• Account & Profile: Name, business email, username, company affiliation, and role/group used to scope access to certificates.
• Access & Security: IP address, user agent, session identifiers (e.g., AuthToken), CSRF tokens, correlation ID (cid), and server logs necessary to authenticate sessions, enforce rate limits, and detect abuse.
• Service Activity: Certificate search and download events (metadata only), error events, and security logs needed for troubleshooting and audit.
• Support: Messages or details you provide when contacting support.

• Operate the service: Authenticate users; maintain sessions; authorize access to certificates linked to your company.
• Protect the service and users: Detect credential abuse, IP rotation, automation, and suspicious patterns; apply throttles or temporary blocks; prevent fraud.
• Communicate: Provide account or service notices (e.g., security, maintenance); respond to support requests.
• Comply with law: Maintain logs necessary for security, integrity, and legal/regulatory requirements.

• No third‑party advertising cookies or cross‑site tracking.
• No sale or sharing of personal information for targeted advertising under US state privacy laws.

• EU/EEA & UK: Performance of a contract (provide the portal you sign into) and legitimate interests (security, fraud prevention).
• United States: We follow applicable state privacy rules emphasizing transparency and opt‑out for sale/sharing and targeted ads (not used by certXpress).

We retain account records and security logs only as long as necessary to provide the service, comply with legal obligations, resolve disputes, and enforce agreements.

We do not rent or sell personal data. We may share with service providers acting on our behalf (e.g., hosting, email) under contracts that require appropriate safeguards and use only under our instructions.

We apply administrative, technical, and organizational controls consistent with enterprise security practices (e.g., HTTPS/TLS, authentication tokens, CSRF protection, rate limiting, and monitoring).

Depending on your region, you may have rights to access, correct, delete, or restrict certain processing and to receive information about our data practices. Contact us using the details below to exercise applicable rights. We will verify and respond as required by law.

If data is accessed across borders (e.g., support by personnel in other countries), we use appropriate safeguards recognized by applicable law (e.g., contractual measures).

For privacy‑related questions or requests regarding certXpress, please use our contact link.