Any other CertReady courses you take that are not linked to that employer

How your training becomes linked to an employer

An employer link is created in one of four ways, each with an explicit signal from you:

  • You redeem an employer-issued discount code at checkout. If the code belongs to a registered business, your enrollment is automatically linked to that business when payment completes.
  • You enter an employer’s business code on your dashboard. Each registered employer has a short share code (for example, BLUECRAB-A7X3). Entering it on your CertReady dashboard links your training to that employer.
  • You request the link retroactively. If you completed training without using a code, you can later attach your training to an employer through your dashboard.
  • An administrator manually links your training based on information you provided. If you typed an employer name during signup or checkout, a CertReady administrator may link you to that employer’s registered business record.

Each of the four paths is recorded in an internal audit log so we can show, on request, when and how a link was created.

Your control over employer links

  • Right to unlink: You can remove the employer link from your training at any time, on your dashboard, with no questions asked. Your prior employer immediately loses live visibility.
  • Right to switch employers: If you change jobs, you can re-link to a new employer. Your new employer sees your training; your prior employer no longer sees you in their live roster.
  • Audit trail of past links: A prior employer retains a read-only record that you were once linked to them, with the date range of that link. They cannot see anything that changed about your training after the link ended.

Linking to an employer does not transfer ownership of your training to that employer. The certificate is yours and remains yours regardless of which employer you work for now or in the future.

How Long We Keep Information

State law requires us to retain student training records for at least five (5) years from the date of course completion. Proctoring records and certificate records are subject to the same retention period. Payment records are retained as required by tax and accounting laws.

Information that is not subject to a legal retention requirement is kept only for as long as necessary to provide the Service.

Your Rights

Depending on your state of residence, you may have the following rights regarding your personal information. These rights apply to residents of California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with similar laws:

  • Right to know what personal information we have collected about you
  • Right to access a copy of that information
  • Right to correct inaccurate information
  • Right to delete personal information, subject to legal retention exceptions (see below)
  • Right to opt out of the sale or sharing of personal information for cross-context behavioral advertising (see “Do Not Sell or Share” below for how)
  • Right to non-discrimination for exercising your privacy rights
  • Right to limit the use of sensitive personal information

To exercise any of these rights, email us at info@certready.org. We will verify your identity and respond within the timeframe required by applicable law (generally 30–45 days).

Legal retention exception:We cannot delete certificate completion records that state law requires us to keep (for example, the 5-year retention requirement under SC Code §61-3-120). If you request deletion, we will delete information that is not subject to this requirement and explain what we must keep.

Do Not Sell or Share

We do not sell your personal information for money. However, our use of Google Ads remarketing and similar advertising features can involve disclosing online identifiers (such as cookie IDs or device identifiers) to Google so that we can show you our ads on other sites. Under California law (CCPA/CPRA) and similar laws in other states, this may be considered “sharing” for “cross-context behavioral advertising.” We do not knowingly share the personal information of anyone under 16 for this purpose.

You can opt out of this sharing at any time, and we will not discriminate against you for doing so. To opt out:

  • Turn on Global Privacy Control (GPC) in a supported browser or extension. We treat a GPC signal as a request to opt out of sharing for cross-context behavioral advertising.
  • Adjust Google’s personalized-advertising controls at adssettings.google.com.
  • Email us at info@certready.org with the subject line “Do Not Sell or Share” and we will process your request.

Security

  • Data transmitted to and from the Service is encrypted with TLS 1.2 or higher.
  • Data stored in our database is encrypted at rest (AES-256).
  • Access to production data is limited to a small number of authorized personnel.
  • Passwords are never stored in plaintext.

No system is perfectly secure. If a data breach affects your information, we will notify you in accordance with applicable state and federal breach-notification laws.

Children

CertReady is intended for adults aged 18 or older. We do not knowingly collect personal information from children under 13, and accounts must affirm age 18+ at signup. If you believe a minor has submitted information to the Service, please contact us and we will delete it.

International Users

CertReady is operated in the United States and is designed for students training in US jurisdictions. If you access the Service from outside the United States, your information will be transferred to and processed in the United States.

Dispute Resolution

Any dispute relating to this Privacy Policy or to our handling of your information is subject to the informal-resolution, binding-arbitration, class-action-waiver, and governing-law provisions in our Terms of Service.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the Effective Date at the top of this page and, for material changes, we will notify users by email or by a notice on the Service.

Contact Us

Questions, requests, or complaints about this Privacy Policy or our data practices:

Practical AI Solutions LLC (operating as CertReady)
Email: info@certready.org
Website: certready.org

See also our Terms of Service.