Privacy Policy

Our guiding principle is to collect only what we need. Here's what that means in practice:

Identity and access

When you sign up, we ask for your name, email address, and possibly a few other details. We use this to personalize your account and send you essential product updates. We may also send optional surveys to understand how you use our products. With your consent, we'll send newsletters and other updates. You can also optionally add a profile picture.

We will never sell your personal information to third parties, and we won't use your name or company in marketing without your permission.

Billing information

For paid plans, we ask for payment information and billing address. Your credit card number goes directly to our payment processor — it never touches our servers. We store the last 4 digits of your card number, along with a record of each transaction, for account history, invoicing, and billing support. We store your billing address to charge you correctly, calculate sales tax, send invoices, and detect fraud. We may use aggregate billing data (not individual records) to guide marketing decisions.

Certificates and forwarded email

We store the certificates and continuing-education records you upload, and the data we extract from them, so the Services work as intended. If your plan includes a private LogCEC inbox, we also receive and store the emails you forward to your LogCEC address — including the sender and recipient addresses, message metadata, and any attachments — so we can turn them into certificate records. Only forward documents you have the right to share. We keep this content while your account is active; if you delete your account, we delete it within 60 days.

General geolocation data

We log the IP address used to create your account, and we log the IP address of all account logins. We use this for spam prevention, security, and fraud detection. Login data is retained for as long as your account is active.

Website interactions

We collect browsing activity data for analytics — things like which pages you visited, how long they took to load, your browser and OS versions, your IP address, and which site referred you to us. This helps us test new designs and improve our products. If you're signed in, this data is associated with your account while it's active. See the Cookies and analytics section for more details.

Anti-bot assessments

We use CAPTCHA and similar tools to prevent spam and brute-force login attempts. When you log in or fill out certain forms, the CAPTCHA service analyzes signals like your IP address, time on page, and mouse movements to determine whether you're a human. It sends us only a score — we don't receive the underlying data it evaluated.

Cookies and analytics

We use essential first-party cookies to keep you signed in and remember your preferences. We also use a product-analytics provider (PostHog) and similar tools to understand how the Services are used, measure performance, and run A/B tests. Where we run paid ad campaigns, an ad-network cookie may be set to measure their effectiveness.

A cookie is a small piece of text stored in your browser. You can manage or block cookies in your browser settings, though blocking essential cookies may prevent the apps from working. Where required by law — for example, in the EU and UK — we ask for your consent before setting non-essential cookies.

Voluntary correspondence

When you email us with a question or request, we keep that correspondence — including your email address — so we have context for future interactions.

We also retain information you voluntarily share, such as survey responses. If you agree to a customer interview, we may ask to record it. We'll only do so with your explicit consent.

To save you from typing, LogCEC uses automated processing — including third-party artificial-intelligence models from Anthropic — to read the certificates and forwarded documents you provide and extract details such as completion dates, credit hours, categories, providers, and your name. Files are also checked for malware; only a digital fingerprint (hash) of the file is sent to the scanning service, never the file contents.

We send your document contents to these providers solely to perform this extraction for you. Under our agreements with them, your content is not used to train their models. When the system is unsure about a value, it flags the record for your review rather than guessing silently, and you can edit any extracted field. Because this processing is automated, it may be inaccurate — please review the results. See your Right to Opt Out of Automated Decision-Making below.

We use the following third-party subprocessors to operate the Services. They process data only on our instructions and under data-processing terms. Processing is primarily in the United States (see "Location of site and data").

We update this list as our providers change. Questions about our subprocessors? Contact privacy@tinkercitadel.com.

To provide the Services. We work with third-party subprocessors to run our applications. A list of subprocessors for each product is available upon request, along with a list of processors used for other business functions like newsletters and customer surveys.

If you connect a third-party service to your account, we may share relevant information with that service at your direction.

No Tinker Citadel LLC employee reads your content except in limited cases with your permission — for example, if an automated process fails and manual intervention is needed to fix it. We treat these as rare exceptions and look for ways to prevent them from recurring. We may also access your data if required by law (see "When required under applicable law" below).

To help you troubleshoot. If we need to access your content to help with a support case, we'll ask for your consent first.

To investigate misuse. Accessing a customer's account during an abuse investigation is a last resort. We balance customer privacy with the responsibility to address reports of harm. If we find a violation, we'll take appropriate action, which may include notifying authorities.

Aggregated or anonymized data. We may combine or anonymize data collected through the Services and use it for any purpose, including marketing or analytics.

