Privacy Policy
Effective date: June 17, 2026
This Privacy Policy explains how Bookitt Technologies LLC (“we,” “us”), operator of the CertReel service (“CertReel”), collects, uses, and shares personal information. It applies to our website and the CertReel application.
1. Our roles
- For your business account (the email you sign in with, your billing relationship, and how you use CertReel), we act as a data controller.
- For information you upload about your staff or learners (such as their names and email addresses, quiz results, and certificates), you are the controller and we act as your processor. Our handling of that information is governed by our Data Processing Addendum and by your instructions. If you are a learner and have questions about your data, please contact the organization that enrolled you.
2. Information we collect
| Category | Examples |
|---|---|
| Account information | Your sign-in email address, business/brand name, and authentication tokens (we use passwordless “magic link” sign-in). |
| Billing information | Subscription status and a payment-processor customer identifier. Payments are processed by Stripe; we do not receive or store full payment-card numbers. |
| Customer Content | Topics, prompts, documents, brand assets, and other materials you submit to generate trainings, and the resulting videos, quizzes, and certificates. |
| Learner information | Names and email addresses of people you enroll, their quiz scores, completion records, and issued certificates. |
| Usage & device data | IP address, browser/device information, pages and actions in the Service, and log data used for security and reliability. |
| Communications | Emails we send on your behalf (enrollment invites, certificates) and your support correspondence with us. |
3. How we use information
- To provide, operate, and maintain the Service — including generating videos, quizzes, and certificates, enrolling learners, and verifying certificates.
- To send transactional emails (sign-in links, enrollment invites, certificates, and service notices).
- To process subscriptions and credit purchases and to prevent payment fraud.
- To secure the Service, enforce rate limits and our Acceptable Use Policy, and detect and prevent abuse.
- To provide support and to maintain and improve the Service.
- To comply with legal obligations and enforce our agreements.
Where required, our legal bases for processing controller data are performance of our contract with you, our legitimate interests in operating and securing the Service, and compliance with legal obligations.
4. AI processing
To generate trainings, we send the relevant Customer Content (such as your topic, prompt, or uploaded document text and images) to third-party AI providers that produce the script, images, and voice narration. We use these providers through their business/API offerings. We do not use your Customer Content or learner information to train our own models. See Subprocessors for the providers involved.
5. Cookies
We use strictly necessary cookies (primarily a session cookie to keep you signed in) and analytics cookies (Google Analytics) on our public and marketing pages to understand aggregate site usage. We do not use advertising or cross-site behavioral-tracking cookies. See our Cookie Notice for details and how to opt out.
6. How we share information
We do not sell personal information, and we do not share it for cross-context behavioral advertising. We share information only:
- With subprocessors that help us run the Service (payments, AI generation, voice synthesis, file storage, and email), under contracts that require them to protect the information. See Subprocessors.
- For certificate verification — a certificate’s verification page displays the learner’s name, the training title, the score, and the date to anyone with the verification link, which is the intended purpose of a verifiable certificate.
- Training visibility — trainings are private by default, viewable only by the owning business and the learners it enrolls (via their personal link). A business may optionally make a training public, in which case anyone with the link can view it; the business controls this setting.
- For legal reasons — to comply with law, respond to lawful requests, or protect the rights, safety, and property of CertReel, our users, or the public.
- In a business transfer — in connection with a merger, acquisition, or sale of assets, subject to this Policy.
7. Data storage & security
Customer Content and rendered videos are stored with our hosting and storage providers. Video files are served to learners through expiring, signed links. We protect information in transit using encryption (HTTPS/TLS) and apply administrative and technical safeguards, including access controls and a server-enforced “watch” gate for certificate integrity. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
8. Data retention
- Account & Customer Content — retained while your account is active.
- Certificates & completion records — retained while your account is active and for at least 12 months after your subscription ends, and for as long as CertReel continues to operate, so that previously issued verification links keep working. You may ask us to delete them sooner.
- Training video files — if your subscription lapses and is not renewed, we may delete the stored video files approximately 90 days afterward to reclaim storage; resubscribing within that window restores access.
- Logs — retained for a limited period for security and reliability.
Export your data. You can export all of your trainings and completion/certificate records at any time from your account (the “Export All” option), including before any video files or records are deleted.
If we discontinue CertReel. We may decide to stop offering the Service. If we do, we will give you at least 30 days’ notice by email, and Export All will remain available during that period so you can retrieve your records. After the wind-down period, your data may be permanently deleted. This is also described in our Terms of Service.
9. Your rights & choices
Depending on where you live, you may have rights to access, correct, delete, or receive a copy of your personal information, and to object to or restrict certain processing. To exercise rights regarding your business account, contact us at founder@bookittechnologies.com. If you are a learner, direct your request to the organization that enrolled you (the controller); we will assist that organization as their processor.
California & U.S. state privacy. We do not sell or “share” (as defined under California law) personal information. You may request access or deletion as described above; we will not discriminate against you for exercising your rights.
EU/UK. Where the GDPR or UK GDPR applies, you may also lodge a complaint with your supervisory authority. We process personal data in the United States; where required, we rely on appropriate safeguards for international transfers.
10. Children
CertReel is a business tool intended for use by organizations and their adult staff or learners. It is not directed to children, and we do not knowingly collect personal information from children under 16. Do not enroll children through the Service.
11. Changes to this Policy
We may update this Policy from time to time. If we make material changes, we will update the “Effective date” above and, where appropriate, notify you.
12. Contact us
Bookitt Technologies LLC — CertReel
Contact (privacy & general): founder@bookittechnologies.com