CEvident

Privacy Policy

Last updated: 2026-03-06

1. Introduction

CEvident.io (operating as CEvident) ("Company", "we", "us", or "our") operates CEvident, a software-as-a-service platform for tracking dental continuing education (CE) compliance. This Privacy Policy explains how we collect, use, disclose, and protect your personal information.

By using CEvident, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us:

  • Account Information: Name, email address, password (hashed)
  • Professional Information: License state, license type (dentist/hygienist), license number (optional), renewal dates
  • CE Entry Data: Course names, providers, completion dates, hours, categories, uploaded certificates
  • CPR/BLS Data: CPR certification provider, certification and expiry dates, course format (live/online)
  • Payment Information: Processed by Stripe (we do not store payment card information)

2.2 Information Collected Automatically

We automatically collect certain information when you use the Service:

  • Usage Data: Pages visited, features used, time spent
  • Technical Data: IP address, browser type, device information (if collected)
  • Analytics Data: Aggregated, anonymized page views via Plausible Analytics (no cookies, no personal data)

2.3 Information from Third Parties

We may receive information from third-party services:

  • Stripe: Subscription status, billing history
  • Resend: Email delivery status
  • Convex: Database and storage services

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process your subscription and payments
  • Send you transactional emails (verification, password reset, renewal confirmations)
  • Calculate compliance status based on your CE entries
  • Respond to your support requests
  • Comply with legal obligations
  • Detect and prevent fraud or abuse

4. How We Share Your Information

We share your information with:

4.1 Service Providers

We use third-party service providers who process your information on our behalf:

  • Stripe: Payment processing (email, subscription status)
  • Resend: Email delivery (email addresses, email content)
  • Convex: Database and file storage (all user data)
  • OpenAI: AI-powered certificate parsing (uploaded certificate images/PDFs are sent to OpenAI for text extraction; data is not used for model training per OpenAI's API data usage policy)
  • Anthropic: Alternative AI provider for certificate parsing (same data as OpenAI above; used when configured as the AI provider)
  • Plausible Analytics: Analytics (aggregated, anonymized data only, no personal data)
  • Sentry: Error tracking (error logs, may contain user data)

All service providers are contractually required to protect your information and use it only for the purposes we specify. We do not sell or share your personal information for marketing purposes.

4.2 Legal Requirements

We may disclose your information if required by law or in response to valid legal requests (subpoenas, court orders, etc.).

5. Your Privacy Rights (CPRA/CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CPRA/CCPA):

  • Right to Know: Request access to your personal information
  • Right to Delete: Request deletion of your personal information
  • Right to Correct: Request correction of inaccurate information
  • Right to Opt-Out: Opt-out of sale or sharing of personal information (we do not sell your information)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

How to Exercise Your Rights: Submit a request by emailing support@cevident.io or using our Data Subject Access Request form. We will respond within 45 days (may be extended by 45 days with notice).

6. Data Retention

We retain your information for the following periods:

  • Active Accounts: Your data is retained for the duration of your active account.
  • Cancelled Subscriptions: After cancellation, your account remains in read-only mode for 90 days, after which your data is scheduled for deletion.
  • Account Deletion Requests: Upon request, your personal data will be permanently deleted within 30 days. You may request deletion by emailing support@cevident.io or by using the Data Subject Access Request form.
  • CE Records: CE entry data and uploaded certificates are retained for 7 years to align with common state audit periods, unless you request earlier deletion.
  • Audit Logs: System logs are retained for up to 7 years for security and compliance purposes.

When you delete your account, all personal information including your name, email, license information, CE entries, uploaded certificates, and CPR records are permanently removed. Anonymized, aggregated usage data may be retained for analytics purposes.

7. Security Measures

We implement reasonable security measures to protect your information:

  • Encryption: HTTPS in transit, encrypted storage at rest
  • Authentication: Password hashing (bcrypt/argon2), email verification
  • Access Controls: Role-based access, user data isolation
  • Monitoring: Error tracking, security event logging

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Cookies and Tracking

We use Plausible Analytics for website analytics. Plausible does not use cookies and does not collect personal data. We do not use advertising cookies or tracking pixels.

9. Children's Privacy

Our Service is not intended for children under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or by posting a notice on the Service. Your continued use of the Service after such notification constitutes acceptance of the updated Privacy Policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Email: support@cevident.io

Address: Online business - no physical location. For legal correspondence, contact support@cevident.io

For privacy-specific requests, you can also use our Data Subject Access Request form.