Privacy Policy

This policy explains what personal data Crowd Management Certificate ("we", "us") collects when you use crowdmanagementcertificate.com, why we collect it, who we share it with, and the rights you have under the EU General Data Protection Regulation (GDPR) and equivalent laws.

Who is responsible

The data controller is the operator of Crowd Management Certificate. You can contact us about privacy at info@crowdmanagementcertificate.com.

What we collect, and why

• Certificate details — your name (and email, if you provide one) when you claim a certificate. We use this to issue the certificate, show it on the public verification page, and email it to you if requested. Legal basis: performance of a contract / your request.
• Organiser enquiries — your name, email, organisation, role and any note when you request early access to team accounts. We use this only to contact you about team certification. Legal basis: our legitimate interest in responding to your enquiry, and your consent.
• Shared experiences — any name and text you submit. We use this to review and, if appropriate, publish it (anonymously unless you gave a name). Legal basis: your consent.
• Technical data — standard server logs (e.g. IP address, browser type) generated by our hosting provider to keep the site secure and working. Legal basis: legitimate interest.
• Browser storage — we store your theme, language and learning progress in your browser's local storage. This stays on your device and is not personal data we collect. See our cookie & storage note.

Who we share it with

We do not sell your data. We use a small number of trusted providers that process data on our behalf (data processors):

• Supabase — database storage for certificates, submissions and enquiries.
• Stripe — payment processing (when paid certificates are enabled). Stripe handles your card details directly; we do not receive or store them.
• Vercel — website hosting and server logs.
• Resend — sending certificate emails (when enabled).

Some providers may process data outside the EU/EEA. Where that happens, the transfer is covered by appropriate safeguards such as the EU Standard Contractual Clauses or an adequacy decision.

How long we keep it

Certificates are kept so they remain verifiable. Enquiries are kept only as long as needed to handle them. Experience submissions are kept until you ask us to remove them or we decide not to publish them. We delete data we no longer need.

Your rights

Under the GDPR you have the right to access, correct, delete, restrict or object to our use of your data, and to data portability. You can also withdraw consent at any time and lodge a complaint with your local data protection authority. To exercise any of these, email info@crowdmanagementcertificate.com.

Children

The service is intended for adults working in or organising events. We do not knowingly collect data from children.

Changes

We may update this policy; we will change the "last updated" date above when we do.