CertificateWatch
LoginStart Free Trial

Privacy Policy

1. Data Controller

The data controller for data processing on this website is:

greybeards KG

Dr. Natzler Gasse 27, 2380 Perchtoldsdorf, Austria

Email: info@certificatewatch.com

2. Data Collected

We collect and process the following personal data:

  • Registration/Login: Email address, password (hashed with bcrypt)
  • Contact/Demo forms: Name, company, email address, message
  • App usage: Certificate data (numbers, status), organization membership
  • Technical data: IP address (for rate limiting and audit logs), timestamps

3. Legal Basis

Processing is based on:

  • Art. 6(1)(b) GDPR: Contract performance (provision of the service)
  • Art. 6(1)(f) GDPR: Legitimate interests (security, fraud prevention, audit logging)
  • Art. 6(1)(a) GDPR: Consent (for contact forms and marketing cookies/tracking)

4. Data Storage & Hosting

Our application is hosted on Vercel. The database runs on Supabase PostgreSQL in the EU region. All connections are TLS-encrypted. Passwords are stored exclusively as bcrypt hashes.

5. Email Delivery

For sending notifications and password reset emails, we use Resend. Email address and email content are transmitted to Resend. Resend processes this data according to their privacy policy.

6. Cookies & Tracking

CertificateWatch uses the following cookies and tracking technologies:

  • Authentication cookie (auth_token): Technically necessary, HTTP-only, Secure, SameSite=Lax. Required for login functionality.
  • Google Tag Manager (GTM-NR57DV5M): Used to manage tracking scripts. GTM itself does not store cookies but enables the services listed below.
  • Google Ads / Google Remarketing: Used for conversion tracking and remarketing purposes. Google may set cookies (e.g. _gcl_au, _gac_) to measure ad effectiveness and display relevant ads on Google services. Data may be transferred to Google LLC (USA) under the EU-US Data Privacy Framework.

6a. Opt-Out

You can opt out of personalized advertising by visiting Google's Ad Settings (adssettings.google.com) or by using the Network Advertising Initiative opt-out page (optout.networkadvertising.org). You may also configure your browser to reject third-party cookies.

7. Your Rights

You have the right to:

  • Access the personal data stored about you (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure of your data (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)
  • Lodge a complaint with the supervisory authority

8. Data Retention

Contact form data is deleted after processing the inquiry and no later than 12 months. Account data is removed upon account deletion. Audit logs are retained for 12 months.

9. Contact for Privacy Inquiries

For privacy questions, please contact:

info@certificatewatch.com

Last updated: February 2026