Passgocerts.ca ("we", "us") respects your privacy and complies with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws. This policy explains what we collect, why, who we share it with, and your rights.
1. Information we collect
You give us
- Account: name, email, password (hashed), phone number (optional).
- Billing: full name, postal address, postal code, country.
- Exam booking: preferred test centre, preferred date/time.
- Support correspondence (when you email us or use the contact form).
We collect automatically
- IP address, browser type, device type, referring URL (server logs, retained 30 days).
- Essential cookies for login session and cart contents.
From payment providers
- Last 4 digits, card brand, and payment-confirmation timestamp from Stripe.
- Transaction status from PayPal.
- We never see or store full card numbers or CVV.
2. Why we collect it (purpose)
- To create and manage your account.
- To process payment, issue invoices, and remit sales tax.
- To coordinate with certification partners (CompTIA, Cisco, Red Hat, etc.) to issue your voucher in your legal name.
- To send transactional email (order confirmation, booking confirmation, exam reminders you have opted into).
- To detect and prevent fraud and abuse.
- To comply with Canadian tax and accounting law.
3. Who we share it with
- Certification partners — only the minimum required to issue and validate your voucher (legal name, email, sometimes phone). Partners process this under their own privacy policies.
- Payment processors — Stripe (card processing) and PayPal (PayPal-funded transactions).
- Email delivery — our SMTP provider for transactional and reminder emails.
- Hosting and infrastructure — Canadian or US-region cloud hosting with industry-standard security controls.
- Authorities — only when required by valid Canadian legal process.
We do not sell your personal information to advertisers or data brokers. Ever.
4. Cross-border transfers
Some partners and processors (e.g. Stripe, PayPal, certain certification bodies) are headquartered outside Canada. By placing an order you consent to your data being transferred and processed outside Canada for the purposes listed above, subject to comparable protections.
5. Retention
- Account data: kept while your account is active, plus 7 years for tax records (CRA requirement).
- Server logs: 30 days, then purged.
- Marketing newsletter list: until you unsubscribe.
- Support correspondence: 2 years after last contact.
6. Your rights under PIPEDA
You have the right to:
- Access the personal information we hold about you.
- Request correction of inaccurate information.
- Withdraw consent (where applicable — note this may end the service).
- Lodge a complaint with the Office of the Privacy Commissioner of Canada.
To exercise any of these rights, email privacy@passgocerts.ca. We respond within 30 days.
7. Security
We use TLS in transit, bcrypt password hashing, role-based access control, audit logging of admin actions, and least-privilege database access. No system is perfectly secure; report any suspected vulnerability to security@passgocerts.ca.
8. Cookies
We use only strictly-necessary cookies:
- Session cookie — to keep you logged in.
- Cart cookie — to remember items between pages.
- CSRF token — to prevent cross-site request forgery.
We do not use third-party advertising or analytics cookies by default.
9. Children
Passgocerts.ca is not directed to anyone under the age of majority in their province. We do not knowingly collect information from minors.
10. Changes
We may update this policy. Material changes will be announced via email and posted here at least 14 days before they take effect.
11. Contact our Privacy Officer
Passgocerts.ca Privacy Officer
Email: privacy@passgocerts.ca
Mail: Toronto, Ontario, Canada
See also our Terms and Conditions and Refund Policy.