Privacy Policy

Scope

This Privacy Policy explains how Prompt Certifications, LLC ("Prompt Certifications," "Company," "Service Provider," "we," "us," or "our"), a North Carolina limited liability company, collects, uses, shares, and protects information in connection with promptcertifications.com and related online services, including exams, certification workflows, candidate accounts, and customer support (collectively, the "Services").

Relationship to Terms of Service

This Privacy Policy is incorporated by reference into our Terms of Service. Please read this Privacy Policy carefully. By using the Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, you must not use the Services.

Privacy Philosophy

We operate the Services with a "privacy-first" approach: we limit collection and processing to what is reasonably necessary to provide the Services, maintain account security, and comply with law.

No Advertising Tracking

We do not sell, rent, or trade personal information to third parties. We do not share personal information with advertising networks, marketing partners, or data brokers.

No Behavioral Tracking / Fingerprinting

We do not use device fingerprinting, tracking pixels, beacon tags, or similar tracking technologies intended to track users across websites or build behavioral marketing profiles.

No Third-Party Analytics Services

We do not use third-party analytics services (for example, Google Analytics) to track your browsing activity through the Services.

No Marketing Analytics Logging

We do not collect or maintain marketing analytics logs designed to track user behavior, page views, or clickstream activity for advertising or cross-context profiling.

Technical Note

Like any online service, internet communications necessarily involve transient processing of network data (e.g., routing requests). Our intent and practice is to minimize technical collection and retention, and to avoid using technical signals for tracking or advertising purposes.

Information You Provide Directly

Account Information. When you create an account or manage your profile, we collect account information such as your name and email address. We may store certain personally identifying fields in encrypted form for security purposes.

Authentication Information. We collect your password when you register; passwords are stored using one-way cryptographic hashing and are not stored in plain text.

Exam Data. We collect and store exam responses, exam attempt metadata necessary to administer an exam session, and exam scores/results.

Support and Communications. If you contact us for support, we collect the information you submit (e.g., messages, attachments, and related account identifiers).

Email Preferences. We collect and store your email subscription preferences (including unsubscribe/resubscribe status) as described in Section 6.

Payment Information (Processed by Stripe)

Stripe Processing. Payments for exams and other paid features are processed by Stripe, Inc., our third-party payment processor. Stripe processes payment card information directly and in accordance with its own terms of service and privacy policy, available at stripe.com. We do not have access to or store your complete payment card information.

What We Receive. We generally receive limited transaction information from Stripe (e.g., payment status, transaction identifiers, last-four digits and card brand where made available, billing postal code where applicable), which we use for accounting, fraud prevention, customer support, and refunds (where applicable).

Information Automatically Collected

Session Cookies (Authentication Only). We use essential session cookies necessary for authentication and security. We do not use tracking cookies, advertising cookies, or analytics cookies.

Minimal Technical Operation Data. We operate with a data-minimization posture. As a necessary part of operating an online service, our systems temporarily process IP addresses, user agent strings, and similar technical data to route traffic, maintain security, and prevent fraud. We do not intentionally collect, store, or use device fingerprints, geolocation data, or behavioral tracking logs for marketing or analytics purposes. Technical data that is temporarily processed for security, fraud prevention, and system operation is retained only for as long as necessary to serve these specific purposes and is not used for tracking, profiling, or advertising.

Essential Purposes Only

We use the information described above only for essential business and operational purposes, including:

• Account Management. Creating and managing your account and login credentials.
• Service Delivery. Providing access to exams, certifications, and related Services.
• Authentication and Security. Verifying identity (where applicable), maintaining platform integrity, detecting and preventing fraud, and preventing unauthorized access.
• Payment Processing; Refunds. Processing exam payments and refunds through Stripe and maintaining required accounting records.
• Email Communications. Sending critical account notifications and, depending on your preference, non-essential communications as described in Section 6.
• Legal Compliance. Meeting legal obligations and responding to lawful requests.

Limited-Service Provider Sharing

We share information only with essential third-party service providers needed to operate the Services, such as:

• Stripe (Payment Processing). For payment processing and related fraud-prevention tooling.
• Email Service Provider. For sending transactional and other account-related emails (subject to your preferences).
• Database / Hosting Providers. For secure hosting and operation of account and exam data.

No Sale of Personal Information

We do not sell personal information, and we do not share personal information for targeted advertising.

Legal and Safety Disclosures

We may disclose information when we have a good faith belief that disclosure is reasonably necessary to: (a) comply with applicable law, regulation, legal process, or enforceable governmental request; (b) enforce our Terms of Service, including investigation of potential violations; (c) detect, prevent, or otherwise address fraud, security, or technical issues; or (d) protect against harm to the rights, property, or safety of Prompt Certifications, our users, or the public as required or permitted by law.

Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, or sale of all or substantially all of our assets, your information may be transferred to a successor entity as part of that transaction. In such event, we will provide notice before your personal information is transferred and becomes subject to a different privacy policy, and you will have the opportunity to delete your account before the transfer if you do not wish your information to be transferred.

Managing Your Preferences

You may manage your email preferences through your account profile (where available), including toggling subscription status and saving your preference.

Unsubscribing from Non-Essential Emails

You can unsubscribe from promotional and non-essential emails at any time using the unsubscribe mechanisms provided through your profile settings or via links included in email communications.

Essential Transactional Communications

Even if you unsubscribe from non-essential emails, we reserve the right to send essential transactional and security communications that are necessary for the operation of your account, fulfillment of our contractual obligations to you, and compliance with our legal obligations, which may include:

• Account security alerts
• Password change confirmations
• Account deletion confirmations
• Payment and invoice receipts
• Important policy updates

Unsubscribe Status Records

When you unsubscribe, we store:

• Your unsubscribe preference (for example, a boolean status flag)
• A timestamp reflecting when the preference was recorded

We use this information solely to honor your communication preferences.

Session Cookies Only

We use session cookies for authentication and security. We do not use tracking, advertising, or analytics cookies.

Anonymous Users

For users who are not logged in, we do not set persistent tracking cookies. Session cookies expire when you close your browser.

Logged-In Users

For logged-in users, a session cookie is used to maintain authentication. Sessions will time out after a period of inactivity (currently set at approximately two (2) hours, but subject to change at our discretion for security or operational reasons) as a security measure.

During Exams

During an active exam session, we may extend session continuity via security mechanisms designed to prevent inadvertent logout during an exam. Exams have a fixed time limit (which varies by exam type, for example, ninety (90) minutes) and will auto-submit when time elapses. If a browser crashes or connection is lost, exam-resume availability depends on whether you return within the applicable exam time window and may be subject to additional verification for security purposes.

Browser Controls

You can control cookies through your browser settings. Disabling session cookies may prevent you from logging into your account and using exam features.

Browser Session Recovery (Important Limitation)

While we attempt to clear your session when you log out or close your browser, some browsers, particularly Chromium-based browsers like Google Chrome, Microsoft Edge, Brave, and Opera, have built-in session recovery features that can save and restore your session data locally on your device, even after we have deleted your session on our servers.

What this means:

• When you close your browser, it may save your session state locally
• When you reopen the browser, it may automatically restore that session
• This happens even though Prompt Certifications has cleared the session on our servers
• This browser behavior is outside our control and is a feature of your browser, not our website

If you're concerned about session privacy:

• Manually log out before closing your browser (we clear the server-side session)
• Use your browser's "Incognito" or "Private" mode to prevent session saving
• Check your browser settings for session recovery/restoration options and disable them if desired
• Clear your browser cache and cookies regularly
• Be cautious on shared devices, another user could restore your session if your browser restores it automatically

We recommend users on shared devices manually log out and close all browser windows completely, rather than relying on our server-side session cleanup alone.

How PDFs Are Generated

When you request to download a PDF version of your certificate, we use a third-party service called DocRaptor to generate a high-quality PDF file from your certificate template. This requires sharing specific information with DocRaptor.

What Data Is Shared

When you request a PDF certificate, only the following personal information is sent to DocRaptor:

• Your first and last name
• The name of the certification exam you passed
• Your unique certificate number
• The date your certificate was issued
• The validity period of your certificate

No other personal information (email address, payment details, account credentials, etc.) is shared with DocRaptor.

When Data Is Shared & User Consent

Data is only sent to DocRaptor when:

• You explicitly click the "PDF Certificate" button on your Dashboard
• A consent modal appears explaining what data will be shared
• You review the disclosure and click "Agree" to proceed

If you click "Disagree" on the consent modal, no data is sent to DocRaptor and no PDF is generated. You retain full control over whether to share this information.

Your Alternatives

You have options for accessing your certificate without sharing data with DocRaptor:

• HTML Certificate: View or download an HTML version of your certificate directly from your Dashboard, no third-party data sharing required
• Badge Image: Download your certification badge for use on LinkedIn, resumes, or websites

DocRaptor's Privacy & Security

DocRaptor is responsible for processing the limited data you share with them. They maintain their own privacy policy and security practices. We have no control over how DocRaptor uses or retains this data beyond the PDF generation service. For details about DocRaptor's data handling, please visit their privacy policy at docraptor.com/privacy.

