CertificationJourney
Log inStart free

Privacy Policy

Last updated: 2 June 2026

This policy explains what personal data CertificationJourney collects, why, and the rights you have over it.

Who we are

CertificationJourney (“we”, “us”) is an independent exam-preparation platform operated by Shahir Sherali, trading as CertificationJourney — a sole proprietorship based in the Netherlands. For any privacy question, email us at certificationjourney@outlook.com (see our Contact page). We are the data controller for the data described here.

What we collect

  • Account details — your first and last name, a public username, and your email address. Your password is stored securely hashed by our authentication provider (Supabase); we never see it in plain text.
  • Learning data — your course progress, XP, study time, owned courses, quest/badge progress and any community posts. This is stored in our database (Supabase, EU region) and tied to your account so it syncs across your devices. Your username is shown publicly on community posts and — if you opt in — on the leaderboard; everything else is private to you.
  • Payment data — paid courses are processed by Stripe. We never see or store your full card details; we keep a record of which course you purchased and when, plus your consent to immediate access (the 14-day withdrawal-waiver record).
  • Technical data — basic, security-related server logs (e.g. IP address) processed by our hosting providers to operate and protect the service.

We do not use advertising cookies or third-party analytics, and we do not sell your data. See our Cookie notice.

Why we use it, and our legal basis

  • To provide the service (accounts, progress, purchases) — performance of a contract.
  • To keep the service secure and working — our legitimate interests.
  • For optional things you opt into (e.g. the public leaderboard, future emails) — your consent, which you can withdraw at any time.
  • To meet legal obligations (e.g. tax records for purchases) — legal obligation.

Who we share it with

We share data only with processors that help us run the service, under data-processing agreements: Supabase (database, authentication & data hosting — EU region), Vercel (application hosting & CDN), Stripe (payment processing), and Resend (account & transactional email). We do not sell or rent personal data.

How long we keep it

We keep account data for as long as your account is active, and afterwards only as long as needed for the purposes above or to meet legal obligations — e.g. purchase/invoice records for 7 years under Dutch tax-retention rules. Your learning data is removed when you delete it via the in-app reset or close your account.

International transfers

Your account and learning data are stored in the EU (Supabase, EU region). Some processors are US-based — Vercel (hosting), Stripe (payments) and Resend (email) — so limited personal data may be transferred outside the EEA. For those transfers we rely on appropriate safeguards, such as the EU Standard Contractual Clauses.

Your rights

Under the GDPR you have the right to access, rectify, erase, restrict and port your data, and to object to processing or withdraw consent. To exercise any of these, email certificationjourney@outlook.com.

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl) or your local supervisory authority.

Children

CertificationJourney is intended for users aged 16 and over and is not directed at children under 16. We do not knowingly collect data from children under 16.

Changes

We may update this policy; we’ll change the “last updated” date above and, for material changes, notify you in-app or by email.