Certi Logo

Privacy Policy

Last updated: 21 October 2025

This Privacy Policy explains how Certi (“we”, “us” or “our”) collects, uses, and protects your personal data when you use our mobile app, website, and NFC tag verification services. We process personal data in accordance with the UK GDPR and the Data Protection Act 2018.

Who we are

Data Controller: Certi (sole trader). We are based in the United Kingdom. For any privacy queries, please contact support@certiauth.co.uk.

What data we collect

  • Account data: name, email, username and authentication identifiers when you create or sign in to an account.
  • Tag & item data: NFC tag IDs and related item metadata that you scan or add to your Certi wardrobe.
  • Usage data: app events, device type, OS version, and interactions (e.g. scans, item views), used to improve performance and detect abuse.
  • Support data: information you share when contacting us (e.g. screenshots, tag IDs).

How we use your data (lawful bases)

  • Provide and improve the service (Art. 6(1)(b) contract & 6(1)(f) legitimate interests): account management, tag verification, wardrobe features, and app functionality.
  • Security and fraud prevention (6(1)(f) legitimate interests): detect misuse, protect users and platform integrity.
  • Support (6(1)(b) contract & 6(1)(f) legitimate interests): respond to enquiries and fix issues.
  • Legal compliance (6(1)(c)): comply with applicable laws and requests from authorities.

Sharing your data

We may share data with infrastructure and analytics providers who help us operate the service (e.g., hosting, authentication, analytics). These partners only process data on our instructions and under appropriate safeguards. We do not sell your personal data.

International transfers

If we transfer personal data outside the UK, we use appropriate safeguards (such as UK IDTA / EU SCCs where applicable).

Retention

We keep personal data only as long as necessary for the purposes described above. When no longer needed, data is securely deleted or anonymised.

Your rights

  • Access, rectify, or erase your personal data.
  • Restrict or object to certain processing.
  • Data portability.
  • Withdraw consent where processing relies on consent (without affecting prior lawful processing).
  • Complain to the ICO (Information Commissioner’s Office) if you have concerns.

To exercise your rights, contact support@certiauth.co.uk. We may need to verify your identity before responding.

Children

Certi is not intended for children under 13. If you believe a child has provided personal data, please contact us and we will take appropriate steps.

Changes to this policy

We may update this policy to reflect changes to our practices or legal requirements. We will post the updated version here and revise the “Last updated” date.

Contact

Questions about this policy? Email support@certiauth.co.uk.