Privacy Policy

This Privacy Policy describes how Universal Certification Authority ("we," "us," or "the Authority") collects, uses, and shares personal information in connection with the website at universalcertificationauthority.org (the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information we collect

We collect the following categories of personal information:

• Recipient name. The name you enter when taking an examination or ordering a credential. This name is displayed on the credential and stored for verification purposes.
• Conferrer name. When you purchase a gifted credential, the name you provide as the conferrer is stored alongside the credential record.
• Photograph of recipient. When you purchase a gifted credential, the photograph you upload is stored to be embedded on the credential. You confirm that you have the recipient's permission to upload the photograph.
• Examination responses. The answers you select during an examination are used to compute a score and are stored as part of the credential record.
• Payment information. When you purchase a paid product, payment is handled by Stripe, Inc. We never see or store your payment-card details. Stripe does provide us with limited information including your email address, country, and an order identifier.
• Server logs. Our hosting provider (Vercel) automatically collects request logs that include your IP address, user-agent string, and timestamps. These logs are used for security and operational purposes and are typically retained for approximately thirty days.

2. How we use information

We use the personal information we collect to:

• Generate and display credentials, including the publicly shareable conferral page
• Verify the authenticity of credentials when scanned via the printed QR code
• Process payments for paid products
• Respond to support requests sent to our published email address
• Detect and prevent abuse, fraud, and breaches of these terms

3. Who we share information with

We share personal information with the following third-party service providers, each of whom processes data on our behalf under their own privacy and security commitments:

• Stripe, Inc. — payment processing (privacy policy)
• Vercel Inc. — web hosting and serverless functions (privacy policy)
• Turso (ChiselStrike, Inc.) — database hosting (privacy policy)
• Cloudflare, Inc. — DNS resolution and email forwarding (privacy policy)

We do not sell personal information to third parties. We do not share personal information with advertisers or data brokers. We may disclose information when required by law, when responding to a valid legal process, or to protect the rights, property, or safety of the Authority, our users, or others.

4. Data retention

Credential records — including the recipient name, examination score, and (where applicable) the gifted recipient's photograph — are retained indefinitely so that the public verification page continues to function for the lifetime of any printed credential carrying a QR code linking to it. You may request deletion at any time as described below.

Payment records held by Stripe are retained according to Stripe's policies, which include long-term retention for accounting, regulatory, and dispute-resolution purposes.

5. Your rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access. Request a copy of the personal information we hold about you.
• Correction. Request that we correct inaccurate information.
• Deletion. Request that we delete your personal information, subject to legal exceptions.
• Objection. Object to certain processing activities.
• Portability. Receive a copy of your information in a machine-readable format.

To exercise any of these rights, contact us at support@universalcertificationauthority.org with the credential identifier (in the form UCA-XXXX-XXX) of the record in question. We will respond within thirty days.

6. California residents (CCPA)

California residents have the additional rights afforded by the California Consumer Privacy Act, including the right to know what personal information is collected and the right to request deletion. We do not sell personal information for purposes of the CCPA.

7. European users (GDPR)

For users in the European Economic Area, the United Kingdom, or Switzerland, our lawful bases for processing are: performance of a contract (in the case of paid products), legitimate interest (operating and securing the Service), and consent (in the case of recipient photographs uploaded for gifted credentials). You may lodge a complaint with your local supervisory authority.

8. Cookies and tracking

The Service does not set cookies for tracking, advertising, or marketing purposes. We use Vercel Analytics, a privacy-friendly measurement tool, to record aggregate, anonymous traffic patterns (such as page views, referring sources, and country-level geography). Vercel Analytics does not set cookies and does not collect personally identifying information.

Your browser may receive short-lived session-related cookies from third-party services (notably Stripe) when interacting with payment flows.

9. Children

The Service is not directed to individuals under the age of thirteen, and we do not knowingly collect personal information from children. If we learn that a child has provided personal information, we will delete it promptly.

10. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects when material changes were last made. Substantial changes will be announced through the Service.

11. Contact

Questions or requests relating to this Privacy Policy may be directed to support@universalcertificationauthority.org.