Privacy Policy — Certaze

Effective20 June 2026

Last updated20 June 2026

Version1.1

JurisdictionIndia · DPDPA 2023

01Who We Are

Certaze Technologies ("Certaze", "we", "us") operates the certification exam preparation platform at certaze.in. We are the Data Fiduciary responsible for your personal data under the Digital Personal Data Protection Act, 2023 (India).

Contact our Data Fiduciary at: admin@certaze.in

In plain terms: We collect only what we need to run the Service. We do not sell your data. We do not share it with advertisers. You can request deletion at any time.

02Data We Collect

We collect the following categories of personal data, with your knowledge and consent at account creation:

Category	Data collected	Why
Account data	Email address, display name, password (hashed via Firebase)	Authentication and account management
Usage data	Questions answered, scores, session history, domain performance, study streak	AI readiness prediction, personalised coaching
Device data	Browser type, device type, IP address	Security, rate limiting, abuse prevention
Payment data	Transaction ID, plan purchased, payment status	Subscription management. Card details processed by Razorpay — never stored by us.

Study data is stored primarily in your browser's localStorage. If you enable cloud sync, a copy is stored in our Firestore database.

03How We Use Your Data

We use your data only to:

Provide and operate the Certaze exam preparation service
Authenticate you and maintain your account security
Generate personalised AI questions, feedback, and pass predictions
Calculate and display your study analytics and readiness score
Process subscription payments and manage your plan status
Send transactional emails — no marketing emails without separate consent
Detect and prevent fraudulent activity and abuse
Improve question quality using aggregated, anonymised data only

We do not use your data to train AI models. Your questions and answers are processed in real time by the Anthropic API and not retained by Anthropic for training under our agreement.

04Third-Party Services

We use the following third-party processors to operate Certaze:

Service	Purpose	Data shared	Policy
Google Firebase (USA)	Authentication, database, hosting	Email, usage stats, device info	firebase.google.com
Anthropic (USA)	AI question generation (Claude API)	Session prompts — not linked to your identity	anthropic.com
Razorpay (India)	Payment processing	Name, email, amount. Cards handled by Razorpay only.	razorpay.com
Vercel (USA)	Frontend hosting	IP address, request logs	vercel.com
Render (USA)	Backend API hosting	API request logs, IP address	render.com
Cloudflare (USA)	DNS and network security	IP address, request metadata — not content	cloudflare.com
Upstash (USA)	Rate limiting and abuse prevention	Request frequency data; no personal data stored beyond active session	upstash.com

05Cross-Border Data Transfers

Certaze is an India-based service. However, several of our third-party processors — including Google Firebase, Anthropic, Vercel, Render, Cloudflare, and Upstash — are incorporated in and operate infrastructure within the United States of America.

By creating an account and using Certaze, you acknowledge and consent to your personal data being transferred to and processed in the United States, which may have data protection laws different from India's.

DPDPA 2023 note: As the cross-border transfer framework under DPDPA 2023 is progressively notified by the Government of India, we will update this section to reflect any new requirements.

06Data Storage and Security

Your device (localStorage): Study history, scores, spaced repetition data — not transmitted unless cloud sync is enabled
Firebase / Firestore: Account credentials and cloud-synced study data — encrypted at rest and in transit
Render.com: API request logs retained up to 30 days for security, then auto-deleted

Security measures include HTTPS everywhere, Firebase Authentication, Firestore security rules, server-side rate limiting via Upstash, and Cloudflare network-layer protection. No system is perfectly secure — we will notify you promptly of any breach affecting your data.

07Your Rights

Under the Digital Personal Data Protection Act, 2023 (India):

Access

Request a summary of personal data we hold about you.

Correction

Ask us to correct inaccurate or incomplete data.

Deletion

Request deletion of your account and all associated data, subject to legal retention obligations.

Portability

Export your study data via Reports → Export CSV at any time.

Withdraw Consent

Disable cloud sync via Profile → Settings. To withdraw all consent, contact admin@certaze.in — this results in account deletion.

Grievance Redressal

Raise concerns with our Grievance Officer at admin@certaze.in. Acknowledged in 24 hours, resolved in 30 days.

To exercise any right, email admin@certaze.in with subject "Data Request". We respond within 30 days after verifying your identity.

08Data Retention

Account data: Retained while active. Deleted within 30 days of a verified deletion request.
Study data (cloud-synced): Retained while active. Reset anytime via Profile → Reset all data.
Payment records: Retained for 7 years as required by Indian tax law.
Server logs: Retained up to 30 days, then auto-deleted.
Rate limiting data (Upstash): Rolling window only — not retained beyond the active session.

09Cookies and Local Storage

Certaze uses browser localStorage — not traditional cookies — to store your study data on your device. This data never leaves your device unless cloud sync is enabled.

Firebase Authentication uses a secure session token to maintain your signed-in state. This is strictly necessary and cannot be disabled while using the Service. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

10Children's Privacy

The Service is not directed to persons under 18 years of age. We do not knowingly collect personal data from minors. If you believe a person under 18 has provided us with personal data without appropriate consent, please contact admin@certaze.in with the subject "Minor Data Concern". We will take prompt steps to delete that information.

11Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via your registered email at least 14 days in advance and posted at certaze.in/privacy with a new effective date. Continued use constitutes acceptance.

12Grievance Officer

In accordance with the Information Technology Act, 2000, IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023:

Name: Shyama Ramesh Varma
Designation: Grievance Officer & Data Fiduciary, Certaze Technologies
Email: admin@certaze.in
Address: Palakkad, Kerala, India

Complaints acknowledged within 24 hours, resolved within 30 days.

Privacy questions or data requests?

Contact our Grievance Officer and Data Fiduciary.

admin@certaze.in

Subject: "Data Request" or "Privacy Concern" · Response within 30 days

Certaze Technologies ✦ Palakkad, Kerala, India