CertReview

Privacy Policy

Last updated: May 2026

1. Data Controller

The data controller within the meaning of the GDPR is the operator of CertReview.
Contact: contact@certreview.com

2. Data We Collect

Account data: When you register via Google, LinkedIn, Microsoft or GitHub, we receive your name, email address and profile picture from the respective provider.

User data: Username, certificate reviews, comments, favorites, and submitted certificate requests.

Technical data: IP address (for rate limiting, not stored), browser type and access times (server logs).

3. Purpose of Data Processing

  • Providing and operating the platform (Art. 6(1)(b) GDPR)
  • Authentication and account management
  • Displaying public reviews and profiles
  • Protection against abuse and spam (legitimate interest, Art. 6(1)(f) GDPR)

4. Data Processors

Supabase Inc. (USA) — Database and authentication. Standard contractual clauses pursuant to Art. 46 GDPR.

Vercel Inc. (USA) — Hosting and CDN. Standard contractual clauses pursuant to Art. 46 GDPR.

Google LLC — OAuth sign-in (optional). Privacy policy: policies.google.com/privacy

5. Cookies and Local Storage

We only use technically necessary cookies for session management (auth token). No tracking or advertising cookies are used. Review drafts and comparison selections are stored in the browser's localStorage — exclusively on your device.

6. Public Data

Your username, reviews and comments are publicly visible. Your email address and sign-in method remain private and are never displayed publicly.

7. Your Rights

  • Access to stored data (Art. 15 GDPR)
  • Correction of inaccurate data (Art. 16 GDPR)
  • Deletion of your account and all data (Art. 17 GDPR) — at any time in settings
  • Data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)

Requests to: contact@certreview.com

8. Retention Period

Account data is retained until the account is deleted. After account deletion, all personal data is removed within 30 days. Reviews may be retained in anonymised form if they remain relevant to the community.

9. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. The competent authority is that of the EU member state of your habitual residence.

Legal Notice← Back to home
    Privacy Policy — CertReview