Last updated: March 10, 2026
CertEasy ("we," "our," or "us") operates the CertEasy mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.
By using CertEasy, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not use the App.
INFORMATION WE COLLECT
Information You Provide
Email Address (Optional) When you generate an SSL certificate, you may optionally provide an email address. This email is sent directly to the certificate authority (Let's Encrypt or Google Trust Services) as part of the ACME account registration process. We do not store, transmit, or process your email address on our servers.
Domain Names You enter domain names into the App to generate SSL certificates. Domain names are stored locally on your device in an encrypted database and are never transmitted to our servers.
EAB Credentials (Optional) If you use Google Trust Services, you may enter External Account Binding credentials. These are stored locally on your device and transmitted directly to the certificate authority. We do not store or access these credentials on our servers.
Information Generated by the App
SSL Certificates and Private Keys The App generates SSL certificates and cryptographic key pairs on your device. Private keys are encrypted using AES-256-GCM via Android Keystore hardware-backed encryption and stored locally on your device. Private keys are never transmitted to our servers or any third party. Certificates (which are public by nature) are stored locally on your device.
ACME Account Keys Account key pairs used for communication with certificate authorities are generated and stored in the Android Keystore on your device. These keys never leave your device.
Information Collected Automatically
Analytics Data We use Firebase Analytics (provided by Google) to collect anonymous usage data, including app opens, feature usage, screen views, device type, operating system version, and app version. This data does not identify you personally and is used to improve the App's functionality and user experience.
Crash Reports We use Firebase Crashlytics (provided by Google) to collect crash reports, including device state, stack traces, device model, and operating system version. This data is used to identify and fix bugs. Crash reports do not contain your personal information, certificates, or private keys.
Advertising Data For users on the Standard plan, we display advertisements through Google AdMob. AdMob may collect device identifiers (Advertising ID), device information, and interaction data to serve relevant advertisements. Users in the European Economic Area (EEA) and United Kingdom are presented with a consent form via the Google User Messaging Platform (UMP) before any advertising data is collected. You can manage your ad consent preferences at any time through Settings → Manage Ad Consent within the App.
Push Notification Tokens We use Firebase Cloud Messaging to send certificate expiry reminders. A device token is generated and stored by Firebase. We do not associate this token with any personal information.
Purchase Information If you subscribe to CertEasy Premium, your purchase is processed entirely by Google Play. We receive confirmation of your subscription status but do not have access to your payment details, credit card number, or billing address. Google Play handles all payment processing.
HOW WE USE YOUR INFORMATION
We use the information described above to:
Generate and manage SSL certificates on your device
Send certificate expiry reminder notifications
Process and verify Premium subscription status
Display relevant advertisements (Standard plan users)
Analyze app usage patterns to improve features and performance
Identify and fix crashes and bugs
Comply with legal obligations
HOW WE SHARE YOUR INFORMATION
We do not sell your personal information. We share information only in the following circumstances:
Certificate Authorities When you generate a certificate, the App communicates directly with Let's Encrypt or Google Trust Services using the ACME protocol. Your domain name and optional email address are transmitted to the certificate authority as required by the protocol. This communication happens directly from your device.
Service Providers We use the following third-party services that may collect data as described in their respective privacy policies:
Google Firebase (Analytics, Crashlytics, Cloud Messaging) — analytics and crash reporting Privacy Policy: https://firebase.google.com/support/privacy
Google AdMob — advertisement serving (Standard plan users only) Privacy Policy: https://policies.google.com/privacy
Google Play Billing — subscription payment processing Privacy Policy: https://policies.google.com/privacy
DNS Providers (Premium feature) If you use automatic DNS verification, the App communicates directly with your DNS provider (such as Cloudflare or GoDaddy) using API credentials you provide. These credentials are stored locally on your device and transmitted directly to the respective DNS provider. We do not access or store these credentials on our servers.
Legal Requirements We may disclose information if required to do so by law or in response to valid requests by public authorities.
DATA STORAGE AND SECURITY
All certificate data, private keys, and app settings are stored locally on your device. We do not operate servers that store your personal data, certificates, or private keys.
Security measures implemented in the App include:
Private keys encrypted with AES-256-GCM using Android Keystore hardware-backed encryption
Account keys stored in Android Keystore (hardware-backed when available)
Optional biometric authentication (fingerprint or face) to access the App
Automatic clipboard clearing after copying sensitive data
Configurable automatic deletion of private keys after a set time period
Network communications encrypted via HTTPS/TLS
Application backup disabled (android:allowBackup="false")
While we implement strong security measures, no method of electronic storage is 100% secure. We cannot guarantee absolute security of data stored on your device.
DATA RETENTION
Certificate data and app settings are stored on your device until you delete them. You can delete individual domains or all data at any time.
Analytics and crash report data is retained by Firebase according to Google's data retention policies (typically 14 months for Analytics and 90 days for Crashlytics).
Ad-related data is retained by Google AdMob according to Google's advertising data retention policies.
YOUR RIGHTS AND CHOICES
Data Deletion You can delete all your data at any time by going to Settings → Privacy & Data → Delete All Data within the App. This permanently removes all domains, certificates, private keys, ACME account registrations, and app preferences from your device. Since we do not store your data on external servers, this constitutes complete data deletion.
You may also request data deletion by contacting us at infoATnozdapp.com.
Ad Consent Management You can manage your advertising consent preferences at any time through Settings → Manage Ad Consent. Users in the EEA and UK can withdraw consent for personalized advertising.
Notifications You can disable certificate expiry notifications in Settings → Notifications, or by revoking the notification permission in your device's system settings.
Biometric Data CertEasy uses the Android BiometricPrompt API for optional app lock. No biometric data is collected, stored, or processed by the App. All biometric verification is handled by your device's operating system.
Opt-Out of Analytics You can limit analytics data collection by opting out of personalized ads in your device settings under Google → Ads.
CHILDREN'S PRIVACY
CertEasy is not directed at children under the age of 13 (or applicable age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at infoATnozdapp.com and we will take steps to delete such information.
INTERNATIONAL DATA TRANSFERS
Analytics data, crash reports, and advertising data processed by Google's services may be transferred to and processed in countries outside your country of residence, including the United States. Google implements appropriate safeguards for international data transfers in accordance with applicable law.
CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy within the App and updating the "Last updated" date at the top of this page. You are advised to review this Privacy Policy periodically for any changes.
CONTACT US
If you have any questions about this Privacy Policy or our data practices, please contact us:
info nozdapp.com