Skip links
Let's Get CERTIFYI
scroll
CERTIFYI AI

Certifyi Privacy Policy

Effective date: September 21, 2024

This Privacy Policy is designed to help you, as a website visitor or user of our services, understand how Dignep Group Pvt. Ltd. (“Dignep Group,” “we,” “us,” or “our”), the parent company of Certifyi, collects, uses, and shares your information to operate, improve, develop, and protect our services. Dignep Group Pvt. Ltd. is registered under registration no. 200505/2075/76, with PAN: 606572127, and is located at Kathmandu, Anamnagar.

Introduction

Certifyi, a product of Dignep Group Pvt. Ltd., helps businesses align with various compliance frameworks. Our B2B SaaS platform guides customers through compliance processes and may include audit management, virtual CISO services, and more.

About this Policy

This policy explains the data Dignep Group collects, uses, and shares through Certifyi’s services. It only applies to our services — not to third-party websites, platforms, or services. It also doesn’t apply to Dignep Group Pvt. Ltd. employees, contractors, or job candidates.

If you do not agree with the terms, do not access or use the Services, Websites, or any other aspect of Dignep Group Pvt. Ltd.’s business related to Certifyi. A separate agreement, the Master Service Agreement (MSA), governs the delivery, access, and use of the Services, including the processing of any data submitted through them (“Service Data”). The organization that agreed to the MSA (“Customer”) controls its instance of the Services and any associated Service Data.

Data We Collect

Dignep Group Pvt. Ltd. collects, generates, and receives Service Data and other information and data (“Other Information”; Service Data and Other Information collectively “Information”) in a variety of ways.

We may collect the following categories of information:

  • Identifiers: Full name, business legal name, business address, email, and phone number. For account creation or updates, this includes an email address, phone number, password, and/or similar account details. Customers purchasing paid services also provide billing details such as credit card information, banking information, and/or a billing address.
  • Service Provider Authentication Data / Third-Party Services: Logins or tokens (e.g., for GitHub, AWS) to allow integration with our services. Customers can connect Third-Party Services to their Certifyi instance, and Dignep Group may receive certain information (e.g., username, email address) to facilitate integration, provided by the Third-Party Service provider. Users should check the privacy settings of these services.
  • Device Data: IP address, location, hardware, operating system (OS), browser data, network info, preferences, and settings. This can include information about the type of device, device settings, application IDs, unique device identifiers, and crash data.
  • User Activity / Usage Information: Time spent on pages, buttons clicked, platform usage data. This includes services metadata (providing context about how users interact with services, like which Third Party Services are connected), and log data (IP address, web page visited before, browser type, date/time, configuration, language preferences, cookie data).
  • Data from Service Providers / Third-Party Data: Identifiers and commercial information shared by your tools to help Certifyi operate. We may also receive data about organizations, industries, customer lists, website visitors, and marketing campaign performance from affiliates, partners, or other third parties.
  • Derived Data: Inferred information like geolocation or income estimates.
  • Cookies: May be collected and/or shared with third parties for a better web experience. We use cookies and similar technologies on our Websites and Services. Third-party cookies may also be included, which can collect information about your activity for advertising purposes.
  • Social Networks and Other Sources: Information from marketing campaigns, social platforms, referrals, or third-party datasets.
  • Additional Information Provided: We receive Other Information when submitted to our Websites or through other interactions, such as participation in focus groups, contests, support requests, social media interactions, or job applications.
  • Information Transferred via Google API: Our use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including Limited Use requirements.

How We Use Your Data

Dignep Group Pvt. Ltd. uses Information in furtherance of our legitimate interests in operating our Services, Websites, and business. Service Data will be used in accordance with the applicable MSA, Customer’s use of Services functionality, and as required by applicable law.

Specifically, we use your information for the following purposes:

  • To provide Certifyi’s services: Including supporting delivery of Services under an MSA, preventing or addressing service errors, security or technical issues, and analyzing usage.
  • To communicate with you: Responding to your requests, comments, questions, and sending service, technical, and other administrative emails, messages, and important notices (e.g., security, fraud).
  • Support and troubleshooting.
  • Prevent fraud and verify identity.
  • Assist legal and compliance professionals.
  • Improve existing services.
  • Develop new features: Using aggregated and anonymized Service Data and Other Information.
  • Respond to your support or survey requests.
  • Keep business records.
  • Handle referrals and audits.
  • Conduct marketing and notify you of new products/services: We may send promotional communications, which you can opt out of.
  • Investigate misuse.
  • Legal purposes: Such as claims, mergers, acquisitions, or as required by applicable law, legal process, or regulation.
  • Billing, account management, and other administrative matters: For invoicing and tracking payments.
  • To investigate and help prevent security issues and abuse.
  • Any use you authorize or consent to.

