Privacy Policy

CertLabPro is designed with a privacy-first architecture. Your study activity — exam answers, scores, notes, flashcard state, spaced repetition scheduling, and progress — stays on your device and is never transmitted to our servers or any third party. The Service operates without account creation, registration, or login.

We do, however, use Google Analytics 4 (GA4) and Google Tag Manager (GTM) to collect anonymized site-usage metadata so we can understand which pages are useful and improve the Service. The data sent to Google is limited to: page paths visited, referrer URL, anonymized IP address (the last octet is dropped before storage via the anonymize_ip flag), browser type and version, operating system, language preference, viewport size, and approximate geographic region. We do not pass your study data, exam answers, scores, notes, or any other personalized content to Google.

All study-related, user-generated data is stored locally on your device using browser localStorage (on the web) or AsyncStorage (on mobile platforms). This locally stored data includes, but is not limited to: exam results and scores; study notes and resource links; language and theme preferences; spaced repetition (SRS) scheduling data; practice mode progress for each certification; and activity calendar entries.

The Service does not collect your name, email address, persistent device identifier, precise geolocation, or any other information that could be used to identify you personally.

Because all data resides exclusively on your device, it is used solely to provide you with a personalized study experience within the Service. Specifically, locally stored data enables the Service to: track your exam progress, scores, and pass rates across sessions; save and retrieve your study notes and external resource links; remember your preferred language and display theme; maintain spaced repetition schedules for optimal review intervals; display your activity calendar and cumulative study statistics; and restore your progress when you return to a previously started practice session.

We do not process, analyze, or monetize your data in any way. No data is transmitted from your device to our servers or to any third party.

All user data is stored locally on your device using industry-standard client-side storage mechanisms (Web Storage API for browsers; AsyncStorage for React Native mobile applications). We do not operate backend databases or cloud storage systems that contain user data.

The security of your data is governed by the security of your device and browser. We recommend that you maintain appropriate security measures on your device, including keeping your operating system and browser up to date, using a device passcode or biometric lock, and avoiding the use of shared or public devices for study sessions involving personal notes.

You may delete all CertLabPro data at any time by clearing your browser's site data for the certlabpro.com domain, or by uninstalling the mobile application. Please note that data deletion is permanent and irreversible.

CertLabPro integrates with the following third-party services on the website (the mobile applications do not transmit data to any third party):

Google Analytics 4 (GA4) and Google Tag Manager (GTM): Used to measure aggregate site usage. GA4 receives only the anonymized page-view metadata described in Section 1 (page paths, referrer URL, anonymized IP, browser, operating system, viewport size, locale, and approximate region). GA4 sets first-party cookies on your browser to maintain an anonymous session identifier; these cookies contain no personally identifiable information and are documented in our Cookie Policy. We do not use GA4's advertising features, audience signals, demographic reports, or cross-site tracking.

We do not use any other third-party analytics, advertising, or tracking services. Specifically, we do not use: Firebase Analytics, Mixpanel, Amplitude, or similar product-analytics platforms; advertising SDKs or networks; Meta (Facebook) Pixel, LinkedIn Insight, or social-media tracking pixels; Hotjar, FullStory, or any session-recording tool; third-party crash reporting that transmits user data; or any service that profiles individual users. We do not share, sell, rent, or otherwise disclose user data to any third party.

The mobile application may communicate with Apple's App Store or Google Play solely for the purpose of processing in-app purchases. These transactions are handled entirely by the respective platform provider, and CertLabPro does not receive or store your payment information.

Under the EU General Data Protection Regulation (GDPR), the UK GDPR, and the Swiss Federal Act on Data Protection (FADP), we rely on the following lawful bases:

Consent (GDPR Article 6(1)(a)): for the page-view metadata sent to Google Analytics 4 (GA4) and Google Tag Manager (GTM) when you click "Accept" on the consent banner. Consent is granted on a per-category basis (analytics, marketing) and may be granular. You may withdraw your consent at any time through the "Cookie settings" link in the site footer; withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Legitimate interests (GDPR Article 6(1)(f)): for the strictly necessary first-party cookies used to remember your locale (certlabpro_locale), display theme (certlabpro_theme_mode), and your cookie consent record itself (certlabpro_consent). These cookies contain no personal data, are first-party, and serve a purely functional purpose. They are exempt from consent under ePrivacy Directive Article 5(3) ("strictly necessary" exemption).