Your Rights Regarding PDF Generation

You have complete control over whether your data is sent to DocRaptor:

• Opt-In Only: Data is never sent unless you explicitly request a PDF and consent
• Per-Request Consent: You must provide consent each time you request a PDF
• No Automatic Processing: We do not automatically generate or share PDFs
• Alternative Available: You can always use the HTML certificate format instead

Safeguards

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information and account security against unauthorized access, disclosure, alteration, and destruction. Safeguards include measures such as:

• Encryption of certain personal data at rest
• HTTPS/TLS encryption for data in transit
• Password hashing
• Rate limiting and abuse prevention controls
• Protections intended to mitigate cross-site request forgery and similar threats

No System Is Perfect

Despite these measures, no system is 100% secure. We cannot guarantee absolute security of your information. You are responsible for maintaining strong, unique credentials and for protecting access to your account. You should immediately notify us through our Help page if you suspect any unauthorized access to your account.

GDPR / International Rights

If you are located in the European Economic Area (EEA), the United Kingdom, Switzerland, or other jurisdictions with comprehensive privacy laws, you may have rights under applicable law that include: (a) access to your personal data; (b) rectification of inaccurate personal data; (c) erasure of personal data (right to be forgotten); (d) restriction of processing; (e) data portability; (f) objection to processing; and (g) withdrawal of consent where processing is based on consent. You also have the right to lodge a complaint with your local data protection authority.

U.S. State Privacy Rights

If you are a resident of California, Colorado, Connecticut, Virginia, Utah, or other U.S. states with comprehensive privacy laws, you may have rights under applicable state law to:

• Know what personal information is collected about you
• Access and receive details about personal information
• Delete personal information (subject to legal exceptions)
• Correct inaccuracies
• Opt out of certain processing where applicable

Because we do not sell personal information, share it for cross-context behavioral advertising, or engage in profiling in furtherance of decisions that produce legal or similarly significant effects, certain opt-out rights under state privacy laws may not be applicable to our processing activities.

How to Exercise Rights

To exercise your rights, you may:

• Use tools available through your account profile (for example, downloading or deleting your data)
• Contact us through the Help page to submit a request

We will need to verify your identity before fulfilling requests to protect your privacy and security. We may request additional information from you to verify your identity, and we will only use information provided in a verifiable request to verify your identity or authority to make the request. We will respond to verified requests within the timeframes required by applicable law (typically 45 days, with possible extensions).

General Retention Rule

We retain information for as long as reasonably necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements.

Specific Retention Practices

Account Information. Retained while your account is active and as needed for legitimate operational and legal purposes.

Exam Results. Retained for as long as necessary to maintain proof of certification and credential integrity. Because exam results form the basis of issued certifications that may be relied upon by third parties, exam result records are typically retained permanently or for extended periods (such as the lifetime of the certification program) to verify credential authenticity and prevent fraud.

Payment Records. Retained for up to seven (7) years where required or appropriate for accounting and legal compliance.

Session Cookies. Session cookies expire when you log out, close your browser, or when the session times out.

Account Deletion

Upon account deletion, we will delete or de-identify personal information associated with your account within ninety (90) days, except to the extent we must retain certain records to comply with legal obligations or to maintain credential integrity. Records we may retain include: (a) exam results and certification records (retained permanently or for the lifetime of the certification program to verify credential authenticity); (b) payment and transaction records (retained for up to seven years for tax, accounting, and audit purposes); (c) records necessary to resolve disputes or enforce our agreements; and (d) information we are required to retain under applicable law. Where we retain data, we will limit access to such data and use it only for the specific purposes for which it is retained. We may also retain de-identified or aggregated data that can no longer be used to identify you.

Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Services.

Notice of Changes

We will post the updated policy on this page with a revised "Last Updated" date. Your continued use of the Services after an update constitutes acceptance of the revised Privacy Policy.

Privacy Questions and Requests

If you have questions about this Privacy Policy or wish to exercise privacy rights, please visit our Help page to submit a support request.

Commitment

We are committed to making our certification platform accessible to users in accordance with applicable law and industry standards, including substantial compliance with WCAG 2.1 Level AA standards where commercially reasonable. If you encounter accessibility barriers, please contact us through the Help page with a detailed description of the barrier and the applicable accessibility standard allegedly not met. We will use commercially reasonable efforts to address and resolve the issue within thirty (30) business days of receiving such complete notice, provided that we shall have no obligation to address accessibility issues that would require fundamental alterations to the Services or impose an undue burden on us.

We shall not be liable for any accessibility issues arising from (i) your modifications, customizations, or configurations of the Services, (ii) your integrations with third-party systems or applications, (iii) third-party content provided by or through you, (iv) your failure to follow our accessibility guidelines or recommendations, or (v) your use of the Services in a manner inconsistent with their intended purpose.

You acknowledge that accessibility standards evolve over time and that our accessibility obligations are limited to those standards in effect and applicable to the Services as of the date of this policy, unless otherwise agreed in writing.