PRIVACY POLICY

Updated September 3, 2025

Introduction

Nuxify Inc. (“we,” “our,” or “us”) operates Certifika (the “Service”). We value your trust and are committed to safeguarding your personal information. This Privacy Policy explains how we collect, use, disclose, and protect the information you provide when using the Service.

We recognize the importance of privacy and adhere to the Data Privacy Act of 2012 (Republic Act No. 10173) of the Philippines. By accessing or using Certifika, you agree to the practices outlined in this Privacy Policy. If you do not agree with any part of this Policy, please discontinue use of the Service.

Purpose of this Policy

This Privacy Policy is intended to provide clear, transparent, and accessible information about how Certifika manages your personal data. In particular, this Policy aims to:

Identify the personal data we collect and the legal basis for processing it.
Explain why we collect your information and how it is used to deliver and improve the Service.
Outline the limited circumstances under which your information may be disclosed.
Describe the safeguards in place to protect your information against unauthorized access, loss, or misuse.
Inform you of your rights as a data subject under the Data Privacy Act of 2012 and how to exercise them.

This ensures that you remain in control of your data while we provide a secure and reliable Service.

Information We Collect

We collect personal information either voluntarily provided by you or automatically generated when you use the Service.

A. Information You Voluntarily Provide

When creating an account, managing events, claiming certificates, or contacting our support team, you may provide:

Account Information
- Full name (required to issue certificates and badges)
- Email address (required for account creation, verification, and claiming certificates)
- Passwords (used only for authentication and login)

Optional Profile Information
- Profile photo (if you choose to upload one)

Payment Data from Event Owners
- If you purchase milestone bundles or subscriptions, payment details may be collected.
- All payment information is securely processed by third-party payment providers.
- We do not store or process sensitive financial data ourselves.

We do not collect or process sensitive personal information such as government IDs, health records, or biometric data.

B. Information We Collect Automatically

When you use our app, website, or console, we may automatically collect:

Device Information
- Device type, operating system, and version
- Unique device identifiers
- IP address

Usage Information
- Log data on login attempts, certificate claims, and verification activities
- Error reports, crash logs, and performance data

Mobile App Permissions (when enabled by you)
- Camera access: to scan QR codes and claim certificates
- Storage access: to save and share certificates and badges

We do not track your location or collect unnecessary information. Automatically collected data is used primarily for security, troubleshooting, and performance improvement.

How We Use Your Information

Your personal information is processed only for legitimate purposes, including:

Creating and maintaining your Certifika account
Issuing, verifying, and personalizing certificates or badges
Managing events and participant records securely
Enabling certificate verification through blockchain technology
Communicating account-related updates and providing customer support
Complying with legal and regulatory requirements

Sharing and Disclosure of Information

We do not sell or rent your personal data. Disclosure is limited to the following cases:

With service providers: To support hosting, technical operations, or customer support under strict confidentiality.
For legal compliance: When required by law, regulation, or court order.
On Certifika Explorer: Public certificate records may be displayed with masked names and partially hidden emails to balance transparency with privacy.

Cookies and Tracking Technologies

We may use cookies and similar technologies on our website and console to:

Improve user experience and functionality
Remember preferences
Collect analytics to improve performance

You may manage or disable cookies through your browser settings, though this may affect some Service features.

Third-Party Links and Social Media

Certifika may provide options to share certificates to platforms such as LinkedIn, Facebook, or Instagram. Please note:

Logging in to these third-party services is subject to their own policies.
This Privacy Policy applies only to Certifika.
We are not responsible for the practices of third-party sites or platforms.

We encourage you to review the privacy policies of external services before use.

Data Retention

Active Accounts: We retain your information while your account remains active.
Account Deletion: When you delete your account, associated personal data will be erased. However, certificates and badges already issued remain permanently on the blockchain as proof of achievement.
Retention Limits: We only retain information as long as necessary for the purposes described in this Policy or as required by law.

Data Security

We implement industry-standard security measures, including:

Blockchain-backed records that are tamper-proof and verifiable
Encryption of login and sensitive data
Recovery Key system to ensure only you can access your account
Access controls and secure servers to minimize unauthorized access

When certificates are displayed on Certifika Explorer, names and email addresses are anonymized to ensure privacy while maintaining verifiability.

Managing Your Data

You may review, update, or delete your personal data by:

Logging into your Certifika account and adjusting your settings
Using the in-app Delete Account feature to permanently remove your data
Contacting our support team at [email protected] for assistance

Children’s Privacy

Certifika is not intended for individuals under 18 years of age without parental or organizational consent. We do not knowingly collect personal data from minors. If such data is discovered, it will be deleted immediately.

Your Data Privacy Rights

Under the Data Privacy Act of 2012, you have the right to:

Be informed about how your personal data is collected and processed
Access the personal data we hold about you
Object to the processing of your data under certain conditions
Rectify inaccurate or outdated data
Request deletion or blocking of your data (subject to blockchain permanence of issued certificates)
Port your data for use in other services
File complaints with the National Privacy Commission (NPC) for violations

NPC Compliance and Data Protection Officer

As required by the Data Privacy Act, we maintain compliance through:

Data Protection Officer (DPO): Appointed to oversee privacy compliance and safeguard data subject rights
Privacy Impact Assessments (PIA): Conducted to identify risks and ensure safeguards
Breach Notification: Affected individuals and the NPC will be notified within 72 hours of a data breach involving personal data
Privacy by Design: Security is embedded in our processes, supported by blockchain-backed validation and encryption
NPC Oversight: Users may file complaints with the NPC if their rights are violated

Policy Updates

We may revise this Privacy Policy from time to time to reflect changes in practices, technologies, or legal requirements. Updates will be posted on our website. Continued use of the Service after updates constitutes your acceptance of the revised Policy.

Contact Information

If you have questions, concerns, or requests about this Privacy Policy, you may contact us at:

Nuxify Inc
Email: [email protected]
Support: [email protected]
Website: https://certifika.org
Facebook: facebook.com/CertifikaFromNuxify