Privacy Policy

Last updated, December 23, 2025

This Privacy Policy sets out our commitment to protecting the privacy of personal information provided to us or collected by us, offline or online, via our website (the Site) or our Chat Platform (app.certainly.io).

In this Policy, we, us, or our means Certainly Group ApS, with registered office at Certainly Group ApS, Pilestræde 52A, 1112 København K, Denmark. Our VAT registration number is DK-42292540.

We collect, store, and use your personal information in accordance with the Danish Privacy Act (published in Lovtidende on 24 May 2018) and, where applicable, the European Union General Data Protection Regulation (EU) 2016/279 (the GDPR).

1. Personal Information

The types of personal information we may collect include,

  • Your name

  • Your contact details (email address, mailing address, street address, telephone number)

  • Information about your company or team

  • Your role within the company or team

  • Your age and or date of birth

  • Your demographic information (for example, age, gender)

  • Your preferences and opinions

  • Information provided via surveys or chat messages

  • Your browser session and geo location data, device and network information, page view and session statistics, acquisition sources, search queries, and browsing behavior

  • Information about your access to and use of our Site (including details about cookies, browser type, operating system, and ISP)

  • Additional personal information you provide directly or indirectly

  • Any other personal information requested or provided by you or a third party

We may collect this information directly from you or from third parties.

2. Collection and Use of Personal Information

We may collect, hold, use, and disclose personal information for purposes such as,

  • Enabling you to access and use our Site, Chatbots, associated applications, and social media platforms

  • Contacting and communicating with you

  • Operating our chatbot conversations with you

  • Informing you about upcoming or active survey participation opportunities

  • Providing our business clients with feedback on their products or services

  • Internal record keeping and administrative purposes

  • Analytics, market research, and business development (including improving our Site and related platforms)

  • Running competitions and offering additional benefits

  • Advertising and marketing, including sending promotional information about our products, services, and third parties

  • Complying with legal obligations and resolving disputes

  • Processing employment applications

Data Minimization Principles

We adhere to strict data minimization principles in our collection and use of personal information,

  • We limit access, use, and storage of personal information to what is strictly necessary for the specific purposes described above

  • We do not engage in background data collection, automated scraping, or bulk data gathering beyond the explicit purposes stated in this policy

  • We do not create persistent data archives, indexes, or long term data stores beyond what is required for operational purposes

  • Personal information is promptly deleted when it is no longer needed for its original purpose or when you request deletion

Artificial Intelligence and Machine Learning Restrictions

We are committed to responsible data practices regarding artificial intelligence and machine learning technologies,

  • No AI or ML Training, your personal information, including conversation data, communications, and any content you provide, will not be used to create, train, test, or improve any artificial intelligence models, machine learning algorithms, large language models (LLMs), or similar technologies

  • No Derivative AI Works, we will not use your data to develop or enhance AI powered features, products, or services, whether for our own use or for third parties

  • Third Party AI Restrictions, we require our service providers and partners to uphold equivalent restrictions on using your data for AI or ML purposes

These restrictions apply to all personal information we collect, regardless of the source or method of collection.

3. Disclosure of Personal Information to Third Parties

We may disclose your personal information to,

  • Third party service providers (for example, IT services, data storage, web hosting, debt collection, marketing, professional advisors, payment systems)

  • Our employees, contractors, and related entities

  • Our existing or potential agents or business partners

  • Payment systems operators

  • Sponsors or promoters of any competitions we run

  • Parties to whom our business or assets may be transferred (in good faith)

  • Credit reporting agencies, courts, tribunals, and regulatory authorities (in cases of non payment)

  • Courts, tribunals, regulatory authorities, and law enforcement as required by law or to defend our legal rights

  • Third parties (including agents or subcontractors) assisting in providing products, services, or direct marketing, this may include parties located or storing data outside Denmark, such as Google Analytics or similar services

When we disclose your personal information, we ensure third parties process it in line with this Policy and applicable data protection laws.

Third Party Data Protection Standards

When sharing personal information with third parties, we enforce the following additional safeguards,

  • Third parties may not use your data for purposes beyond those for which it was originally collected

  • Third parties are prohibited from using your data to train, develop, or improve AI or ML models or similar technologies

  • Third parties may not create persistent copies, archives, or indexes of your data beyond operational necessities

  • We do not authorize third parties to disclose your data to additional parties without explicit consent

  • Third parties must delete your data promptly when it is no longer needed for the authorized purpose

4. Sensitive Information

Sensitive information is a subset of personal information requiring higher protection under the Danish Privacy Act. This includes information relating to,

  • Racial or ethnic origin

  • Political opinions

  • Religion

  • Trade union or professional memberships

  • Philosophical beliefs

  • Sexual orientation, practices, or sex life

  • Criminal records

  • Health or biometric data

We will not collect sensitive information without your consent. With your consent, such information will only be used for the purpose for which it was collected or as required by law.

5. Our Responsibilities as a Controller under the GDPR
As a controller, we determine the purposes and means of processing your personal information. This means your data will,

  • Be processed lawfully, fairly, and transparently

  • Be collected solely for the specific purposes outlined above and not processed incompatibly

  • Be adequate, relevant, and limited to what is necessary

  • Be kept up to date, please contact us if you wish to update your information

  • Be retained only for the minimum period necessary and promptly deleted when no longer required

  • Be processed securely to protect against unauthorized access or loss

  • Not be used for creating, training, or improving AI or ML models or similar technologies

These principles apply to both EU citizens and our Danish customers.

