Privacy Policy

CertREV, Inc. (“CertREV,” “we,” “us,” or “our”) helps brands connect with credential-verified experts to review content and attach visible, verifiable credibility signals.

This Privacy Policy explains how we collect, use, share, and protect personal information when you visit our websites, use the CertREV Platform as a brand, expert, or partner, or interact with us in other ways. It also explains the choices and rights you may have under privacy laws.

If you do not agree with this Policy, please do not use the Services.

1. Who We Are and How to Contact Us

Controller / Business

For most processing of personal information described in this Policy, CertREV, Inc. is the “controller” (under GDPR-style laws) and “business” (under California law):

CertREV, Inc.
500 Westover Dr. #33166
Sanford, NC 27330, USA
Email: privacy@certrev.com

If you are an expert reviewer, some of your data is also processed under your Expert Reviewer Agreement with CertREV. If you are a brand, some content and customer data inside your drafts is processed by CertREV as your service provider / processor, as explained in Section 5.

2. Scope of this Privacy Policy

This Policy applies to:

• visitors to our websites;
• brand users and account contacts;
• expert reviewers;
• agency / referral partners; and
• people who communicate with us or apply for roles with us.

This Policy does not apply to websites or services we do not own or control, even if we link to them.

3. Personal Information We Collect

The exact data we collect depends on how you interact with us.

3.1 Information You Provide Directly

Brand accounts and business contacts

When a Brand signs up or uses the Platform, we may collect:

• Name, job title, and business contact details (email, phone, mailing address)
• Company name, website, industry, and billing contacts
• Account login details (email and password)
• Preferences, feedback, and communication history
• Content drafts and related metadata (target keywords, audience, product details, internal notes)

Expert reviewers

If you apply to be or act as an Expert, we may collect:

• Name and contact details
• Professional credentials, licenses, certifications, CV, and education
• Jurisdiction and license numbers
• LinkedIn or other professional profile links
• Sanctions / disciplinary status and related information (via background-check providers)
• Identity verification documents where required by law
• Capacity, specialties, and conflict-of-interest disclosures
• Payment details (for honoraria, such as bank or PayPal information)

Partners and vendors

For partners and vendors, we may collect:

• Contact details and role
• Contract, invoicing, and payment information
• Communications and performance data

Job applicants

If you apply for a role with CertREV, we may collect:

• Contact details, resume/CV, and application answers
• Information from interviews and references
• Right-to-work or background information where permitted by law

Support and communications

When you contact us (email, chat, meetings, or social channels), we collect:

• Name and contact details
• Content of your message(s) and any attachments
• Related notes and follow-up information

3.2 Information We Collect Automatically

When you visit our websites or use the Platform, we may automatically collect:

• Device and browser information (IP address, device identifiers, browser type, operating system)
• Usage data (pages viewed, features used, time spent, links clicked, referring URLs)
• Log data (access times, error logs, security events)

We may use cookies, pixels, and similar technologies to collect this information (see Section 7).

3.3 Information We Receive from Third Parties

We may receive personal information about you from:

• Identity and license verification providers (for example, professional license and sanctions checks for Experts)
• Payment processors (limited billing and payment status information, not full card numbers)
• Marketing and analytics partners (aggregated lead data and campaign performance)
• Public sources (public professional profiles, websites, published articles)

We use this information to verify identities, maintain security, improve the Platform, and support sales and onboarding.