No other lawful basis is invoked because no other personal data is processed by us.

Residents of the European Economic Area (EEA), the United Kingdom, and Switzerland have the following rights under applicable data protection law. Many of these rights are also available, in similar form, to residents of California (CCPA / CPRA), Brazil (LGPD), and other jurisdictions; we apply them globally as a matter of policy.

Right of access (GDPR Article 15): You may request confirmation of whether we process personal data about you and a copy of that data.

Right to rectification (Article 16): You may request that inaccurate data be corrected.

Right to erasure / "right to be forgotten" (Article 17): You may request deletion of your data. For data held in your browser's local storage, you can clear it yourself at any time by following the instructions in our Cookie Policy. For page-view data held by Google Analytics, we will forward your request to Google's User Deletion API on your behalf.

Right to restriction of processing (Article 18): You may ask us to limit how your data is used.

Right to data portability (Article 20): You may receive a copy of your data in a structured, commonly used, machine-readable format.

Right to object (Article 21): You may object at any time to processing based on legitimate interests.

Right to withdraw consent (Article 7(3)): You may withdraw your consent at any time via the "Cookie settings" link in the site footer.

Right to lodge a complaint (Article 77): You have the right to lodge a complaint with the supervisory authority in the EU member state of your habitual residence, place of work, or alleged infringement. A list of EU supervisory authorities is published by the European Data Protection Board at https://www.edpb.europa.eu/about-edpb/about-edpb/members_en.

To exercise any of these rights, contact us at info@3idata.com. We will respond within 30 days (one month) of receiving a verifiable request, in accordance with GDPR Article 12(3); we may extend this period by a further two months for complex requests, in which case we will inform you of the extension and the reasons for the delay within the initial month.

We retain different categories of data for different periods:

Locally stored study data: retained on your device until you choose to clear it. We do not have access to or control over the timing of deletion. You may delete this data at any time by clearing your browser's site data for certlabpro.com (web) or uninstalling the mobile application.

Google Analytics page-view data: retained by Google for 14 months from the date of collection, after which it is automatically and permanently deleted. This setting is configured in the GA4 admin console under Data Settings → Data Retention.

Consent records: the consent cookie (certlabpro_consent) is set with a 1-year lifetime. When the cookie expires, the consent banner re-prompts you on your next visit. We do not store consent records on any server — the cookie itself is the record.

Email correspondence: communications you send to info@3idata.com are retained for as long as necessary to handle the matter and to meet our legal obligations, typically up to three (3) years.

The Service is available globally. Locally stored study data does not cross borders, as it remains on the user's device.

Page-view metadata collected via Google Analytics 4 is transmitted to Google's servers, which may be located in the United States. This transfer is covered by the EU–US Data Privacy Framework (DPF), to which Google LLC is certified (https://www.dataprivacyframework.gov/), and additionally by Google's Standard Contractual Clauses (SCCs) for transfers to other jurisdictions where Google operates. The data transferred is limited to the anonymized page-view metadata described in Section 1; no study data is transferred.

Users in the European Economic Area (EEA), the United Kingdom, and Switzerland should note that the lawful basis for these transfers is the consent you provide via the cookie banner (or, in the case of strictly necessary cookies, the ePrivacy exemption). You may withdraw consent at any time, in which case the transfer ceases for any future processing.

CertLabPro is designed for professional and technical certification study and is not directed at children under the age of thirteen (13). We do not knowingly collect personal information from children under 13. Because the Service does not collect any personally identifying information directly from users, there is no mechanism by which a child's data could be inadvertently collected by us.

If you are a parent or guardian and believe that your child has provided personal information to us, please contact us at info@3idata.com so that we can investigate and take appropriate action, including deletion of any such data.

We reserve the right to modify this Privacy Policy at any time. Any changes will be reflected on this page with an updated "Last revised" date. If we make material changes that significantly affect your rights, we will make reasonable efforts to provide notice — for example, by displaying a prominent notice within the Service or by re-prompting your consent through the cookie banner.

Your continued use of the Service after the posting of changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this page periodically to stay informed about our privacy practices.

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Email: info@3idata.com Website: https://certlabpro.com/contact

We will endeavor to respond to all inquiries within a reasonable timeframe and, for verifiable data subject requests, within the 30-day period required by GDPR Article 12(3).

Legal entity: 3iDATA, LLC D-U-N-S® Number: 036974641