Privacy & Cookie Policy

Last Updated: February 2026

1. Introduction & "Verify, Then Publish" Philosophy

At CertifiedDevs, we operate on a high-trust model. Unlike open-source directories, we manually vet and verify every profile. This requires a granular approach to data collection to ensure the integrity of our talent pool.

2. Data We Collect & Why

We collect data necessary to maintain our 72-hour SLA for profile approvals and secure payment processing.

Data Type Purpose Legal Basis (GDPR)
Identity Data Name, GitHub/LinkedIn handles, and Certification IDs. Performance of Contract
Financial Data Billing address and card metadata (processed via Stripe). Legal Obligation / Contract
Technical Data IP address, browser type, and "Verification URLs" (e.g., AWS/Laravel). Legitimate Interest (Security)
Communication Newsletter enrollment and "Talent Alert" notifications. Consent / Legitimate Interest

3. Cookie & Tracking Statement

We use a "Consent-First" approach. No non-essential cookies will fire until you interact with our consent banner.

A. Essential Cookies (Mandatory)

These are required for the technical operation of the site.

  • Stripe/Cashier: Used for fraud prevention and to maintain subscription states for "Pro Employer" tiers.
  • Session Management: To keep you logged in during the multi-step "Certification Upload" process and track your "Pending" status.

B. Verification Cookies (Mandatory)

  • API Handshakes: When validating external credentials (e.g., AWS, Laravel), third-party APIs may drop temporary cookies to confirm the authenticity of the "Verification URL" provided.

C. Analytics & Optimization (Optional)

  • Google Tag Manager (GTM): We use GTM to monitor our "Go-To-Market" campaigns and user flow.
  • Compliance Note: We utilize Google Consent Mode v2. Analytics only track "pings" without personal identifiers unless you click "Accept All."

4. The Newsletter & Communication Policy

To eliminate "talent noise," direct communication is a core feature of the CertifiedDevs ecosystem.

  • Transactional Emails: All users will receive mandatory updates regarding their "Pending" or "Approved" status and "Talent Alerts" (direct inquiries from employers).
  • Newsletter Enrollment: Upon profile creation, users are enrolled in our ecosystem newsletter.
    • Your Right: You may opt-out of marketing-specific content at any time via the "Unsubscribe" link. However, account-critical notifications will remain active as long as your profile is in our database.

5. Data Sub-Processors

We partner with specific "best-in-class" providers to secure your data:

  • Payments: Stripe, Inc. (Global)
  • Cloud Infrastructure: Kinsta, Inc. (European Data Centers)
  • Analytics: Google LLC
  • Email: [Your Email Provider, e.g., Postmark/SendGrid]

6. Your Rights Under GDPR

You have the right to:

  1. Access & Portability: Request a copy of your verified data.
  2. Rectification: Correct any outdated certification links.
  3. Erasure ("Right to be Forgotten"): Request the deletion of your profile. Note: We may retain a hash of your "Verification ID" to prevent the re-submission of revoked credentials.
  4. Withdraw Consent: Change your cookie preferences at any time via the footer link.

7. How to Contact Us

For data inquiries or to challenge a "Manual Vetting" decision:

Email: [email protected]