Effective date: 25 February 2026
CertifyPAT is provided by Certify Apps (“we”, “us”, “our”).
This Privacy Policy explains what data we collect, how we use it, and your rights.
1) Who we are
- Service: CertifyPAT mobile app and related web services
- Data controller: Certify Apps
- Contact: [[email protected]]
- Website: https://www.certifyapps.co.uk/privacy-policy/certifypat/
2) Data we collect
We collect the following categories of data:
- Account data: email address, login/authentication details.
- Profile and business data: name, company details, settings preferences.
- PAT workflow data you enter: customer, site, appliance, test results, certificate content, signatures, notes.
- Files and media: exported PDFs/CSVs, optional attachments, optional voice notes.
- Technical data: app version, device type, crash/error logs, diagnostics.
- Subscription data: purchase status, entitlement status, renewal/cancellation events.
3) How we collect data
- Directly from you when you create an account and use the app.
- Automatically from app usage and diagnostics.
- From payment/subscription platforms (Apple App Store, Google Play) and RevenueCat.
4) Why we use data
We use data to:
- Provide login, syncing, backups, and core PAT certificate functionality.
- Generate and export certificates and records.
- Manage subscriptions and restore purchases.
- Improve reliability, security, and performance.
- Comply with legal and regulatory obligations.
5) Legal bases (UK GDPR)
We process data under:
- Contract: to provide the app and requested features.
- Legitimate interests: service security, fraud prevention, and product improvement.
- Consent: where required (for optional permissions/features).
- Legal obligation: where required by law.
6) App permissions
CertifyPAT may request:
- Camera: barcode/asset scanning and capture features.
- Microphone: optional voice note features.
- Storage/Files/Media access: import/export and file handling.
You can deny permissions, but some features may not work.
7) Advertising ID
CertifyPAT does not use the Android Advertising ID for advertising purposes.
8) Sharing and processors
We may share data with trusted processors:
- Supabase (authentication, database, storage, backend services)
- RevenueCat (subscription entitlement management)
- Apple App Store / Google Play (billing and transaction processing)
- Infrastructure and monitoring providers used to run the service securely
We do not sell personal data.
9) International transfers
Your data may be processed in countries outside the UK.
Where required, we use appropriate safeguards (such as contractual protections).
10) Data retention
We keep data only as long as needed for:
- Service delivery and account operation
- Legal, accounting, and compliance requirements
- Legitimate business needs (security, dispute resolution)
You can request deletion of your account data (subject to legal obligations).
11) Security
We use reasonable technical and organisational measures to protect data, including access controls and encrypted transport where applicable.
12) Your rights
Subject to applicable law, you may request:
- Access to your personal data
- Correction of inaccurate data
- Deletion of your data
- Restriction or objection to processing
- Data portability
- Withdrawal of consent (where consent is the basis)
Contact us at: [[email protected]]
13) Children
CertifyPAT is not directed to children under 13, and we do not knowingly collect personal data from children.
14) Changes to this policy
We may update this policy from time to time.
Material changes will be reflected by updating the effective date.
15) Complaints
If you are in the UK, you can also contact the Information Commissioner’s Office (ICO): https://ico.org.uk