Privacy Policy

Last updated: September 7, 2025

1. Introduction

Rotaract South Asia MDIO ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the RSA Certify Certificate Center ("the Service").

By using our Service, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide

When you use our Service, we may collect the following types of information:

• Participant Data: Names, email addresses or redeem codes, and achievement details for certificate generation and retrieval purposes
• Event Information: Event titles, descriptions, dates, participant lists, and certificate templates
• Admin Account Information: For administrators, we collect Google account information (email, name, profile picture) for authentication and access control
• Certificate Data: Information displayed on certificates, download timestamps, and certificate status
• Search Queries: Email addresses or redeem codes used to search for certificates

2.2 Automatically Collected Information

We automatically collect certain information when you visit our Service:

• Device Information: Browser type, operating system, device identifiers
• Usage Analytics: Pages visited, time spent on pages, features used
• Technical Data: IP address, browser settings, cookies

3. How We Use Your Information

We use the collected information for the following purposes:

• To provide and maintain our certificate generation and retrieval Service
• To generate personalized PDF certificates with participant data
• To enable certificate search and download functionality
• To track certificate download status and analytics
• To authenticate administrators and control access to management features
• To improve our Service and user experience
• To analyze usage patterns and optimize performance
• To provide customer support and technical assistance
• To comply with legal obligations and security requirements
• To verify certificate authenticity and prevent fraud

4. Data Storage and Security

4.1 Cloud Storage (Primary)

Participant data and event information is stored securely in Google Firebase Firestore database. This includes participant details, certificate status, and download tracking. Data is encrypted in transit and at rest.

4.2 Admin Data Storage

Administrator account information and event management data is stored in Firebase with proper authentication and access controls. Only authorized administrators can access and modify this data.

4.3 Security Measures

We implement comprehensive security measures to protect your information:

• End-to-end encryption of data in transit and at rest
• Secure authentication through Google OAuth for administrators
• Input validation and sanitization to prevent XSS and injection attacks
• Rate limiting to prevent abuse of search functionality
• Content Security Policy (CSP) and secure HTTP headers
• Firestore security rules with proper access controls
• Regular security assessments and updates
• Secure certificate generation and verification processes

5. Data Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties without your consent, except as described in this policy.

We may share your information in the following circumstances:

• Service Providers: With trusted third-party service providers who assist us in operating our Service (e.g., Google Firebase, Google Analytics)
• Legal Requirements: When required by law or to protect our rights and safety
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Certificate Verification: When certificates need to be verified by authorized parties

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

Type	Purpose	Duration
Essential Cookies	Basic functionality and security	Session
Analytics Cookies	Usage analysis and improvements	2 years
Authentication Cookies	User login and session management	Session
Certificate Cookies	Certificate generation and management	Session

7. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: Request access to your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your personal information
• Portability: Request a copy of your data in a portable format
• Opt-out: Opt out of certain data collection and processing
• Certificate Management: Control over your generated certificates

8. Data Retention

We retain your information for as long as necessary to provide our Service and fulfill the purposes outlined in this policy:

• Participant Data: Retained in Firebase Firestore for certificate generation and verification purposes
• Certificate Status: Download timestamps and status information retained for analytics and verification
• Admin Data: Administrator account information retained until account deletion or termination
• Event Data: Event information and participant lists retained for historical and verification purposes
• Analytics Data: Usage analytics retained for up to 2 years for service improvement
• Search Logs: Search queries may be temporarily logged for security and abuse prevention

9. Children's Privacy

Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure that such transfers comply with applicable data protection laws and implement appropriate safeguards.

11. Third-Party Services

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

13. Contact Us

14. Data Protection Rights (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR). These rights include:

• The right to access, update, or delete your personal information
• The right of rectification
• The right to object
• The right of restriction
• The right to data portability
• The right to withdraw consent

15. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

• Know what personal information is collected, used, shared, or sold
• Delete personal information held by us
• Opt-out of the sale of personal information
• Non-discrimination for exercising your privacy rights

16. Certificate-Specific Privacy Considerations

Given the nature of our Service, we want to highlight some specific privacy considerations:

• Certificate Verification: Certificates may be shared publicly for verification purposes
• Participant Consent: Ensure you have consent from participants before including their information in certificates
• Data Minimization: Only include necessary information on certificates
• Secure Sharing: Use secure methods when sharing certificates containing personal information
• Email/Redeem Code Privacy: Email addresses and redeem codes are used for certificate retrieval and are stored securely
• Download Tracking: Certificate download status is tracked for analytics and verification purposes
• Admin Access: Only authorized administrators can view and manage participant data