If information is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, we may use it for any business purpose.

How We Share Your Data

We do not sell data directly. We share it with third parties only as permitted for the purposes outlined in this policy. However, as described in our Cookie Policy, incorporating Cookies from certain third parties into our Website may be considered a “sale” or “share” of information under the California Consumer Privacy Act (CCPA) when used for online advertising, from which you have the right to opt out.

We may share your information in the following ways:

  • With service providers and partners: To integrate tools (e.g., GitHub, AWS), deliver services (e.g., cloud hosting, virtual computing, storage services), and support our business. These third parties are bound by appropriate confidentiality obligations.
  • To deliver services: Using cloud hosting, etc..
  • With auditors or consultants: For your compliance process.
  • To prevent fraud or abuse: With law enforcement, if needed.
  • Cookies and tracking tools: For analytics and user experience (UX).
  • To improve services: (e.g., with analytics tools).
  • Anonymized or aggregated data: For research and insights, or for any business purpose.
  • With Third-Party Services: If a Customer enables or permits Authorized Users to enable Third-Party Services, we may share Information as requested by the Customer. These services are not controlled by Dignep Group, and you should check their privacy settings.
  • With corporate affiliates: Including parents, and/or subsidiaries of Dignep Group Pvt. Ltd..
  • During a change to Dignep Group’s business: In the event of a merger, acquisition, bankruptcy, dissolution, reorganization, sale of assets or stock, financing, or similar transaction, some or all information may be shared or transferred, subject to appropriate confidentiality arrangements.
  • To comply with laws: If compelled to disclose Information to a law enforcement or government agency, we will give the Customer reasonable notice and cooperation to seek a protective order, unless legally prohibited. We will not voluntarily disclose Information unless required by public authorities.
  • To enforce our rights, prevent fraud, and for safety: To protect and defend the rights, property, or safety of Dignep Group Pvt. Ltd. or third parties, including enforcing contracts or policies, or investigating and preventing fraud or security issues.
  • With your consent: We may share information with third parties when we have your consent to do so.
  • Displaying and operating the Services: Information will be displayed as part of the Services to Authorized Users within a Customer Instance (e.g., employee two-factor authentication status).

Data Protection

Security is critical to Dignep Group’s mission, and we take the security of data seriously. We use encryption (in transit and at rest), access controls, monitoring, backups, and strict internal access rules to protect your data. Our third-party partners are required to meet equivalent standards.

We use industry-standard technical and organizational measures to protect Information from loss, misuse, and unauthorized access or disclosure. These steps consider the sensitivity of the Information we collect, process, and store, and the current state of technology. However, given the nature of communications and information processing technology, we cannot guarantee that Information in our care will be absolutely safe from intrusion by others.

Notes for EEA and UK End Users

We only process personal data when there’s a legal basis to do so:

  • To fulfill contracts.
  • To comply with legal obligations.
  • For legitimate business interests.
  • Based on your consent (which you can withdraw anytime).

Information Retention and Deletion

We retain data only as long as necessary for the purposes described in this Privacy Policy. Periodic reviews ensure that the data is still needed.

Exceptions to deletion include:

  • Continued service delivery.
  • Legal requirements.
  • Preventing fraud or abuse.
  • Support or privacy protection.
  • If you consent to longer retention.
  • If data is anonymized.

We retain Service Data in accordance with the applicable MSA, Customer’s use of Services functionality, and as required by applicable law. Other Information may be retained for as long as necessary for our legitimate business interests, conducting audits, complying with legal obligations, resolving disputes, and enforcing our agreements. For example, customer data and credentials may be retained up to 365 days following account termination unless earlier deletion is requested.

For specific deletion requests, please refer to the “How to Exercise Rights in Your Data” section below.

How to Exercise Rights in Your Data

Individuals in certain US States (e.g., California, Virginia) and countries (including those in the European Economic Area, Switzerland, and the United Kingdom) have certain statutory rights regarding their personal data.

You may request to:

  • Access your data.
  • Learn what we’ve collected in the last 12 months.
  • Correct or update your data.
  • Delete or restrict your data (in some cases).
  • Object to processing (if legally allowed), including for direct marketing purposes.
  • Withdraw consent.
  • Get your data in a portable format.

You’ll need to verify your identity for any such request. Some data may be exempt from these rights due to legal obligations.

You can also file a complaint with relevant data protection authorities (e.g., ICO, EDPB, or Canada’s OPC). If you are a resident of the European Economic Area, you may direct questions or complaints to your local data protection authority or the Irish Data Protection Commissioner. For United Kingdom residents, you can contact the Information Commissioner’s Office.

Requests to exercise your privacy rights can be submitted by sending an email to [email protected] or by writing to our mailing address provided in the “Contacting Certifyi” section.

