Privacy Policy

Last Updated: December 15, 2025

Welcome to CertOf™. We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy explains what information we collect, how we use and share it, how long we retain it, and the choices and rights you may have when you use our websites and services.

For the purposes of applicable data protection laws, Beijing Echang Technology Co., Ltd. is the data controller for personal information processed under this Privacy Policy.

Our Services are operated using infrastructure located primarily in the United States and Singapore. In addition, authorized personnel may access certain information remotely from other locations, including mainland China, to operate, administer, and support the Services.

This Privacy Policy applies to CertOf™ websites and related services, including CertOf™ Translation, the translation submission experience, and online verification features (collectively, the “Services”).

1. Information We Collect

We collect information in a few different ways to provide and operate the Services.

1.1 Information You Provide Directly

• Documents and content for translation. We collect the documents, images, text, and other materials you upload or submit for translation, formatting, delivery, verification, customer support, and related service operations. This may include your selected source language, target language, and any instructions you provide.
• Account information. If you create an account, we may collect identifiers such as your email address and any other information you choose to provide.
• Communications. If you contact us (for example, by email or through our contact page), we collect the information you provide in your message and any related attachments.

1.2 Information We Do Not Collect or Store as Full Card Data

• Payment card details. We do not collect or store your full payment card details on our servers. Payments are processed by third-party payment processors or payment gateways, and their collection and use of your payment information are governed by their own privacy policies.

1.3 Information We Collect Automatically

• Device and usage data. We may collect information such as IP address, browser type, device identifiers, pages viewed, referral URLs, and approximate location derived from IP address. We use this to operate, secure, and improve the Services.
• Cookies and similar technologies. We use cookies and similar technologies to enable core website functionality and to understand how users interact with the Services.

2. Cookies and Similar Technologies

We use cookies and similar technologies for the following purposes:

• Essential cookies. Required for core site functionality, such as maintaining sessions, security protections, and basic site operations.
• Performance and analytics cookies. Used to understand how visitors interact with our websites (for example, to measure traffic and improve user experience).
• Marketing and advertising cookies. May be used to deliver relevant advertising and to measure the effectiveness of marketing campaigns.

You can manage cookies through your browser settings. If you disable certain cookies, parts of the Services may not function properly.

Where required by applicable law, we may present a cookie consent or preference tool to let you accept or reject non-essential cookies (such as analytics and advertising cookies). Where such controls are available, you can also change your preferences later using the cookie controls on our website.

In addition to cookie controls, some advertising partners may offer their own opt-out mechanisms for interest-based advertising.

3. How We Use Your Information

We use the information we collect for purposes that include:

• Providing, operating, maintaining, and improving the Services, including translation, formatting, delivery, and online verification features.
• Processing transactions and providing receipts, confirmations, and service-related notices.
• Responding to requests, questions, and customer support inquiries.
• Protecting the security and integrity of the Services, preventing fraud, abuse, and unauthorized access.
• Complying with legal obligations and enforcing our terms and policies.

4. AI-Assisted Processing and Model Improvement

Our Services may use AI-assisted processing to translate and format documents. This often requires transmitting document content to third-party technology providers for processing.

4.1 Use of Documents for Training or Improvement

• Paid documents. Documents for which you complete a payment are not used to train or improve our AI models.
• Optional improvement program (opt-in). From time to time, we may offer an opt-in option (for example, at upload, checkout, or in account settings) that allows us to use de-identified and aggregated snippets to improve our systems. Participation is optional. If you do not opt in, we will not use your content for training or model improvement. If you opt in, you may withdraw your consent at any time by contacting us at [email protected], and we will apply the change going forward.

When de-identification is used, we take steps intended to reduce the likelihood that information can be linked back to you. However, no de-identification process can guarantee zero risk of re-identification in all circumstances.

5. How We Share Your Information

We may share your information with the following categories of recipients, only as needed to provide and operate the Services:

5.1 Third-Party AI and Technology Service Providers

To provide translation and related processing, your uploaded documents and related instructions may be transmitted to and processed by third-party infrastructure and AI service providers. These providers may include Large Language Model (LLM) API providers and other processing vendors. These providers may process data in multiple countries or regions, depending on their infrastructure and service delivery.