6. Our Responsibilities as a Processor under the GDPR

When acting as a processor, we,

  • Have contracts with controllers outlining our obligations

  • Do not use sub processors without prior written authorization

  • Cooperate with supervisory authorities and ensure processing security

  • Keep records of processing activities

  • Notify the data controller of any data breaches

  • Appoint a data protection officer and EU representative if required (currently, these are not required)

7. Your Rights and Controlling Your Personal Information

You have the right to,

  • Consent, by providing your information, you agree to its collection, use, and disclosure as described in this Policy, if under 16, you must have parental or guardian consent

  • Restrict, limit the collection or use of your personal information (for example, opt out of direct marketing via your member dashboard or by contacting us)

  • Access and Data Portability, request details or a copy of the information we hold about you, provided in a readable format (like CSV), you may also ask for a transfer of your data to another party

  • Correction, request that we correct any inaccurate, outdated, or incomplete information

  • Complaints, file a complaint with us or with the Danish Data Protection Agency (Datatilsynet) if you believe your data protection rights have been breached

  • Unsubscribe, opt out of marketing communications by contacting us or using the opt out options provided

8. Data Retention and Deletion

Data Retention

We retain your personal information only for the minimum period necessary to fulfill the purposes outlined in this privacy policy, applying strict data minimization principles. The specific retention periods depend on the type of data and the purpose for which it was collected,

  • Account and profile information, retained for the duration of your active account relationship with us and for up to 1 year after account closure to allow for account recovery and address any outstanding matters, unless longer retention is required by law

  • Communication records, retained for up to 1 year to maintain service quality and resolve disputes, then securely deleted

  • Chatbot conversation data, retained for the minimum period necessary to provide the service, typically up to 180 days, unless you request earlier deletion

  • Marketing and analytics data, retained for up to 1 year or until you withdraw consent, whichever occurs first

  • Third party platform data, data accessed through third party platforms or integrations is retained only for the minimum period necessary to provide the requested service, and is promptly deleted when no longer needed or when the integration is disconnected

  • Legal compliance data, retained only for the specific periods required by applicable laws and regulations

We do not create persistent data archives, long term indexes, or redundant copies of personal information beyond operational and legal requirements. Our systems are configured to automatically purge data that has exceeded its retention period.

Data Deletion

When the data retention period expires for a given type of data, we will securely delete or destroy it in accordance with our data destruction procedures.

Prompt Deletion Practices

We are committed to prompt deletion of personal information when it is no longer needed,

  • Data associated with completed transactions or closed matters is queued for deletion within 30 days of completion

  • Data from third party platform integrations is deleted within 30 days of disconnection or service termination

  • We conduct quarterly reviews to identify and delete data that has exceeded its retention purpose

  • Backup systems are configured to purge deleted data within 90 days of primary deletion

Your Right to Request Deletion

You have the right to request deletion of your personal information at any time. You may request deletion by,

  • Contacting our Privacy Officer at privacy@certainly.io

  • Following the unsubscribe instructions in our communications

Upon receiving a valid deletion request, we will,

  • Confirm your identity to protect your privacy

  • Delete your personal information from our active systems within 30 days

  • Notify any third parties with whom we have shared your data (where technically feasible)

  • Retain only what is necessary for legal compliance or legitimate business interests

Please note that some information may be retained in backup systems for a limited time and may take additional time to be completely removed. We may also retain certain information if required by law or if deletion would compromise the security or functionality of our systems.

Exceptions to Deletion

We may decline to delete personal information in certain circumstances, including when,

  • Retention is required by applicable law

  • The information is necessary for legal proceedings

  • Deletion would compromise the security or functionality of our systems

  • The request is manifestly unfounded or excessive

9. Storage and Security

We are committed to protecting your personal information by implementing physical, electronic, and managerial procedures, such as pseudonymization and encryption, to safeguard your data from misuse, interference, loss, or unauthorized access. However, we cannot guarantee complete security over information transmitted via the Internet.

Data Storage Limitations

To protect your privacy and ensure compliance with data minimization principles,

  • We do not maintain persistent archives or redundant copies of personal information beyond operational requirements

  • We do not create searchable indexes or databases of personal information for purposes other than those stated in this policy

  • We do not engage in bulk data storage, data warehousing, or data lake practices with personal information

  • All stored data is subject to automatic expiration and deletion schedules aligned with our retention periods

10. Cookies and Web Beacons

We may use cookies (text files stored in your browser to record your preferences) and web beacons (small code snippets that monitor visitor behavior) on our Site. While cookies do not reveal personal information by themselves, they may be linked to personal data you provide, and may also allow third parties (for example, Google, Facebook) to display retargeted advertisements.

11. Links to Other Websites

Our Site or platform may contain links to external websites. We do not control these sites and are not responsible for their privacy practices. They are not governed by this Privacy Policy.

12. Amendments

We may change this Privacy Policy at any time at our discretion. If amended, you will be notified via the contact details you have provided. Changes take effect once you are notified.

13. Contact

For any questions or notices, please contact our Privacy Officer at,

Certainly Group ApS
Pilestræde 52A, 1112 København K, Denmark
Email, privacy@certainly.io

👋 Hi! How can I help you?