Children

We don’t knowingly collect data from children under 16. If you believe a child under 16 has unlawfully provided personal information to us, please contact us immediately to have it deleted. To our knowledge, we do not sell the Personal Data of minors under 16 years of age.

International Data Transfers

Dignep Group Pvt. Ltd. may transfer your Personal Data to countries other than the one in which you live. If we transfer Personal Data from jurisdictions with differing data protection laws (e.g., from locations outside Nepal to other countries), we deploy safeguards such as Standard Contractual Clauses (also known as European Union Model Clauses) to meet adequacy and security requirements for international transfers of Customer Data, as relevant.

Identifying the Data Controller and Processor

Data protection law differentiates between the “controller” and “processor” of information. In general, the Customer is the controller of Service Data submitted through Certifyi. In general, Dignep Group Pvt. Ltd. is the processor of Service Data on behalf of the Customer and the controller of Other Information collected directly by Certifyi for its own business purposes.

Your California Privacy Rights

This section provides additional details about the personal information Dignep Group Pvt. Ltd. collects about California consumers and the rights afforded to them under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act.

For more details about the personal information we have collected over the last 12 months, including the categories of sources, please see the “Information We Collect and Receive” section above. We collect this information for the business and commercial purposes described in the “How We Use Information” section above. We share this information with the categories of third parties described in the “How We Share and Disclose Information” section above.

Subject to certain limitations, the CCPA provides California consumers the right to:

  • Request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information).
  • Delete their personal information.
  • Correct their personal information that may be inaccurate.
  • Not be discriminated against for exercising these rights.

Please note that we do not collect sensitive personal information as defined under the CCPA.

As described in our Cookie Policy, sharing your data through third-party Cookies for online advertising may be considered a “sale” or “share” of information under the CCPA, to which you have the right to opt out.

We may “sell” or share your Personal Data to the following categories of third parties for business or commercial purposes such as improving services or showing advertisements:

  • Ad Networks.
  • Analytics providers.
  • Marketing providers.

Over the past 12 months, we may have “sold” the following categories of your Personal Data to the categories of third parties listed above:

  • Usage Information.
  • Cookie Information.

You have the right to opt-out of the “sale” or sharing of your Personal Data. You can opt-out using the following methods:

  • Accessing your Cookie consent settings (link would be provided here in a live policy).
  • By implementing the Global Privacy Control or similar legally recognized control via your browser. This signal applies to the specific device and browser you use.

Once you have submitted an opt-out request, we will not ask you to reauthorize the sale of your Personal Data for at least 12 months.

California consumers may make all other requests to access, correct, or delete their rights under the CCPA by contacting us at [email protected] or by mailing us at our address below. We will verify your request using the information associated with your account, and government identification may be required. Consumers can also designate an authorized agent to exercise these rights on their behalf.

Your Virginia Privacy Rights

Subject to certain limitations, the Virginia Consumer Data Protection Act (“VCDPA”) provides Virginia consumers the right to:

  • Request to access personal information we collect about you.
  • Correct inaccuracies in your personal data.
  • Request a portable copy of your personal information.
  • Delete your personal information.
  • Opt-out from the processing your Personal Data for the purposes of profiling in furtherance of decisions that produce legal or similarly significant effects to you, which Dignep Group does not do.
  • Opt-out of targeted advertising and selling (as defined under the VCDPA); however, Dignep Group does not participate in selling your personal information.

To opt out from targeted advertising, please:

  • Access your Cookie consent settings (link would be provided here in a live policy).
  • By implementing the Global Privacy Control or similar legally recognized control via your browser.

If we refuse to take action on a request, you have the right to appeal by providing sufficient information to verify your identity and describe the basis of your appeal. We will respond within 60 days. If we deny your appeal, you have the right to contact the Virginia Attorney General.

Dignep Group will honor the exercise of rights or appeals of decisions of Virginia residents requested via email at [email protected] or in writing to our address below.

Policy Changes

We may update this policy from time to time due to evolving laws, regulations, industry standards, or changes to our services or business. New versions will be posted at the same URL with the updated effective date. If we make changes that materially alter your privacy rights, we will provide additional notice, such as via email or through the Services. If you disagree with the changes, you should cease interacting with the Services.

Contacting Certifyi (Dignep Group Pvt. Ltd.)

If you have any questions about this Privacy Policy or Dignep Group’s practices, or if you are seeking to exercise any of your statutory rights, please feel free to contact us. We will respond within a timeframe that is compliant with all applicable regulations.

Dignep Group Pvt. Ltd. 📧 Email: [email protected] 🏢 Address: Kathmandu, Anamnagar 

If you believe your privacy rights were violated, please contact us. We will investigate and respond. You may need to verify your identity.

Explore
Drag