Privacy Policy

Effective: 2026-05-11 · Version 1.0

This Privacy Policy explains what data Best CE Tracker, LLC (“Best CE Tracker,” “we”) collects about you when you use bestcetracker.com (the “Service”), why we collect it, who we share it with, and what you can do about it.

1. What we collect

Account information

• Your email address, used for sign-in via magic link.
• Your name (first / last / display) if you provide it.
• An invite code, if you signed up using one (used for attribution).
• Sign-in timestamps and a session cookie issued by your browser.

License information you enter

• Jurisdiction, credential type, license number, expiration date, and supervisor status.
• The date you were first licensed, if you provide it.

Continuing-education activities you log

• Date(s), hours, title, provider, format, topical allocations, and free-form notes.
• Certificate files you upload (PDF or image). These are stored content-addressed by SHA-256 hash on our hosting provider’s persistent volume.

System and audit data

• An immutable audit log of changes you make to activities (create / edit / delete) so you can verify your own history.
• Standard server logs (timestamp, request path, response status, IP address, user-agent) retained for security and debugging. Logs roll off after a short window.

Feedback you submit

• If you use the in-app feedback button, we receive the text you write, the page URL where you sent it from, your user-agent, and any screenshot you choose to attach.

What we do NOT collect. We do not collect identifying or clinical information about your clients (such as their names, dates of service, diagnoses, or session content). Please do not paste such information into activity notes; the Service is not designed to receive protected health information (PHI) and is not a HIPAA-covered entity.

2. Why we collect it

• To operate the Service — sign you in, compute your dashboard, render exports, send transactional emails such as magic-link sign-in.
• To support you — respond to questions and feedback you send us.
• To keep the Service safe — detect abuse, debug errors, and protect against fraud.
• To improve the Service — identify usage patterns and friction. We do not run third-party analytics on the Service at this time.

3. Who else touches your data

We use a small number of third-party service providers to operate the Service. We share with each provider only the data needed for them to perform their function. Current providers:

• Fly.io — application hosting, database, and file storage (US-based).
• Resend — transactional email (sign-in links, data exports, deletion notices).
• Anthropic — AI extraction of certificate text into structured fields when you upload a cert. Processed on a no-training basis.
• Cloudflare — DNS resolution only.

We do not sell your data to anyone. We do not use your data to train AI models, and we have configured Anthropic’s API not to do so either.

4. How long we keep it

We retain your data while your account is active. When you delete your account, your data is hidden immediately and permanently purged after a grace window (currently 30 days), during which you may sign back in to restore the account. The 30-day window lets us recover from accidental deletions; it can be shortened at your written request to support@bestcetracker.com.

Some data may be retained longer when required by law, to enforce our Terms, or to defend against legal claims.

5. Your rights

Regardless of where you live, the Service gives you:

• Access and portability — you can export a ZIP archive of your full account at any time from the deletion flow at /settings/delete-account, even without committing to deletion.
• Correction — you can edit any field on any activity or license you own.
• Deletion — you can delete your account from /settings. We will email you a copy of your data when you do.
• Withdrawal of consent — discontinue use and delete your account at any time.

Residents of California, the European Economic Area, the United Kingdom, and other jurisdictions with applicable data-protection laws have additional rights under those laws (including the right to object to processing, the right to lodge a complaint with a supervisory authority, and the right to know what we have collected about them). You may exercise any of these rights by emailing support@bestcetracker.com; we will respond within a reasonable time and at no charge.

6. Cookies

We use a single session cookie (signed, HTTP-only, same-site=lax) to keep you signed in. We do not use third-party tracking cookies, advertising cookies, or analytics cookies at this time.

7. Security

We use commercially reasonable measures to protect your data, including TLS in transit, content-addressed storage of certificate files with integrity checks, hashed (not raw) sign-in tokens in the database, and strict access controls on our infrastructure. No system is perfectly secure; you accept the residual risk by using the Service.

8. Children

The Service is intended for licensed professionals over the age of 18. We do not knowingly collect personal information from anyone under 13; if we learn we have done so, we will delete that information.

9. International users

The Service is operated from the United States. If you access it from outside the U.S., you understand that your data will be transferred to and processed in the U.S., where data-protection laws may differ from those of your country.

10. Changes to this policy

We may update this policy from time to time. Material changes will be announced by email or in-app notice at least seven days before they take effect. The current version of this policy is always available at /privacy.

11. Contact

Questions or requests? Email support@bestcetracker.com.