Privacy Policy

Under UK Data Protection Law, we process your information under the following legal bases:

• Performance of a Contract: We need to process your data (email, certificate dates, uploads) to provide the Corlix Cert service you have subscribed to.
• Consent: For optional marketing communications or cookies, we process data only where you have given explicit consent.
• Legitimate Interests: We may use anonymized aggregated data to improve our platform security and performance.
• Legal Obligation: We may retain financial transaction records to comply with HMRC and tax regulations.

We process your data in accordance with the Data Protection Act 2018 and the UK GDPR. As a user, you have specific rights:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Ask us to correct inaccurate data.
• Right to Erasure ('Right to be Forgotten'): Request that we delete your data (subject to legal obligations).
• Right to Restrict Processing: Ask us to limit how we use your data.
• Right to Data Portability: Ask for your data in a structured, commonly used format.
• Right to Object: Object to certain processing activities.

If you have concerns about how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority.

For additional privacy information and data processing details, see our Data Processing Agreement.

We collect various types of information in connection with the services we provide:

• Account Information: Email address, password, name, organization, and profile details when you sign up.
• Certificate Data: Certificates and related documents you upload to the Service.
• Usage Data: Pages visited, actions taken, device information, browser type, IP addresses, and timestamps.
• Payment Information: Transaction details are processed securely by Stripe; we only retain necessary references.
• Communications: When you contact us, we may collect the content of your messages and attachments.
• Cookies & Similar Technologies: Identifiers used for authentication, analytics, and user preferences.

Like most website operators, Corlix Cert collects non-personally-identifying information such as browser type, language preference, referring site, and the date and time of each visitor request. Corlix Cert's purpose in collecting this information is to better understand how visitors use our website. We may release non-personally-identifying information in the aggregate, e.g., by publishing a report on usage trends.

Corlix Cert also collects potentially personally-identifying information like IP addresses for logged-in users. We only disclose logged-in user IP addresses under the same circumstances that we use and disclose personally-identifying information as described below.

Certain visitors interact with Corlix Cert in ways that require us to gather personally-identifying information. The amount and type of information depends on the nature of the interaction. For example, we ask visitors who sign up for an account to provide a name, email address, and organization. Those who engage in transactions (e.g., purchasing a paid subscription) are asked to provide additional information, including personal and financial details required to process those transactions. Corlix Cert collects such information only as necessary to fulfill the purpose of the visitor's interaction. We do not store credit card details; payment information is sent to Stripe (our payment processor), and we only store necessary references to securely interact with the Stripe API. Corlix Cert does not disclose personally-identifying information other than as described below. Visitors can always refuse to supply personally-identifying information, with the caveat that it may prevent them from engaging in certain website-related activities.

• To provide and improve Corlix Cert services.
• To communicate with you about your account, updates, and new features.
• To secure your account and prevent fraud or unauthorized access.
• To analyze usage patterns and improve user experience.
• To process payments and maintain transaction records.
• To comply with legal obligations and regulations.
• To send occasional product updates (you can opt out via your dashboard).

Corlix Cert may collect statistics about the behavior of visitors to its website and service. For instance, we may anonymously log aggregated statistics of popular certificate types or usage rates. Corlix Cert may display this information publicly or provide it to others, but does not disclose personally-identifying information other than as described below.

• We do not sell your personal information. Your data is never sold to third parties for marketing purposes.
• Service Providers: We may share data with trusted service providers for hosting, analytics, and support (all bound by confidentiality agreements).
• Legal Requirements: We may disclose information if required by law, court order, or government request.
• Business Transfers: In the event of acquisition or merger, your data may be transferred as part of that transaction.
• Protection of Rights: We may disclose information when necessary to protect Corlix Cert and its users from fraud or security threats.

Corlix Cert discloses potentially personally-identifying and personally-identifying information only to those of its employees, contractors, and affiliated organizations that (i) need to know that information to process it on Corlix Cert's behalf or to provide services available at Corlix Cert, and (ii) have agreed not to disclose it to others. Some may be located outside your home country; by using Corlix Cert, you consent to the transfer of such information. Corlix Cert will not rent or sell this information to anyone. Other than to employees, contractors, and affiliated organizations, Corlix Cert discloses information only in response to a subpoena, court order, or other governmental request, or when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of Corlix Cert, third parties, or the public. If you are a registered user and have supplied your email address, Corlix Cert may occasionally send you an email about new features, solicit feedback, or keep you up to date. We primarily use our product blog for updates, so expect minimal email. If you send us a request, we reserve the right to publish it to help clarify or respond, or to support other users. Corlix Cert takes all measures reasonably necessary to protect against unauthorized access, use, alteration, or destruction of information.

If Corlix Cert, or substantially all of its assets, were acquired, or in the unlikely event that Corlix Cert goes out of business or enters bankruptcy, user information would be one of the assets transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of Corlix Cert may continue to use your personal information as set forth in this policy.

Corlix Cert displays third-party ads only to users on the Free plan. If you are on a paid plan (such as Pro or Business), you will not see any ads or ad network code. Ads may be delivered by third-party networks, which may use cookies or similar technologies to personalize content and measure effectiveness. You can manage your ad preferences or opt out of personalized ads as provided by the ad network. Corlix Cert does not sell your personal information to advertisers. For more details, see the privacy policies of our ad partners (links will be provided in the app where relevant).

Corlix Cert does not use third-party retargeting or remarketing cookies on our public website. If this changes, we will update this policy and provide you with options to manage your preferences.

Corlix Cert uses the following third-party integrations and service providers. By using Corlix Cert, you also agree to be bound by their Privacy Policies:

• Stripe (Payments): We use Stripe for secure payment processing. See the Stripe Privacy Policy.
• Supabase (Backend): We use Supabase for secure data storage and authentication. See the Supabase Privacy Policy.
• Google Analytics: We use Google Analytics to analyze website usage and improve user experience. See the Google Privacy Policy.

Each third-party provider is bound by confidentiality obligations and only processes data as necessary to provide their services.

• You can update your account information at any time through your dashboard.
• You may request deletion of your account and associated data by contacting us.
• You can manage cookie preferences in your browser settings.
• You can unsubscribe from marketing emails through the unsubscribe link in each email.
• You can exercise your data rights (access, rectification, erasure, portability) by contacting our Data Protection Officer.

We will only hold data about you for as long as necessary to provide the Corlix Cert service, or as required by law.

Active Accounts: We retain your documents and data for the duration of your subscription.
Cancelled Accounts: If you cancel, you may request immediate deletion of your data. Otherwise, we may retain account details for a grace period (typically 90 days) to allow for reactivation, after which data is permanently anonymized or deleted.
Financial Records: Transaction data is kept for 6 years to comply with UK tax laws.
Backups: Deleted data may persist in backup systems for up to 30 days before permanent removal.

Corlix Cert does not knowingly collect personal information from children under 13. If you believe we have collected such data, please contact us immediately. Our Service is intended for business use and is not directed toward children.

By using Corlix Cert, you consent to the transfer of your personal information to countries outside the United Kingdom. These countries may have data protection laws that differ from those in the UK. Where we transfer data internationally, we implement appropriate safeguards including standard data protection clauses and adequacy decisions.

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make material changes, we will notify users by posting a notice on our website, updating the last updated date, or contacting you directly if required by law.

We encourage you to review this page regularly for any updates. Your continued use of Corlix Cert after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

For the purposes of the Data Protection Act 2018, the Data Controller is Corlix Cert.

If you have any questions, concerns, or wish to exercise your data rights, please contact our Data Protection Officer at:

For additional information on how we process data, see our Data Processing Agreement.