Skip to main content
Sealbound
Privacy Policy

Privacy Policy

A standard operating privacy notice for the Sealbound platform, written in a clear product and infrastructure context.

Effective date: April 7, 2026

1. Overview

This Privacy Policy explains how Sealbound collects, uses, stores, and protects information when individuals and organizations use our credentialing platform, websites, hosted verification pages, APIs, and related services.

The policy is written as a standard operational and technical baseline for the product. It should be readable by customers, internal teams, and implementation partners without feeling like a placeholder document.

2. Information We Collect

We collect information that is necessary to operate the platform, deliver credentials, support verification flows, maintain security, and improve service quality.

  • Account and organization details such as names, business contact information, workspace settings, billing contacts, and support history.
  • Credentialing data such as recipient name, course or program details, issue dates, credential identifiers, verification metadata, and status history.
  • Technical and usage data such as browser type, device information, IP address, log events, API request metadata, page interactions, and diagnostic records.
  • Communications data when you contact us by email, forms, demos, or support channels.

3. How We Use Information

We use personal and business information only where there is a clear operational purpose connected to delivering the service or running the company responsibly.

  • To create, issue, display, and verify credentials.
  • To operate white-label portals, custom domains, and customer-specific configuration.
  • To authenticate users, prevent abuse, investigate incidents, and monitor platform health.
  • To provide customer support, onboarding, billing administration, and service communications.
  • To analyze product performance and improve usability, reliability, and security.

4. Legal Bases and Customer Roles

Depending on the implementation, Sealbound may act as a controller for its own business operations and as a processor or service provider for customer-managed credential data.

Where required, we rely on lawful bases such as contract performance, legitimate interests, legal obligations, or consent where the use case specifically requires it.

5. Sharing and Disclosure

We do not sell personal information. We share information only where needed to run the service, satisfy legal obligations, or protect the platform and its users.

  • Infrastructure, hosting, analytics, communications, and support vendors operating under contractual confidentiality and security obligations.
  • Customer-configured recipients and verifiers where a credential is intentionally issued, shared, or made publicly verifiable.
  • Courts, regulators, or law enforcement where disclosure is legally required or necessary to protect rights, security, or platform integrity.

6. Retention and Deletion

We keep information for as long as needed to deliver the service, maintain auditability, comply with law, resolve disputes, and enforce contractual obligations.

Retention periods vary by data type. Operational logs are generally retained for shorter periods, while credential records and verification history may be retained longer where permanence and auditability are core to the product function.

7. Security

We use administrative, technical, and organizational safeguards designed to protect information against unauthorized access, alteration, disclosure, or destruction.

  • Access controls, role-based permissions, and environment separation.
  • Encryption in transit and other appropriate protections for stored data.
  • Monitoring, logging, and incident-response procedures for platform security events.
  • Vendor review and infrastructure controls aligned with practical SaaS security expectations.

8. International Transfers

Where data is processed across jurisdictions, we use appropriate contractual, organizational, and technical measures intended to support compliant cross-border handling.

Customers with specific residency, sovereignty, or sector requirements should confirm deployment and processing expectations with us during implementation.

9. Your Rights

Depending on applicable law, individuals may have rights to access, correct, delete, restrict, object to, or export certain personal information.

Requests can be submitted through our contact details below. We may need to verify identity and scope before completing a request.

10. Cookies and Analytics

Our websites and platform may use cookies, local storage, and similar technologies for session continuity, security, analytics, performance measurement, and user experience improvements.

You can manage browser-level cookie settings, though disabling some technologies may affect product functionality.

11. Contact

For privacy questions, access requests, or implementation-specific data handling discussions, contact us at info@sealbound.com.