Privacy Policy
Last updated: April 14, 2026
CertaIQ does not store incident data between sessions. Data entered into the classification tool is transmitted to Anthropic's API for processing and is not retained by CertaIQ after the session ends.
Important: Do not enter individually identifiable health information (full names, dates of birth, Social Security numbers, Medicaid numbers) in the incident description or classification fields. Use initials, reference numbers, or general descriptors. Full Phase 2 HIPAA compliance infrastructure is under development.
1. Who We Are
CertaIQ ("we," "our," or "the Service") is an AI-powered compliance support tool for Ohio developmental disabilities organizations, accessible at certaiq.com. Questions about this Privacy Policy should be directed to support@certaiq.com.
2. Information We Collect
CertaIQ collects the following types of information:
- Information you enter in the classification tool — incident descriptions, form field selections, and other inputs you provide when using the app. This information is transmitted to Anthropic's API for processing and is not stored by CertaIQ after the session ends.
- Uploaded documents — PDF and Word documents uploaded to the Client Notecard or Policy Intelligence features. These are read in your browser and transmitted to Anthropic's API. They are not stored by CertaIQ.
- Demo request form information — name, title, organization, and email address submitted through the demo request form on the landing page. This information is used to respond to your request and schedule a demonstration.
- Access code usage — we may track that the access-protected application was accessed, without recording the content of your sessions.
3. How We Use Information
- To provide the classification and compliance support functionality of the Service
- To respond to demo requests and communicate with prospective customers
- To improve the accuracy and functionality of the Service
- To communicate with organizations about product updates and regulatory changes that affect the knowledge base
4. Third-Party Services
CertaIQ uses the following third-party services to operate:
- Anthropic API — All AI processing is performed by Anthropic's Claude model via their API. Information entered into the classification tool is transmitted to Anthropic for processing. Anthropic's privacy policy and data handling practices apply to this processing. See anthropic.com/privacy.
- Cloudflare Workers — CertaIQ uses a Cloudflare Worker as an API proxy. API requests are routed through Cloudflare's infrastructure. Cloudflare's privacy policy applies to this routing.
- Netlify — CertaIQ's web pages are hosted on Netlify. Standard web server logs may be maintained by Netlify.
5. HIPAA and FERPA Notice
CertaIQ is in active development toward HIPAA and FERPA compliance. In the current version:
- CertaIQ does not have a signed Business Associate Agreement (BAA) with all processing vendors
- CertaIQ should not be used to process Protected Health Information (PHI) or student educational records in their identifiable form
- Users should describe incidents in general terms — age range, not date of birth; program type, not individual name
- Full HIPAA compliance infrastructure including BAAs, encryption at rest, access controls, and audit logging is planned for Phase 2
Organizations with HIPAA compliance obligations should consult their privacy officer before deploying CertaIQ with identifiable patient information.
6. Data Retention
- Classification session data — not retained by CertaIQ after the session ends
- Restraint log data — stored in browser session storage only; deleted when the browser session ends unless exported
- Demo request information — retained for the purpose of the sales process and deleted upon request
- Anthropic API data — subject to Anthropic's retention policies; see their privacy policy for details
7. Data Security
CertaIQ takes reasonable measures to protect information during transmission, including HTTPS encryption for all web traffic and secure handling of API credentials. However, no internet transmission is completely secure. Users should not enter highly sensitive individually identifiable information into the current version of the tool.
8. Your Rights
You may request deletion of any personal information we hold about you (such as demo request information) by contacting support@certaiq.com. Because session data is not retained, there is no classification history to request or delete.
9. Children's Privacy
CertaIQ is a professional compliance tool for organizational use. It is not directed at children and we do not knowingly collect personal information from children under 13.
10. Changes to This Policy
We may update this Privacy Policy as the Service evolves, particularly as we implement Phase 2 HIPAA compliance infrastructure. Changes will be posted at this URL with an updated effective date. We will notify active organizations of material changes.
11. Contact
Privacy questions, data requests, or concerns should be directed to support@certaiq.com.