If your document contains highly sensitive, confidential, or proprietary information that you do not want processed by third parties, do not use the Services.

We may configure our Services to use certain processing regions or endpoints when available. However, third-party service providers may process data in multiple locations depending on their infrastructure, security requirements, and contractual terms.

5.2 Payment Processors

We share information necessary to process payments and manage billing (for example, transaction identifiers and basic purchase details) with third-party payment processors or payment gateways.

5.3 Analytics and Marketing Partners

We may share limited information with analytics and advertising partners to measure performance, understand usage, and improve marketing effectiveness. This may include cookie-based identifiers and usage data, subject to your cookie choices where applicable.

5.4 Customer Support and Communications Providers

We may use third-party providers to help manage customer communications and support workflows. These providers may process contact information and support messages as needed to provide assistance.

5.5 Authorized Personnel and Cross-Border Access

To operate, administer, and support the Services, we may allow authorized personnel (including personnel located in mainland China) to access certain information on a need-to-know basis. This may include account identifiers, order and support ticket details, and limited document representations (such as previews or thumbnails), depending on the workflow and the support issue.

We seek to limit such access by using role-based access controls, logging, and other measures designed to minimize the data that personnel can view and to restrict access to what is necessary for operational, security, quality, and customer support purposes.

5.6 Legal, Security, and Compliance

We may disclose information if we believe it is necessary to comply with applicable law, respond to lawful requests, protect the security of the Services, prevent fraud or abuse, or protect the rights, property, or safety of users, the Company, or others.

6. Data Retention

Unless you explicitly request deletion, we generally retain documents and translation-related data for a minimum of 5 years. This helps support long-term access for downloading files and enables the ongoing operation of online verification features (for example, QR code or link-based verification), where provided.

If you request deletion, we will delete or de-identify documents and translation content where feasible. Please note that deletion may disable future downloads and may affect the continued operation of any online verification or QR code features associated with your order.

We may retain limited records as required or permitted by law, including records related to payments, taxation, security, fraud prevention, and dispute handling.

7. Data Security

We implement safeguards designed to protect your information. These measures may include encryption in transit (such as TLS/HTTPS), access controls, and other technical and organizational measures. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

We may use access logging and monitoring mechanisms designed to help detect, investigate, and prevent unauthorized access and misuse.

8. International Data Transfers

Your information may be transferred to, stored in, and processed in jurisdictions other than where you live, including the United States and Singapore where our primary infrastructure is located. In addition, authorized personnel in other jurisdictions (including mainland China) may access certain information remotely for operational, administrative, security, quality assurance, and customer support purposes.

Data protection laws may differ across countries. Where required by applicable law, we will implement measures intended to support lawful cross-border transfers and access, which may include contractual protections and appropriate security safeguards.

9. Your Choices and Data Rights

Depending on your location and applicable law, you may have rights to:

• Access and review the personal data we hold about you.
• Correct inaccuracies in your personal data.
• Request deletion of your account and associated personal data, subject to legal, security, and record-keeping obligations.
• Object to or restrict certain processing in some circumstances.
• Opt out of receiving marketing emails by using the unsubscribe link in those messages.
• Withdraw your consent where we rely on consent (for example, certain cookies or optional improvement programs), where applicable.
• Request a copy of certain information in a portable format, where applicable.
• Lodge a complaint with a relevant data protection authority, where applicable.

If you believe we have not addressed your concerns, you may have the right to lodge a complaint with your local data protection authority, where applicable.

To exercise these rights, please contact us at [email protected]. You may also find additional contact options on our Contact page: https://certof.com/contact/.

10. Children’s Privacy

The Services are not directed to children, and we do not knowingly collect personal information from children under 13 (or under the age required by applicable law in your jurisdiction). If you believe a child has provided us personal information, please contact us and we will take appropriate steps.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the “Last Updated” date. Your continued use of the Services after an update means you acknowledge the updated Privacy Policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at [email protected].

Operating Entity: Beijing Echang Technology Co., Ltd.

Additional Contact Information: https://certof.com/contact/