4. How We Use Personal Information

We use the personal information we collect for these purposes:

To provide and operate the Services

• Creating and managing accounts
• Matching drafts to appropriate Experts
• Facilitating reviews, comments, and approvals
• Generating attribution, schema, and audit receipts

To pay Experts and manage billing for Brands

• Processing payments and honoraria
• Administering credit bundles, invoices, and receipts
• Preventing fraud and misuse

To secure and maintain the Platform

• Detecting, investigating, and preventing security incidents or abuse
• Monitoring system performance and reliability
• Running audits and maintaining immutable review logs and hashes

To communicate with you

• Sending operational emails (assignments, approvals, service notices, updates)
• Responding to support requests and questions
• Sending onboarding and educational resources

To improve and develop the Services

• Analyzing how the Platform is used
• Testing new features and workflows
• Training and evaluating internal tools to detect quality or risk (for example, hallucination flags)

To market our Services (B2B)

• Sending newsletters or event invitations (where allowed)
• Running B2B campaigns and measuring their performance
• Personalizing content on our site (for example, by role or industry)

To comply with law and enforce our rights

• Meeting legal and regulatory obligations
• Enforcing our Terms of Service and other agreements
• Responding to lawful requests from authorities or regulators
• Protecting the rights, safety, or property of CertREV, Experts, Brands, and others

We do not use Expert-level content or Brand drafts to create public, general-purpose AI models that would expose your proprietary content to others.

5. Our Roles: Controller vs. Service Provider / Processor

Different privacy laws use different terms, but the basic idea is:

• For Brand account data, marketing leads, and most website visitor data, CertREV acts as an independent controller / business.
• For content and data that Brands choose to include in drafts (for example, de-identified customer stories), CertREV generally acts as a service provider / processor to the Brand:
  • We process that content only to provide the Services (review, attribution, audit, etc.), at the Brand's direction.
  • Brands are responsible for ensuring they have a legal basis to include any personal information in drafts they send us.

Important: Brands must not submit protected health information (PHI) or other regulated personal data that they are not authorized to share. If you have questions about how a Brand uses your data inside its content, please contact that Brand directly; we can assist them in responding to your request where required.

6. Legal Bases for Processing (EEA/UK)

Where GDPR or similar laws apply, we rely on one or more of the following legal bases:

• Performance of a contract – to create and manage your account, provide the Services, and pay Experts.
• Legitimate interests – to secure the Platform, improve our services, communicate with you about similar services, and maintain audit trails, provided those interests are not overridden by your rights.
• Consent – where required by law, for certain cookies, marketing communications, or optional data collection.
• Legal obligations – to comply with laws, regulations, court orders, or enforceable government requests.

You can object to processing based on legitimate interests or withdraw consent at any time (see Section 11).

7. Cookies and Similar Technologies

We use cookies and similar technologies to:

• remember your preferences and keep you logged in
• understand how our sites and Platform are used
• improve performance and security
• support B2B marketing and measure campaign effectiveness

You can control cookies in several ways:

• via your browser settings (blocking or deleting cookies),
• via in-product cookie banners/controls where available, and
• for some states (including California), via Global Privacy Control (GPC) or similar browser signals, which we treat as opt-out signals where legally required.

Blocking certain cookies may impact functionality.

8. How We Share Personal Information

We do not sell personal information for money. Under some state privacy laws, certain sharing for analytics or targeted advertising can be treated as “sale” or “sharing” even without money changing hands; where that applies, we honor opt-out rights (see Section 11.2).

We share personal information in these ways:

8.1 Service Providers (Processors)

We use trusted third-party service providers to help us run the Services, such as:

• cloud hosting and storage
• payment processing
• email and communication tools
• analytics and security tools
• identity and license verification providers
• background check / sanctions screening providers

These providers may process personal information on our behalf, under contracts that limit their use of your data to the services they provide for us and require them to apply appropriate security.

8.2 Platform Participants

• Experts see Brand drafts they are matched to and limited Brand contact information needed to perform their review.
• Brands see Expert attribution information on approved content, including name, credentials, and short bio, as described in our Terms and Expert agreements.

8.3 Partners

We may share business-contact information with referral or agency partners who help bring Brands to CertREV, for joint marketing or account management, under appropriate agreements.

8.4 Corporate Transactions

If we are involved in a merger, acquisition, financing, or sale of all or part of our business, personal information may be transferred to the relevant third parties as part of that transaction, subject to confidentiality obligations and applicable law.

