Privacy Policy

Last updated: 26 May 2026

1. Who We Are

CertQnA is an independent certification exam preparation platform operated by CertQnA.com (“we”, “us”, “our”). For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we are the data controller.

Contact: support@certqna.com

2. What Data We Collect

Account Data (via Clerk):

  • Email address
  • Name (first and last)
  • Authentication identifiers

Usage Data (stored in Cloudflare D1):

  • Quiz session data: answers selected, scores achieved, time taken
  • Bookmarked questions
  • Flagged questions and comments
  • Email preferences

Analytics Data:

  • Pages visited (no personally identifiable information)
  • Referrer URLs and UTM parameters
  • Browser and device type (aggregated only)

Email Logs:

  • Type of email sent (e.g. welcome, test results, digest) — not the content of the email
  • Delivery status (sent/failed)

3. Why We Collect It (Legal Basis)

  • Contract: Account management and service delivery — we need your account data to provide the Service you signed up for.
  • Legitimate Interest: Service improvement, analytics, and platform security — we use aggregated usage data to improve CertQnA.
  • Consent: Marketing emails, study reminders, and weekly digests — you can opt in or out of these at any time via your email preferences.

4. How We Use It

  • Providing the CertQnA service: practice sessions, score tracking, progress dashboard
  • Sending transactional emails: test results, account notifications
  • Sending optional emails: streak reminders, weekly digests (only with your consent)
  • Improving the platform: identifying popular certifications, improving question quality
  • Responding to support requests and flagged content reports

5. Data Storage

  • Authentication: Clerk — servers in US/EU. Clerk handles authentication tokens and session management.
  • Application Data: Cloudflare D1 — distributed globally on Cloudflare's edge network. This stores your quiz sessions, scores, bookmarks, and preferences.
  • Email Delivery: Brevo (Sendinblue) — servers in the EU. Used to send transactional and optional emails.
  • Hosting: Cloudflare Pages — global edge network.

6. Your Rights (GDPR / UK GDPR)

Under data protection law, you have the following rights:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate personal data.
  • Right to Erasure: Request deletion of your account and all associated data.
  • Right to Data Portability: Request your data in a structured, commonly used format.
  • Right to Object: Object to processing based on legitimate interest.
  • Right to Withdraw Consent: Withdraw consent for optional emails at any time via your email preferences or the unsubscribe link in any email.

You can exercise the Right to Access and Right to Portability self-service by visiting your profile and using the “Download my data” and “Delete my data” buttons. For all other requests, email us at support@certqna.com. We will respond within 30 days.

7. Cookies & Local Storage

CertQnA uses only strictly necessary cookies and a small amount of functional browser storage. We do not use advertising cookies, marketing pixels, cross-site trackers, or analytics services that set cookies (no Google Analytics, GA4, GTM, Facebook Pixel, Hotjar, Mixpanel, etc.).

Because we only use cookies that are essential to deliver the Service you requested, no cookie-consent banner is required under the UK PECR / EU ePrivacy Directive. The complete inventory of cookies and client-side storage we set is below.

NameSet byTypePurposeExpiry
__sessionClerkCookie (1st party)Authenticated session token. Strictly necessary.~7 days
__client_uatClerkCookie (1st party)Tracks last sign-in time to keep the session fresh. Strictly necessary.Session
__clerk_db_jwtClerkCookie (1st party)Encrypted credential refresh. Strictly necessary.Session
__cf_bm, cf_clearanceCloudflareCookie (1st party)Bot management and DDoS protection. Strictly necessary for security.≤ 30 minutes / 30 days
themeCertQnAlocalStorageRemembers your light/dark theme preference. Set only after you change the theme.Persistent until cleared
Cloudflare Web Analytics beaconCloudflareNo cookies, no identifierCookieless aggregate page-load analytics (visits, page views). Does not identify visitors.n/a

You can clear cookies or browser storage at any time through your browser's privacy settings; doing so will sign you out of CertQnA. You will not be able to use the Service without the strictly-necessary authentication cookies.

8. Third-Party Services

We use the following third-party services to provide and improve CertQnA:

The complete, up-to-date list of sub-processors, including their region and the data category they receive, is available at /legal/subprocessors.

9. Data Retention

  • Account data: Retained until you delete your account.
  • Session and score data: Retained for 12 months after the session, or until account deletion, whichever comes first.
  • Email logs: Retained for 6 months.
  • Analytics data: Retained for 12 months (aggregated, non-PII).

10. Children's Privacy

CertQnA is not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete that information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification where practicable. The “Last updated” date at the top of this page indicates when the policy was last revised.

12. Contact and Complaints

For any privacy-related questions, data requests, or concerns, contact us at: support@certqna.com

If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO): ico.org.uk