When required under applicable law. Tinker Citadel LLC is a U.S. company with its primary infrastructure in the U.S.

• Government requests for user data. We do not share user data with government authorities unless legally required — specifically, if we receive a valid U.S. warrant, criminal subpoena, or court order. We only respond to non-U.S. government requests if the U.S. government compels us through a mutual legal assistance treaty. We'll notify you before disclosing data unless we're legally prohibited from doing so, or in limited emergency situations.
• Data preservation requests. We comply with data preservation requests only when required by the U.S. Federal Stored Communications Act (18 U.S.C. § 2703(f)) or a properly served U.S. civil subpoena. We won't disclose preserved data unless required by law or a court order we choose not to appeal. If we don't receive a valid legal order before the preservation period ends, we'll delete the preserved copies.
• Tax audits. If we're audited, we'll share only the minimum billing information required — such as billing addresses and tax exemption records.

If Tinker Citadel LLC is acquired or merges with another company, we'll notify you well before any of your personal information is transferred or subject to a new privacy policy.

We apply the same data rights to all customers, regardless of where they are located. These rights include:

• Right to Know. You can ask what personal information we collect, how we use it, and who we share it with. This policy outlines those details.
• Right of Access. You can request a copy of the personal information we hold about you, including details about how it's stored, secured, and shared.
• Right to Correction. You can ask us to correct inaccurate personal information.
• Right to Erasure ("Right to Be Forgotten"). You can ask us to delete your personal information, subject to certain legal limitations. Note that deleting some information may prevent you from using our Services — in those cases, erasure may require closing your account.
• Right to Complain. You can file a complaint with the appropriate regulatory authority about how we handle your data.
• Right to Restrict Processing. You can ask us to limit how we use your data, including opting out of any sale of your information. (We have never sold your data and never will.)
• Right to Object. In certain situations, you can object to how or why we process your personal information.
• Right to Portability. You can request a copy of your data to take elsewhere. For product data, you can export it directly from within each product using the built-in export tools.
• Right to Opt Out of Automated Decision-Making. You can object to decisions made solely by automated processes if those decisions have significant legal or practical effects on you. This right has limits if the automated decision is required to fulfill a contract, permitted by law, or based on your explicit consent.
• Right to Non-Discrimination. Exercising your data rights will not result in different pricing, fewer discounts, or lower service quality. However, some rights — when exercised — may affect your ability to use our Services.

Many of these rights can be exercised by signing in and updating your account. Some information may be exempt from deletion or access requests under applicable law — for example, data we need to retain to provide our services or meet legal obligations.

To verify your identity before processing a request, we may ask you to confirm your name and email address. If we can't verify you, we may not be able to fulfill the request. If someone is acting on your behalf, we'll need written authorization signed by the account holder.

If we deny a request, you may have the right to appeal under applicable law — we'll explain how in our denial notice. You can also file a complaint with a supervisory authority. If you're in the EU or UK, contact your local data protection authority.

All data is encrypted in transit using SSL/TLS when moving between the servers and your browser. Database backups are encrypted by our service providers.

Most data in our database is not encrypted at rest — it needs to be immediately accessible to serve you. However, we apply additional encryption to sensitive product data where appropriate.

When you delete a certificate, it is removed from your dashboard right away. When you delete your entire account, your content — including stored certificate files and the data extracted from them — is permanently purged from our active systems and backups within 60 days. Deleted items can't be retrieved through the app, so keep your originals.

If you cancel your account, your content becomes immediately inaccessible and is fully purged from our systems within 60 days. See our Cancellation Policy for more details.

We keep your information only as long as needed for the purposes described in this policy. Retention periods depend on what the data is, how it's used, and your choices. We may also retain data as required to meet legal obligations, resolve disputes, or enforce our agreements. Specific retention periods for different data types are noted throughout this policy.

Our products and infrastructure are primarily based in the United States. If you're located in the EU, UK, or elsewhere outside the U.S., any information you provide will be transferred to and stored in the U.S. By using our Services or providing personal information, you consent to this transfer.

EU law requires that personal data transferred outside the EU receive the same level of protection as it does within the EU. UK law provides similar protections for UK user data. To meet this requirement, Tinker Citadel LLC has adopted Standard Contractual Clauses (SCCs) — a set of contractual protections approved by EU regulators — as part of our data processing agreements.

We may update this policy as needed to reflect new practices or comply with applicable law. If we make significant changes, we'll refresh the date at the top of this page.

Questions, comments, or concerns? Email us at privacy@tinkercitadel.com.