Credly.study Privacy Policy

Platform securing personal data blocks under a protective shield for privacy

Effective Date: 07-24-2023

1. Introduction

This Privacy Policy ("Policy") describes how Credly.study ("Credly.study", "We", "Us", "Our") collects, uses, processes, shares, and protects personal data when you ("User", "Issuer", "You", "Your") access and use our website located at credly.study (the "Website") and the associated services for issuing, managing, verifying, and showcasing digital credentials, including Non-Fungible Token (NFT) credentials (collectively, the "Service" or "Platform").

This Policy forms a part of the legal agreement between You and Credly.study. By accessing or using the Service, you signify that you have read, understood, and agree to the collection, storage, use, and disclosure of your personal data as described in this Policy and our Trusted Third Party (TTP) Agreement. If you do not agree with the terms, please do not access or use the Service.

2. Definitions

Terms used in this Policy shall have the meanings ascribed to them in our TTP Agreement, supplemented by the following:

  • 2.1. "Personal Data": Any information relating to an identified or identifiable natural person. This can include, but is not limited to, name, email address, contact details, identification numbers, online identifiers, and information contained within Credentials you provide or receive.
  • 2.2. "Non-Personal Data" / "Usage Data": Information that does not, on its own, permit direct association with any specific individual. This includes data automatically collected when you interact with the Service, such as IP address, browser type, operating system, referring URLs, pages viewed, access times, and information collected through cookies and similar technologies.
  • 2.3. "Processing": Any operation performed on Personal Data, such as collection, recording, organization, structuring, storage, adaptation, retrieval, use, disclosure by transmission, dissemination, alignment or combination, restriction, erasure, or destruction.
  • 2.4. "Cookies": Small text files stored on your device by your web browser when you visit websites, used to recognize your browser and remember certain information.

3. Information We Collect

We collect information to provide, operate, maintain, and improve our Service. The types of information we collect depend on your interaction with the Platform:

3.1. Information You Provide Directly:

  • Account Information: When you register as a User or Issuer, we collect information such as your name, email address, phone number, organization name (if applicable), account password, and potentially other identifiers needed for account setup and verification.
  • Credential Information (Provided by Issuers): When an Issuer creates or imports a Credential, they provide Personal Data about the recipient (User), such as name, email address, date of issuance, details of the achievement/qualification, and potentially other relevant information required for the Credential. Issuers are solely responsible for ensuring they have the necessary legal basis (e.g., consent) to provide this recipient data to us.
  • Verification Information: During verification processes (e.g., for achieving certain Trust Levels as outlined in the TTP Agreement), Users or Issuers may be required to provide additional documentation, participate in video verification, or provide other information to help authenticate identity or credentials.
  • Payment Information: If you make payments for services, we (or our third-party payment processors) collect payment details (e.g., credit card information, billing address), although we typically only store minimal transaction identifiers.
  • Communications: When you contact us for support or other inquiries, we collect the information contained in your communications.

3.2. Information Collected Automatically (Usage Data):

  • Log Files: Like most websites, we gather certain information automatically and store it in log files. This may include IP addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data.
  • Cookies and Similar Technologies: We use cookies, web beacons, pixels, and similar technologies to operate the Service, understand user activity, personalize experience, and for analytics. This includes session cookies (temporary) and persistent cookies (remain for a set period). You can control cookie settings through your browser, but disabling certain cookies may affect Service functionality.
  • Device Information: We may collect information about the device you use to access the Service, such as hardware model, operating system version, and unique device identifiers.

3.3. Information from Third Parties:

We may receive information about you from third parties, such as verification partners or public databases, during the credential verification process, but only as necessary to provide the Service and assign Trust Levels.

4. How We Use Your Information

We use the collected information for the following purposes:

  • 4.1. To Provide and Manage the Service: Operate the Platform, create and manage user/issuer accounts, process transactions, issue, display, and facilitate verification of Credentials.
  • 4.2. Identification and Verification: Identify Users and Issuers, conduct verification processes as described in the TTP Agreement, and assign Trust Levels.
  • 4.3. Communication: Communicate with you regarding your account, Service updates, security alerts, support requests, transactions, and policy changes.
  • 4.4. Service Improvement: Analyze Usage Data to understand how the Service is used, diagnose technical issues, improve functionality and user experience, and develop new features.
  • 4.5. Personalization: Personalize your experience on the Platform.
  • 4.6. Security and Fraud Prevention: Protect the security and integrity of the Platform, prevent fraud, enforce our terms (including the TTP Agreement), and investigate potential violations.
  • 4.7. Legal Compliance: Comply with applicable legal obligations, regulations, or valid legal processes (e.g., responding to subpoenas or court orders).
  • 4.8. Marketing (With Consent): Send promotional communications about our products, services, offers, or events, but only where we have obtained your explicit consent to do so (you can opt-out at any time).
  • 4.9. Aggregated Data: Create aggregated or anonymized data for statistical analysis, research, or reporting, which cannot reasonably be used to identify you.

5. Legal Basis for Processing Personal Data

We process your Personal Data based on one or more of the following legal grounds:

  • 5.1. Contractual Necessity: To fulfill our contractual obligations to you under our TTP Agreement and other terms (e.g., providing the core Service features).
  • 5.2. Consent: Where you have provided your explicit consent for specific processing activities (e.g., for certain marketing communications). You can withdraw your consent at any time.
  • 5.3. Legitimate Interests: For our legitimate business interests, provided they do not override your fundamental rights and freedoms (e.g., improving the Service, security, fraud prevention, analytics).
  • 5.4. Legal Obligation: To comply with applicable laws and regulations.

