TCM Privacy Policy

Privacy Policy

Training Certificate Management (TCM) — Provided by XENRYA, LLC (Florida, United States).

Training Certificate Management (TCM) – Privacy Policy

This policy describes how information is handled in connection with the Service.

PRIVACY POLICY

Training Certificate Management (TCM) XENRYA, LLC (Florida, United States) Last Updated: January 16, 2026

This Privacy Policy describes how XENRYA, LLC (“XENRYA, LLC,” “XENRYA,” “we,” “us,” or “our”) collects, uses, discloses, and protects information in connection with the Training Certificate Management (TCM) platform (the “Service”).

This Privacy Policy applies to information processed through the Service, our websites that link to this Privacy Policy, and related support communications. By accessing or using the Service, you acknowledge and agree to the practices described in this Privacy Policy.

Important Notice Regarding Roles

TCM is a software-as-a-service (SaaS) platform used by organizations (“Customers”) to manage training workshops and certificates. In most cases:

  • The Customer is the data controller (or equivalent) for Customer Data.
  • XENRYA, LLC acts as a service provider or data processor, processing Customer Data solely on the Customer’s instructions to provide the Service.

XENRYA, LLC does not determine the lawful basis for processing Customer Data and is not responsible for Customer compliance with employment, privacy, records-retention, or sector-specific laws. If you are an employee, contractor, or attendee using TCM through an organization, privacy-related requests should generally be directed to that organization first.

1. Definitions

1.1 “Customer” means an organization or individual that subscribes to or uses TCM.

1.2 “Authorized Users” means individuals authorized by a Customer to use the Service, including administrators and trainers.

1.3 “Attendee” means an end user who interacts with TCM to retrieve certificate information.

1.4 “Customer Data” means data submitted to, stored in, or generated within the Service by or on behalf of a Customer or its Authorized Users.

1.5 “Personal Information” means information that identifies, relates to, describes, or could reasonably be linked to an identifiable individual.

1.6 “Aggregated or De-Identified Data” means data that has been processed so it cannot reasonably be used to identify a Customer or an individual.

2. Information We Collect

2.1 Information Provided by Customers and Authorized Users

Depending on configuration and use, we may process:

  • Account information such as name, email address, organization name, role, and authentication credentials (passwords are stored only as secure, non-reversible hashes)
  • Organization and tenant information
  • Workshop details, including titles, dates, and codes
  • Certificate records and issuance metadata
  • Support communications submitted to support@xenrya.com
2.2 Attendee Information

Customers may configure workflows that require Attendees to provide limited information, such as name or email address, to retrieve certificates. This information is processed as Customer Data under the Customer’s control.

2.3 Information Collected Automatically

When the Service is accessed, we may collect limited technical and usage information, including:

  • IP address, timestamps, and request logs
  • Browser type and device information
  • Authentication, login, and session events
  • Error logs and performance metrics
  • Approximate geographic location derived from IP address (not precise location data)
2.4 Cookies and Similar Technologies

We use cookies and similar technologies strictly for:

  • Authentication and session management
  • Security and fraud prevention
  • Core Service functionality

We do not use advertising cookies, cross-site tracking, or behavioral advertising technologies.

2.5 Third-Party Sources

We may receive limited information from third-party service providers used to operate the Service, including:

  • Payment processors (subscription status and billing state only)
  • Hosting and infrastructure providers (system availability and operational logs)
  • Email delivery providers (delivery and bounce metadata)

We do not receive or store full payment card numbers.

3. Prohibited Data Types

TCM is designed to process low-risk information only. Customers and users must not upload, store, transmit, or otherwise process within the Service:

  • Social Security numbers
  • Government-issued identification numbers (including driver’s licenses or passports)
  • Financial account numbers or payment card information
  • Medical or health-related information
  • Biometric identifiers
  • Any other sensitive personal data not explicitly required by the Service

Customers are responsible for configuring their use of the Service in a manner that avoids the collection or entry of prohibited data. XENRYA, LLC does not monitor the content of Customer Data and is not responsible for Customer Data submitted in violation of this restriction.

4. How We Use Information

We use information solely to:

  • Provide, operate, and maintain the Service
  • Authenticate users and enforce access controls
  • Enable workshop and certificate workflows
  • Monitor performance, reliability, and availability
  • Detect, prevent, and respond to security incidents and abuse
  • Provide customer support and respond to inquiries
  • Comply with applicable legal obligations and enforce agreements

We do not use Customer Data for advertising, marketing, or resale.

5. How We Share Information

We do not sell Personal Information.

We may share information only in the following circumstances:

5.1 Service Providers

With reputable third-party infrastructure, hosting, payment, and support providers, strictly as necessary to operate, maintain, and secure the Service, and subject to contractual confidentiality and security obligations.

5.2 Customer Instructions

As directed by the Customer, such as when an administrator initiates data exports or grants access to Authorized Users.

5.3 Legal Requirements

When required to comply with applicable law, subpoena, court order, or other lawful government request. Where legally permitted, we evaluate such requests for validity before responding.

5.4 Protection of Rights

When necessary to protect the security, rights, property, or safety of XENRYA, LLC, Customers, users, or the public.

5.5 Business Transfers

In connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate confidentiality protections.

6. Data Retention

6.1 General

We retain information only for as long as reasonably necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements.

6.2 Customer Data

Customer Data is retained while a Customer maintains an active subscription and may be retained for a limited period following termination, subject to technical constraints and legal requirements. Customers are responsible for exporting any data they wish to retain.

6.3 Logs and Security Records

Operational, audit, and security logs are retained for reasonable periods to support system integrity, security monitoring, and abuse prevention.

7. Security

7.1 Safeguards

XENRYA, LLC implements reasonable administrative, technical, and organizational safeguards, including:

  • Encryption of data in transit using SSL/TLS
  • Secure session handling
  • Role-based access controls
  • Password hashing
  • Monitoring for suspicious or abusive activity
7.2 Shared Responsibility Model

TCM is a hosted service. Security depends on:

  • XENRYA, LLC’s application-level safeguards
  • The security controls of third-party hosting and infrastructure providers
  • Customer security practices, including password management, access revocation, and device security

No system is completely secure. Use of the Service is at your own risk.

7.3 Security Incidents

In the event of a confirmed data security incident involving Customer Data, XENRYA, LLC will notify affected Customers without unreasonable delay and within a reasonable timeframe, consistent with applicable law and contractual obligations. XENRYA, LLC does not accept liability for incidents beyond its reasonable control.

8. Data Location and International Transfers

TCM is currently hosted primarily in the United States using reputable commercial hosting providers. As the Service scales, data may be processed or stored in other jurisdictions where XENRYA, LLC or its service providers operate, using commercially reasonable safeguards.

By using the Service, you consent to the transfer, storage, and processing of information in these locations, subject to applicable law.

9. Your Privacy Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict processing of Personal Information.

If you use TCM through an organization, that organization controls your data. Requests should generally be directed to the Customer. XENRYA, LLC will assist Customers in responding to requests as required by law.

10. Children’s Privacy

TCM is not intended for use by children under 13 years of age, or such higher age as required by applicable law. XENRYA, LLC does not knowingly collect Personal Information from children.

11. Government Users and Public Records

Government Customers are responsible for compliance with FOIA, public records laws, and records-retention obligations. XENRYA, LLC does not determine disclosure obligations except as required by law.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Updates will be posted within the Service or on our website. Continued use of the Service after an update constitutes acceptance of the revised Privacy Policy.

13. Contact Information

Privacy and support inquiries: support@xenrya.com

End of Privacy Policy