Back to Home
Cerberus Verify ID
Legal

Privacy Policy

Effective Date: May 22, 2026  ·  Last Updated: May 22, 2026

1. Introduction

Cerberus Verify ID ("Company," "we," "us," or "our") operates the Cerberus Verify ID biometric attendance verification platform ("Platform"). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Platform as a continuing education (CE) provider, attendee, or accreditor.

By accessing or using the Platform, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use immediately.

2. Biometric Data — Special Notice

⚠ Important: Biometric Information

Cerberus Verify ID uses WebAuthn-based biometric authentication (fingerprint, face recognition) for attendee identity verification. Biometric data never leaves your device. We do not collect, store, transmit, or process raw biometric identifiers on our servers. Authentication is performed locally on the attendee's device using the device's secure enclave. Only a cryptographic credential (public key) is stored on our servers — this cannot be reverse-engineered into biometric data.

This architecture is designed to comply with biometric privacy laws including the Illinois Biometric Information Privacy Act (BIPA) and similar state statutes. No biometric template, scan, or identifier is retained by Cerberus Verify ID.

3. Information We Collect

3a. Provider Accounts

  • Name, email address, organization name
  • Billing information (processed by Stripe — we do not store card numbers)
  • Session data: course names, dates, attendee counts, credit hours
  • Usage data: login timestamps, feature usage, IP address

3b. Attendee Accounts

  • Name, email address, profession, credential type
  • Check-in and check-out timestamps
  • Re-verification timestamps (not biometric data — only the time of successful verification)
  • CE credits earned, certificate numbers
  • WebAuthn public key credential (cryptographic only — not biometric)

3c. Automatically Collected Data

  • Browser type, operating system, device type
  • IP address and approximate location
  • Pages visited, time on page, referring URL

4. How We Use Your Information

  • To provide, operate, and maintain the Platform
  • To verify attendee identity and issue CE certificates
  • To process payments and manage subscriptions
  • To send transactional emails (certificates, confirmations, billing notices)
  • To enforce compliance with CE session requirements
  • To improve the Platform and develop new features
  • To comply with legal obligations and respond to lawful requests
  • To detect and prevent fraud, abuse, or security incidents

5. HIPAA Alignment

Cerberus Verify ID is designed with HIPAA-aligned security practices for healthcare CE providers. This includes encrypted data transmission (TLS), access controls, audit logging, and data minimization principles. Note: CE attendance records are generally not considered Protected Health Information (PHI) under HIPAA. If your use case involves PHI, please contact us to discuss a Business Associate Agreement (BAA).

6. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

  • Stripe — payment processing (governed by Stripe's Privacy Policy)
  • CE Providers — attendees' attendance records are accessible to the provider who hosted the session
  • Accrediting Bodies — only with provider authorization and only data required for accreditation reporting
  • Legal Requirements — when required by law, court order, or to protect rights and safety

7. Data Retention

We retain account data for as long as your account is active. CE attendance records and certificates are retained for a minimum of 7 years to support professional licensing requirements. You may request deletion of your account; however, attendance records may be retained to satisfy legal and accreditation obligations.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data (subject to retention obligations)
  • Opt out of marketing communications
  • Data portability (receive your data in a machine-readable format)

To exercise these rights, contact us at [email protected].

9. Security

We implement industry-standard security measures including TLS encryption in transit, encrypted storage at rest, role-based access controls, and regular security reviews. No system is 100% secure; we encourage you to use strong passwords and report any suspected security issues to [email protected].

10. Children's Privacy

The Platform is not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify registered users of material changes via email or a prominent notice on the Platform. Continued use after changes constitutes acceptance of the updated policy.

12. Contact Us

Cerberus Verify ID

Privacy inquiries: [email protected]

Security issues: [email protected]

General: [email protected]

© 2026 Cerberus Verify ID. All rights reserved.

Terms of ServiceHome