8.5 Legal and Safety

We may disclose personal information if we believe in good faith that it is necessary to:

• comply with law, regulation, legal process, or governmental request;
• enforce our agreements and policies;
• protect the security or integrity of our Services;
• protect CertREV, our users, Experts, or the public from harm or illegal activities.

8.6 Aggregated or De-identified Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you, for research, analytics, marketing, or other purposes.

9. International Transfers

CertREV is based in the United States and your information may be processed there and in other countries where our service providers operate. These countries may have different data-protection laws than your country. Where required, we use lawful transfer mechanisms such as standard contractual clauses (SCCs) or other approved safeguards to protect personal information transferred from the EEA, UK, or other regions.

10. Data Retention

We retain personal information for as long as reasonably necessary to:

• provide the Services,
• support legitimate business needs,
• comply with legal, tax, and audit obligations, and
• protect Experts, Brands, and CertREV in case of disputes.

Our general approach is:

• Accounts and billing records – kept while the account is active and for a reasonable period afterward (for example, 5–7 years for billing records, per legal requirements).
• Expert credential and verification data – retained while the Expert is active, plus a period afterward to support audit and legal obligations.
• Project content, audit hashes, and logs – may be retained for up to eight (8) years from the date of review completion, to preserve the audit trail and protect Experts and Brands in case of disputes or regulatory inquiries.
• Marketing data – retained until you opt out or until it is no longer useful, then either deleted or de-identified.

When we no longer need personal information, we will either delete it or de-identify it in line with applicable law.

11. Your Privacy Rights and Choices

Your rights depend on where you live, but we aim to honor reasonable requests from all users, subject to legal and contractual limits.

11.1 General Rights

You may be able to:

• Access your personal information
• Correct inaccurate or incomplete information
• Delete certain information
• Object to or restrict certain processing
• Receive a copy of your data in portable format
• Opt out of marketing communications
• Withdraw consent where we rely on consent

To exercise these rights, please contact us at privacy@certrev.com with “Privacy Request” in the subject line. We may need to verify your identity before acting on your request.

We may deny or limit requests where we are unable to verify your identity, where the law allows us to retain information (for example, audit logs and hashes), or where honoring the request would conflict with legal, security, or contractual obligations.

11.2 Additional Rights for Certain U.S. States (Including California)

11.3 Additional Rights for EEA/UK Residents

12. Security

We use a combination of technical, organizational, and physical safeguards designed to protect personal information, such as:

• encryption in transit and at rest where appropriate,
• access controls and least-privilege principles,
• audit logging and monitoring,
• regular security testing, and
• policies and training for staff.

CertREV follows a SOC-2-style security framework and undertakes regular assessments and audits as part of its program.

However, no system is perfectly secure. We cannot guarantee absolute security of your information. You are responsible for:

• keeping your login credentials confidential, and
• promptly notifying us at security@certrev.com or privacy@certrev.com if you suspect unauthorized access to your account.

13. Children's Privacy

Our Services are not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16.

If you believe a child under 16 has provided us with personal information, please contact us at privacy@certrev.com. We will take steps to delete such information where required by law.

14. Third-Party Sites and Services

Our websites and Services may link to, or integrate with, third-party sites, services, or plugins (for example, social networks, video platforms, or analytics tools). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing them with personal information.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements.

When we make material changes, we will:

• post the updated Policy on our website,
• update the “Effective date” at the top, and
• provide additional notice where required by law (for example, by email or in-app notice).

Your continued use of the Services after an updated Policy becomes effective means you have read and understood the changes.

16. How to Contact Us

If you have questions or concerns about this Privacy Policy, or wish to exercise your privacy rights, please contact us:

Email: privacy@certrev.com
Mail: CertREV, Inc., 500 Westover Dr. #33166, Sanford, NC 27330, USA

If you're an Expert reviewer and your question is about how your data is handled under your Expert Agreement, you can also contact: experts@certrev.com.