Privacy

Privacy Policy

This policy explains what personal data we process, why, on which legal bases, and how you can exercise your rights.

Last updated: May 28, 2026.

1. Who we are

Certeef provides a Qualiopi compliance management platform for training organizations. The controller for the data described below is:

  • [Legal name], [legal form] with share capital of [amount]
  • Registered under company number [SIRET]
  • Registered office: [Registered address]
  • Data protection officer / responsible contact: [Representative / DPO]

For any question about this policy or your data, contact us through our contact form.

2. Data we collect

Depending on your relationship with Certeef, we process the following categories of data:

  • Site visitors: data submitted through the contact form (name, message and, where applicable, contact details) and technical connection data (IP address, browser type, pages viewed).
  • Account holders (training organization staff): name, email address, organization, role, authentication and session data.
  • Data processed on behalf of our customers: learners (identity, contact details, date of birth, attendance sheets and signatures, presence), trainers (identity, contact details, specialty, supporting documents), customer companies and hosted training documents.
  • Billing data: information required to manage subscriptions and payments.

3. Purposes and legal bases

We process this data for the following purposes:

  • Providing and operating the platform and its features — performance of the contract.
  • Managing billing and meeting our accounting and tax obligations — legal obligation.
  • Responding to your requests and conducting commercial outreach — legitimate interest.
  • Measuring site audience — your consent.
  • Ensuring the security of the service and preventing abuse — legitimate interest.

4. Cookies and audience measurement

The site uses cookies that are strictly necessary for it to function, which do not require consent. Subject to your agreement, audience measurement cookies may be set to understand how the site is used; the associated data is anonymized.

You can accept, decline or change your choices at any time: .

5. Recipients and subprocessors

We never sell your data. We rely on technical providers acting as subprocessors, selected for their security and compliance guarantees:

  • Vercel — hosting of the site and application.
  • Turso — database.
  • Cloudflare R2 — storage of documents and files.
  • Stripe — payment and billing processing.
  • Resend — sending of transactional emails.
  • firma.dev — electronic signature of documents.
  • Google and Microsoft — authentication (sign-in with existing accounts).
  • Tally — hosting of the contact form.

Some of these providers may process data outside the European Union. Where that is the case, such transfers are governed by appropriate safeguards, such as the European Commission's standard contractual clauses.

6. Retention periods

  • Account data: for the duration of the contractual relationship, then [period] after closure.
  • Outreach data (contact form): [period, e.g. 3 years] from the last contact.
  • Accounting and billing records: 10 years, in accordance with legal obligations.
  • Data processed on behalf of our customers: according to the customer's instructions and the period set out in the contract.

7. Your rights

In accordance with the General Data Protection Regulation (GDPR), you have the rights of access, rectification, erasure, restriction, portability and objection to the processing of your data.

To exercise these rights, send your request through our contact form. If your data is processed by Certeef on behalf of a training organization, your request will be forwarded to that organization, which acts as the controller.

You also have the right to lodge a complaint with the CNIL (the French data protection authority) or your local supervisory authority.

8. Security

We implement appropriate technical and organizational measures to protect your data: encryption of communications, access control, hosting with recognized providers and logging of sensitive operations.

9. Controller and processing

Certeef acts as the controller for the data of site visitors, prospects, account holders and billing.

For learner data entered by training organizations, the customer organization is the controller and Certeef acts as a processor within the meaning of Article 28 of the GDPR, under a data processing agreement (DPA) that governs such processing.

10. Changes to this policy

We may update this policy to reflect changes in our services or in the law. The last updated date appears at the top of this page; we encourage you to review it regularly.