Last updated: 25 March 2026 · Effective: 25 March 2026
This Privacy Policy explains how Ertzyx ("we", "us", or "our"), operated at ledger.ertzyx.com, collects, uses, shares, and protects your personal information. We are committed to compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).
Ertzyx is a SaaS platform for storing and verifying personal achievements, credentials, and cultural heritage records. We serve individuals and institutions worldwide.
We collect the following categories of personal data:
Full name, email address, account type (individual or institution), and password (stored as a secure hash — never in plain text).
Achievement titles, descriptions, dates, associated institutions, pillar categories, verification status, and verification history including timestamps and reviewer identifiers.
Documents, images, certificates, and other files you upload as supporting evidence for your achievements.
IP address, browser type, pages visited, actions taken within the platform, and session duration — collected for security and service improvement purposes.
Billing details processed via Stripe. We do not store full card numbers — Stripe handles all payment data under their own PCI-DSS compliance.
Messages you send via our contact form, including name, email, organisation, subject, and message content.
We do not use your personal data for advertising or sell it to third parties.
| Purpose | Legal Basis |
|---|---|
| Account creation and management | Contract performance |
| Processing payments | Contract performance |
| Sending transactional emails | Contract performance |
| Security and fraud prevention | Legitimate interests |
| Analytics (anonymised) | Legitimate interests |
| Marketing communications | Consent (opt-in only) |
| Legal compliance | Legal obligation |
We share data only with the following categories of recipients:
Our database, authentication, and file storage are hosted on Supabase. Your data is stored on Supabase infrastructure. Supabase is GDPR-compliant and processes data under a Data Processing Agreement. Supabase Privacy Policy
Payment processing is handled by Stripe, Inc. Stripe is PCI-DSS Level 1 certified. We share only the minimum necessary billing information. Stripe Privacy Policy
When you submit an achievement for verification, the relevant institution receives the achievement details you submitted. Institutions do not receive your full profile or unrelated data.
If you choose to make a credential public, it will be accessible to anyone with the unique credential link. You control this setting.
We may disclose data when required by law, court order, or to protect the rights and safety of our users or the public.
We do not sell, rent, or trade your personal data to any third party for commercial purposes.
We use the following types of cookies:
You can manage cookie preferences via our cookie consent banner or your browser settings. See our Cookie Policy for full details.
We retain your data for as long as your account is active or as needed to provide services. See our Data Retention Policy for full details on retention periods and deletion schedules.
Depending on your jurisdiction, you have the following rights:
Right of Access
Request a copy of all personal data we hold about you.
Right to Rectification
Correct inaccurate or incomplete data.
Right to Erasure
Request deletion of your account and all associated data.
Right to Portability
Receive your data in a machine-readable format.
Right to Restrict Processing
Limit how we use your data in certain circumstances.
Right to Object
Object to processing based on legitimate interests.
Right to Withdraw Consent
Withdraw consent for marketing or analytics at any time.
CCPA Rights (California)
Know, delete, opt-out of sale, and non-discrimination rights.
To exercise any of these rights, contact us at support@ertzyx.com. We will respond within 30 days.
To request full deletion of your account and all associated data:
Alternatively, email support@ertzyx.com with the subject "Account Deletion Request". We will process your request within 30 days. Note that some data may be retained for legal compliance purposes (e.g., payment records) as outlined in our Data Retention Policy.
Your data may be processed in countries outside your own, including the United States and the European Union, where our infrastructure providers operate. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where required by GDPR.
We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, row-level security on all database tables, and regular security reviews. However, no system is completely secure. Please use a strong, unique password and enable two-factor authentication where available.
Ertzyx is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us immediately at support@ertzyx.com.
We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on the platform. Continued use of Ertzyx after changes constitutes acceptance of the updated policy.
For privacy-related questions, requests, or complaints:
If you are in the EU and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.