Privacy Policy

Last updated: February 28, 2026

1. Who We Are

CredVault ("we," "us," or "our") is a professional certification tracking application. For questions about this policy or to exercise your data rights, contact us at privacy@cooeytools.com.

2. Data We Collect

We collect only the data necessary to provide the service:

  • Account data: Email address and hashed password, provided at signup.
  • Profile data: First name, last name, and optional professional details (job title, organization type, location, certification focus). All optional fields beyond name are voluntary.
  • Certification records: Names, issuers, dates, and CPE requirements for certifications you add.
  • CPE activity records: Training activities, hours, dates, providers, and optional descriptions you log.
  • File attachments: Certificate scans or proof-of-completion documents you optionally upload (stored privately; never shared).
  • Security data: Multi-factor authentication factors and bcrypt-hashed backup codes.
  • Notification preferences: Your choices about which in-app reminders to receive.

We do not collect payment information, browsing behavior, device fingerprints, or location data beyond what you voluntarily provide in your profile.

3. How We Use Your Data

  • To provide and operate the certification tracking service.
  • To authenticate you securely, including multi-factor authentication.
  • To display your CPE progress and renewal deadlines.
  • To send in-app notifications you have opted into (future feature).

We do not sell your data. We do not use your data for advertising or share it with third parties for marketing.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area, our legal basis for processing your data is:

  • Contract performance — processing necessary to provide the service you have signed up for.
  • Legitimate interests — security logging and fraud prevention.
  • Consent — optional profile fields and notification preferences, which you may withdraw at any time.

5. Data Storage and Security

Your data is stored by Supabase, our infrastructure provider (data processor). Data is encrypted at rest and in transit. Row-level security policies ensure your data is accessible only to your authenticated session.

6. Data Retention

Your data is retained for as long as your account is active. When you delete your account, all personal data — including your profile, certifications, CPE activities, and uploaded files — is permanently and immediately deleted. We do not retain backup copies of deleted account data.

7. Your Rights

Depending on your location, you may have the right to:

  • Access — download a copy of your data via Account → Download My Data.
  • Rectification — update your profile information at any time in Account settings.
  • Erasure — permanently delete your account and all associated data via Account → Delete Account.
  • Portability — export your data in JSON format via Account → Download My Data.
  • Withdraw consent — update or remove optional profile fields and notification preferences at any time.

To exercise rights that are not self-service, contact privacy@cooeytools.com.

8. Cookies

We use strictly necessary session cookies to keep you authenticated. We do not use analytics cookies, advertising cookies, or any third-party tracking. No cookie consent banner is required because we only use essential cookies.

9. Changes to This Policy

If we make material changes to this policy, we will notify you via email or a notice on the application before the change takes effect. The "Last updated" date at the top of this page will always reflect the current version.

10. Contact

Questions or concerns about this policy? privacy@cooeytools.com

Terms of Service →