Certixa

Preparing Your Workspace

Certixa LogoPrivacy
IDEN
Home
Privacy Policy

Certixa Privacy Policy

Your trust matters. This page explains how we collect, store, process, and protect your data while you use Certixa for bulk document generation.

Effective date: May 25, 2026. This policy may be updated from time to time to reflect service and regulatory changes.

1. Data We Collect

To provide bulk document features, we may collect:

  • Account Information: Your active email and account identifiers.
  • Template Data: Uploaded backgrounds and canvas layout metadata (text, layers, coordinates, placeholders, signature markers).
  • Source Data: CSV/Excel data used for document personalization.

2. Use of Data and Security

We process uploaded data only to run document generation and related features. We apply reasonable technical and organizational safeguards. We do not sell or rent your data.

For External Signature, we may process signer email, signer name, request status, request/signed timestamps, and security metadata (for example IP address and user-agent) for auditability and abuse prevention.

3. Retention and Automatic Deletion

To reduce storage risk, Certixa enforces retention controls.

Automatic Cleanup (up to 7 days)

Generated files (PDF/JPG/ZIP) and original CSV source files are permanently deleted from storage within 7 days after processing.

Limited verification registry data may be retained to keep public verification available.

4. Public Verification Portal

Documents may include a verification ID and can be validated through a public endpoint such as /verify/[id]. Public pages show limited fields only.

5. Your Data Rights

You may manage and delete templates, assets, and projects in your account. Where required by law, you may request access, correction, or deletion through support channels.

We may retain specific data when required for legal compliance, fraud prevention, dispute handling, or service security.

6. Legal Basis, Processors, and Compliance

Processing may rely on contractual necessity, legitimate interests (security and abuse prevention), or consent where required.

  • Third-party processors: Trusted providers may process data for storage, email delivery, and observability under restricted access.
  • Cross-border transfer: Data transfer may occur where operationally required with reasonable safeguards.
  • Lawful requests: We may disclose limited data when legally required.

7. Account Security and User Responsibility

You are responsible for account credential security and for ensuring that external signers receive proper notice regarding data processing.