Privacy Policy
Last updated: June 16, 2026
1. Information We Collect
We collect information that you provide directly to us when you create an account, use our compliance tools, complete training courses, or communicate with us. This includes:
- Name, email address, phone number, and contact information
- Company information (name, address, industry, dangerous goods permits)
- Payment and billing information (processed securely via Stripe)
- Course progress, exam results, and certification records
- Communication preferences and newsletter subscriptions
- Tool usage data: placard calculations, SDS uploads and parsed data, shipping document details, UN number searches, tunnel calculation inputs
- AI interaction logs: queries submitted to the DGX AI Assistant, document scanning results, SDS parsing outputs
- Calculation history and saved shipment records
- Digital signatures on compliance documents
- File uploads including Safety Data Sheet (SDS) PDFs and hazmat documentation
- Company branding assets (logos, color schemes) for white-label portals
2. How We Use Your Information
We use the information we collect to provide and improve our dangerous goods compliance platform:
- Provide, maintain, and improve our services and compliance tools
- Process placard calculations, generate shipping documents, and manage SDS records
- Power AI-assisted features including the DGX AI regulatory chat assistant, SDS document parsing and translation, and hazmat document scanning
- Process transactions and manage subscriptions via Stripe
- Generate training certificates and track course completion
- Send technical notices, security alerts, and account notifications
- Send regulatory news updates and newsletters (with your consent)
- Respond to your comments, questions, and support requests
- Monitor and analyze usage trends to improve platform accuracy and reliability
- Maintain audit logs for compliance and security purposes
3. Information Sharing
We do not sell your personal information. We share data only with trusted service providers who act as data processors on our behalf, and only as necessary to deliver our services:
- With company administrators who manage your organization's account
- With Stripe for secure payment processing
- With Google for AI services (Google Cloud AI — Gemini, Vertex AI, and Document AI) used in regulatory assistance and document parsing
- With Google Analytics and Google Tag Manager for platform usage analytics
- With Amazon Web Services (AWS) for secure file storage (S3) and infrastructure
- With PubChem and NIOSH APIs for chemical data lookups (UN numbers, chemical properties)
- To comply with legal obligations or respond to lawful requests
- To protect our rights, safety, and property
- With your explicit consent
- Other Certigo customers — if you upload a Safety Data Sheet and do not mark it private, its product name, manufacturer, and parsed safety sections are added to Certigo's shared SDS library where other customers can find them; your inventory, quantities, and internal notes are never shared (see the Terms of Service)
4. Data Security
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. All data is encrypted in transit (TLS/SSL) and at rest. Our infrastructure is hosted on Amazon Web Services (AWS) with industry-standard security controls. We maintain strict access controls, conduct regular security reviews, and keep audit logs of system access.
5. Data Retention
We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this privacy policy. Certification records are retained in accordance with industry standards and regulatory requirements (typically 3 years for TDG/49 CFR training records). Calculation history and compliance documents are retained for the duration of your subscription. Upon account deletion, personal data is removed within 30 days, except where retention is required by law.
6. Your Rights
Depending on your jurisdiction, you have the right to:
- Access your personal information and obtain a copy
- Correct inaccurate or incomplete information
- Request deletion of your personal data
- Object to or restrict certain processing activities
- Export your data in a portable format
- Withdraw consent at any time where processing is based on consent
- Lodge a complaint with a supervisory authority
7. Cookies and Tracking
We use cookies and similar tracking technologies to collect information about your browsing activities and improve your experience. We use Google Tag Manager to manage tracking scripts and Google Analytics to understand platform usage. We implement Google Consent Mode v2 to respect your cookie preferences. Our cookie consent banner allows you to accept or decline non-essential cookies. Cookies may persist for up to 1 year and operate across subdomains of certigo.net. You can control cookies through your browser settings, though some features may not function properly if cookies are disabled.
8. AI and Automated Processing
Our platform uses Google Cloud AI (Gemini, Vertex AI, and Document AI) to power several features. AI is used for: the DGX AI regulatory chat assistant, which answers questions about dangerous goods regulations; SDS document parsing, which extracts and translates safety data from uploaded documents; hazmat document scanning, which analyzes images of shipping labels and placards; and compliance validation, which provides confidence scores on regulatory checks. AI outputs are supplementary tools designed to assist qualified personnel — they should always be verified by the user before being relied upon for compliance decisions. Data submitted to AI features may be processed by Google's AI services in accordance with their data processing terms.
9. Third-Party Services
We integrate with the following third-party services to deliver our platform:
- Stripe — payment processing: receives billing details, card information, and transaction data
- Amazon Web Services (AWS S3) — file storage: stores uploaded SDS documents, compliance files, and branding assets
- Google Cloud AI (Gemini, Vertex AI, Document AI) — AI processing: receives user queries, document content, and images submitted to AI features
- Google Analytics / Google Tag Manager — analytics: receives anonymized usage data, page views, and interaction events
- PubChem API — chemical data: receives UN numbers and chemical identifiers for safety data lookups
- NIOSH API — occupational safety data: receives chemical identifiers for exposure limit lookups
10. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, including the United States and other jurisdictions where our service providers operate (AWS, Google, Stripe). We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses where applicable.
11. Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete it promptly.
12. Newsletter and Regulatory Updates
With your consent, we may collect your email address to send you regulatory news updates, compliance tips, and platform announcements. You can unsubscribe from these communications at any time using the unsubscribe link included in each email, or by updating your notification preferences in your account settings.
13. Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices, services, or legal requirements. We will notify you of any material changes by posting the new policy on this page and updating the 'Last updated' date. For significant changes, we may also notify you by email.
14. Contact Us
If you have questions about this privacy policy or our privacy practices, please contact us at: privacy@certigo.net
Submit a Data Request
Under GDPR and applicable privacy laws, you have the right to access, rectify, delete, or object to the processing of your personal data. Submit a request below and we will verify your identity via email.