Policies - CertSync

Policies & Compliance

Transparency and security are at the core of everything we do

Privacy Policy

Last updated: January 2026

CertSync ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and disclose personal information when you use the CertSync mobile application and website (the "Platform").

Important Notice: CertSync is a credential storage and reminder tool. We do not verify credentials, provide compliance advice, or guarantee regulatory outcomes.

Information We Collect

We collect personal information you provide directly to us, including:

  • Personal details (name, email address, phone number)
  • Login and authentication data
  • Professional credentials, licences, certifications, permits, and related documents uploaded by you
  • Credential metadata (expiry dates, reminder preferences)
  • Organisation details (organisation name, team membership, invitation codes)
  • Usage data (features used, interactions with the Platform)
  • Technical data (IP address, device type, browser, operating system)

How We Use Your Information

We use your information to:

  • Provide, operate, and maintain the CertSync Platform
  • Store and display credentials and permits
  • Send notifications and reminders based on your settings
  • Facilitate credential sharing between users and organisations where authorised
  • Provide customer support
  • Improve and develop the Platform
  • Communicate service updates and operational notices

Data Sharing

We do not sell personal information.

We may share information only in the following circumstances:

  • With organisations you explicitly authorise to access your credentials
  • With service providers who assist in operating the Platform (hosting, email delivery, analytics)
  • Where required by Australian law, court order, or regulatory authority
  • To protect the rights, safety, or property of CertSync, our users, or others

Data Security

We implement reasonable technical and organisational measures to protect your information, including:

  • Data hosted in Australia
  • Encryption in transit (HTTPS)
  • Encryption at rest for stored documents
  • Role-based access controls
  • Optional two-factor authentication
  • Audit logging of administrative actions

No system is completely secure. While we take security seriously, we cannot guarantee absolute protection of data.

Data Retention

  • Active accounts: Data retained while your account remains active
  • Deleted accounts: Personal data removed within 30 days, unless retention is required by law
  • Audit logs: Retained for compliance and security purposes (typically up to 7 years)
  • Backups: May retain deleted data for up to 90 days before permanent removal

Your Rights

You may:

  • Request access to your personal information
  • Request correction of inaccurate data
  • Request account deletion
  • Export your data
  • Opt out of non-essential communications

Requests can be made by contacting support@certsync.com.au

Contact

For privacy-related enquiries, contact:

support@certsync.com.au

Terms of Service

Last updated: January 2026

By accessing or using CertSync, you agree to these Terms of Service ("Terms"). If you do not agree, do not use the Platform.

Description of Service

CertSync provides a digital platform for storing, managing, and sharing credentials, licences, certifications, and permits, and for sending optional reminders based on user-defined settings.

CertSync:

  • Does not verify credentials
  • Does not provide compliance advice
  • Does not guarantee legal, regulatory, or workplace compliance
  • Does not guarantee notification delivery or timing

User Accounts

You agree to:

  • Provide accurate and current information
  • Maintain the security of your login credentials
  • Accept responsibility for all activity under your account
  • Notify us of unauthorised account use

You are solely responsible for the accuracy of any information or documents you upload.

Notifications and Reminders

Notifications are provided as a convenience only.

CertSync does not guarantee that:

  • Notifications will be delivered
  • Notifications will be received or acted upon
  • Notifications will meet regulatory or organisational requirements

Users and organisations remain fully responsible for monitoring credential validity and compliance.

Document Uploads and Accuracy

You acknowledge that:

  • All uploaded documents are user-supplied
  • CertSync does not verify authenticity, validity, or currency
  • Organisations may approve or reject credentials at their discretion
  • Reliance on uploaded information is at the organisation's own risk

Acceptable Use

You must not:

  • Upload false, misleading, or fraudulent documents
  • Impersonate others
  • Access or attempt to access unauthorised data
  • Interfere with platform operation
  • Reverse engineer or extract source code
  • Use the Platform for unlawful purposes

Organisations and Employers

Organisation administrators agree to:

  • Use data solely for legitimate workforce and compliance management
  • Respect user privacy and sharing controls
  • Comply with applicable workplace and safety laws
  • Independently verify compliance where required

CertSync is not responsible for employer compliance decisions.

Service Availability

The Platform is provided on an "as is" and "as available" basis. We do not guarantee uninterrupted service and are not liable for outages, maintenance, or technical failures.

Termination

We may suspend or terminate accounts for breaches of these Terms or harmful conduct. You may close your account at any time.

Limitation of Liability

To the maximum extent permitted by law:

  • CertSync disclaims all warranties
  • We are not liable for indirect, incidental, or consequential loss
  • We are not liable for compliance failures, penalties, or legal actions arising from use of the Platform

Governing Law

These Terms are governed by the laws of Australia. Disputes are subject to Australian courts.

Data Processing & Retention Policy

Last updated: January 2026

Data Processed

CertSync processes:

  • Credential and permit documents
  • Expiry dates and reminder settings
  • Organisation membership and permissions
  • Approval and rejection records
  • Usage logs and audit records

Purpose of Processing

Data is processed to:

  • Enable credential storage and tracking
  • Facilitate authorised sharing
  • Generate audit and activity records
  • Deliver notifications
  • Provide support services

Data Location

All data is stored on servers located in Australia.

Retention Periods

  • Active accounts: retained while active
  • Deleted accounts: removed within 30 days
  • Audit logs: retained up to 7 years
  • Backups: up to 90 days

User Controls

Users can:

  • Edit or delete credentials
  • Manage organisation access
  • Export data
  • Request account deletion

Security Overview

Last updated: January 2026

Security Notice: CertSync applies security controls appropriate for a growing workforce-management platform. While we implement industry-standard security measures, no system is completely secure.

Security Measures

  • Australian-based hosting
  • HTTPS encryption
  • Encryption at rest
  • Role-based access control
  • Optional two-factor authentication
  • Secure file access via signed URLs
  • Administrative audit logs
  • Regular backups

Incident Response

If a security incident occurs, we will:

  • Investigate and contain the issue
  • Notify affected users where legally required
  • Take corrective action

Security Reporting

Security issues should be reported to:

support@certsync.com.au

Contact Us

For questions about privacy, security, data processing, or these policies, please contact:

Support & Enquiries

support@certsync.com.au

Privacy, security, data access, account deletion, general enquiries