Privacy Policy

Last updated: March 2026

This Privacy Policy explains how Vayda Collective, LLC (“we,” “us,” or “our”) collects, uses, and protects your information when you use CertLinq (“the Service”). We are committed to protecting your privacy and handling your data transparently.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, phone number, company name, and password.

Inspection and Job Data

When you use the Service to document inspections, we collect the data you enter, including customer information, location details, inspection findings, system specifications, and compliance status.

Photos

When you upload photos through the Service, we store the image files along with associated metadata, including GPS coordinates and timestamps. This location data is used for compliance documentation purposes, such as verifying the inspection location on certificates.

Device and Usage Information

We automatically collect certain information about your device and how you use the Service, including browser type, operating system, IP address, pages visited, and feature usage patterns. This helps us improve the Service and troubleshoot issues.

2. How We Use Your Information

Provide the Service: Store your data, generate compliance reports, produce certificates, and manage your customer records.
AI Report Generation: Your inspection data and photos are processed by our AI system to generate NFPA 96 compliance reports. This processing happens on secure servers and your data is not used to train AI models.
Certificate Delivery: Deliver certificates to you and your customers via email or download.
AHJ Submission: When you choose to submit reports to an authority having jurisdiction, we transmit the relevant data on your behalf.
Service Improvement: Analyze usage patterns to improve features, fix bugs, and optimize performance.
Communications: Send account-related emails (password resets, billing notifications, important service updates). We do not send marketing emails without your consent.

3. Third-Party Services

We use the following third-party services to operate CertLinq. Each processes data only as needed to provide their specific function:

Supabase— Database hosting and authentication. Your data is stored in Supabase-managed PostgreSQL databases.
Vercel— Application hosting and delivery. Serves the CertLinq web application.
Resend— Transactional email delivery. Used to send certificates, password resets, and account notifications.
Anthropic (Claude)— AI report generation. Your inspection data is processed by Claude to generate compliance reports. Data is not retained by Anthropic after processing.
Stripe— Payment processing. Handles subscription billing. We do not store your full credit card number.

4. Data Storage and Security

All data is encrypted in transit (TLS) and at rest.
Data is stored on US-based servers.
We use industry-standard security practices including access controls, regular security reviews, and secure authentication.
Passwords are hashed and never stored in plain text.
While we take reasonable measures to protect your data, no system is 100% secure. We will notify you promptly in the event of a data breach.

5. Your Rights

You have the right to:

Access: Request a copy of all data we hold about you.
Export: Download your data in standard formats (PDF, CSV) at any time through the Service.
Correction: Update or correct inaccurate information in your account.
Deletion: Request deletion of your account and associated data. We will process deletion requests within 90 days, except where retention is required by law.
Portability: Receive your data in a structured, machine-readable format.

To exercise any of these rights, contact us at privacy@certlinq.com.

6. Cookies

CertLinq uses minimal cookies, limited to what is necessary for the Service to function:

Session cookies: Required to keep you logged in and maintain your session state.
Security cookies: Help protect against cross-site request forgery and other security threats.

We do not use advertising cookies or third-party tracking cookies. We do not participate in ad networks or sell data to advertisers.

7. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

Know what personal information we collect, use, and disclose about you.
Request deletion of your personal information.
Opt out of the sale of your personal information.
Not be discriminated against for exercising your privacy rights.

We do not sell personal information. To exercise your CCPA rights, contact us at privacy@certlinq.com.

8. European Privacy Rights (GDPR)

If you are located in the European Economic Area, you have additional rights under the GDPR, including the right to object to processing, the right to restrict processing, and the right to lodge a complaint with your local data protection authority.

Our legal basis for processing your data is the performance of our contract with you (providing the Service) and our legitimate interests in improving and securing the Service.

9. Data Retention

Active accounts: We retain your data for as long as your account is active.
Cancelled accounts: We retain your data for 90 days after cancellation to allow for reactivation or data export.
Deleted accounts: We permanently delete your data within 90 days of a deletion request, except where retention is required by law (e.g., billing records).

10. Children's Privacy

CertLinq is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

12. Contact

For privacy-related questions or requests:

Email: privacy@certlinq.com
Company: Vayda Collective, LLC
Location: Holly Springs, NC