6. How We Share Your Information

We do not sell your Personal Data. We may share your information in the following circumstances:

  • 6.1. Service Providers: With third-party vendors and service providers who perform services on our behalf (e.g., cloud hosting, data storage, payment processing, analytics providers, email delivery, customer support tools). These providers are contractually obligated to protect your data and use it only for the purposes we specify.
  • 6.2. Public Display of Credentials: Information contained within Credentials (potentially including recipient name and achievement details, depending on Issuer settings and the nature of the Credential) and their associated Trust Level are designed to be viewable and verifiable by the public or authorized third parties via the Platform.
  • 6.3. Verification Partners: During verification processes, we may share necessary information with issuing institutions or third-party verification services to confirm authenticity, based on the requirements for specific Trust Levels.
  • 6.4. Legal Requirements: If required by law, regulation, legal process (like a subpoena or court order), or governmental request.
  • 6.5. Protection of Rights: To enforce our TTP Agreement and other policies, protect the rights, property, or safety of Credly.study, our users, or the public, or to investigate and prevent fraud or security issues.
  • 6.6. Business Transfers: In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction, subject to standard confidentiality agreements.
  • 6.7. With Your Consent: We may share your information with third parties when we have your explicit consent to do so.

7. Data Security

We implement reasonable technical and organizational security measures designed to protect your Personal Data from unauthorized access, use, alteration, disclosure, or destruction. These measures may include encryption, access controls, and regular security assessments.

However, please be aware that no internet transmission or electronic storage method is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. You are also responsible for maintaining the security of your account credentials.

8. Data Retention

We retain Personal Data for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law. This includes retaining data necessary to maintain your account, provide the Service, comply with legal obligations, resolve disputes, enforce agreements, and maintain secure and reliable backups. Data associated with Credentials anchored on the blockchain is inherently persistent due to the nature of the technology.

9. Your Rights and Choices

Depending on your location and applicable data protection laws (such as GDPR or CCPA), you may have certain rights regarding your Personal Data:

  • 9.1. Access: Request access to the Personal Data we hold about you.
  • 9.2. Rectification: Request correction of inaccurate or incomplete Personal Data.
  • 9.3. Erasure (Deletion): Request deletion of your Personal Data, subject to certain legal limitations (e.g., data on the blockchain cannot typically be erased).
  • 9.4. Restriction: Request restriction of the processing of your Personal Data under certain circumstances.
  • 9.5. Objection: Object to the processing of your Personal Data based on our legitimate interests.
  • 9.6. Portability: Request a copy of your Personal Data in a structured, machine-readable format.
  • 9.7. Withdraw Consent: Withdraw your consent at any time where processing is based on consent (this does not affect the lawfulness of processing before withdrawal).
  • 9.8. Opt-Out of Marketing: Opt-out of receiving promotional emails by following the unsubscribe instructions in those emails.

To exercise these rights, please contact us using the details provided below. We may need to verify your identity before processing your request. Note that exercising certain rights (like deletion) may impact your ability to use the Service.

10. Cookies and Tracking Technologies

As mentioned, we use Cookies and similar technologies. You can typically manage cookie preferences through your web browser settings. For more details on the specific cookies we use, please refer to our [Link to Cookie Policy, if applicable - create separately if needed].

11. Third-Party Links

The Service may contain links to third-party websites or services that are not operated by us. This Policy does not apply to third-party practices. We encourage you to review the privacy policies of any third-party sites you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

12. Children's Privacy

The Service is not intended for or directed at children under the age of 16 (or the relevant age of digital consent in your jurisdiction). We do not knowingly collect Personal Data from children. If we become aware that we have collected Personal Data from a child without parental consent, we will take steps to delete that information.

13. International Data Transfers

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United States and process it there. We will take steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

14. Disclaimer of Liability

  • 14.1. Accuracy of User/Issuer Data: Credly.study does not verify and is not responsible for the accuracy, completeness, or legality of the Personal Data or Credential content provided by Users or Issuers. Users and Issuers are solely responsible for the information they submit to the Platform.
  • 14.2. Security Limitations: While we implement reasonable security measures, we disclaim liability for any unauthorized access, disclosure, loss, or theft of Personal Data resulting from factors beyond our reasonable control, including sophisticated hacking attempts, user negligence (e.g., weak passwords, sharing account access), or failures of third-party infrastructure.
  • 14.3. "AS IS" Basis: The Service is provided "AS IS". We make no warranties regarding the security or uninterrupted availability of the Service. See our TTP Agreement for further limitations of liability.

15. Changes to This Privacy Policy

We reserve the right to modify or update this Privacy Policy at any time, without prior individual notice. Changes will be effective immediately upon posting the revised Policy on the Website, indicated by the updated "Effective Date". It is your sole responsibility to review this Policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the revised Policy. If you disagree with the changes, you must stop using the Service.

16. Governing Law and Dispute Resolution

This Privacy Policy and any disputes arising out of or related to it shall be governed by and construed in accordance with the laws of the State of Delaware, USA, without regard to its conflict of law provisions. Any disputes shall be handled as outlined in the Dispute Resolution section of our TTP Agreement.