Privacy Policy

Last updated: May 24, 2026

The Open Source Proficiency Institute (“OSPI,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy describes how we collect, use, disclose, and protect personal information when you use our website at https://ospinstitute.org and related services (collectively, the “Services”), including the public site, candidate portal, exam enrollment and delivery, credential verification, and community advisory poll.

By using the Services, you acknowledge this Privacy Policy. If you do not agree, please do not use the Services. Examination participation is also subject to our Terms & Conditions.

Who we are

OSPI is an independent certification body offering performance-based, hands-on examinations for open source operational skills. For privacy inquiries, contact us at contact@ospinstitute.org.

Information we collect

Depending on how you use the Services, we may collect:

Account and identity

• Name, email address, and authentication details when you create a portal account (email/password or third-party sign-in such as Google, if enabled).
• Portal session identifiers stored in cookies to keep you signed in.

Enrollment, payment, and scheduling

• Exam selection, scheduled date and time, timezone, confirmation codes, and enrollment status.
• Payment-related metadata (for example, transaction identifiers and amounts). Card payments are processed by Stripe; we do not store full payment card numbers on our servers.
• Voucher codes and redemption history, if you use a voucher to schedule an exam.

Exam delivery and proctoring

• Check-in timestamps and exam-session activity in the portal (for example, when you complete identity and room verification steps).
• Information required to operate your exam environment (for example, provision of a dedicated exam virtual machine, SSH access credentials, and technical logs needed for security and grading).
• Screen-sharing session data occurs in your browser during proctoring; we do not intend to record or store video or audio unless separately disclosed at check-in.
• Automated grading outputs (scores, pass/fail, and related technical logs) associated with your enrollment.

Credentials and verification

• Certification records (candidate name, exam passed, issue and expiry dates, certificate identifiers) displayed in your portal and on our public verification page when someone searches with your certificate ID.

Communications

• Transactional email. We send service-related messages you request or that are necessary to deliver exams, such as enrollment confirmation, exam reminders, and results. These are sent from no-reply@ospinstitute.org. That address is not monitored; reply to contact@ospinstitute.org for support.
• Direct contact. If you email contact@ospinstitute.org, we receive the information you choose to send.
• Launch notifications. If you sign up to be notified when a coming-soon exam opens for enrollment, we store your email and exam interest.

Advisory poll

• Vote selections stored with a random browser identifier in a cookie (ospi_vid). We do not require your name or email to vote.

Technical and security data

• IP address, browser type, device information, pages visited, and timestamps in server and application logs.
• Security and anti-abuse signals (for example, CSRF tokens, rate limiting, and fraud prevention related to payments).

How we use information

We use personal information to:

• Provide, operate, and improve the Services
• Process enrollments, payments, vouchers, and exam scheduling
• Deliver live exam environments, proctoring workflows, and automated grading
• Issue and verify OSPI credentials
• Send transactional email related to your enrollments and exams
• Respond to support requests and enforce our terms and exam rules
• Operate the advisory poll and display aggregated results
• Maintain security, prevent fraud, and comply with law

We do not sell your personal information. We do not use enrollment email addresses for unrelated marketing without your consent.

Legal bases (EEA/UK visitors)

Where applicable law requires a legal basis, we process personal information based on: performance of a contract (providing exams and credentials you request), legitimate interests (security, fraud prevention, improving the Services), compliance with legal obligations, and consent where we ask for it explicitly (for example, optional notifications).

Cookies and similar technologies

• Portal session. Required to authenticate you in the candidate portal.
• Advisory poll (ospi_vid). Functional cookie to limit duplicate votes per technology.
• Security. Tokens that help protect forms from cross-site request forgery.

You can control cookies through your browser settings. Disabling required cookies may prevent sign-in or exam access.

How we share information

We may share personal information with:

• Service providers who assist us under contractual obligations, such as cloud hosting (for example, Amazon Web Services), email delivery (for example, Amazon SES or other SMTP providers), and payment processing (Stripe).
• Professional advisors where reasonably necessary (for example, lawyers or accountants).
• Authorities when required by law, court order, or to protect rights, safety, and integrity of the Services.
• Business transfers in connection with a merger, acquisition, or asset sale, subject to appropriate confidentiality protections.

Public credential verification displays only the information necessary to confirm a certificate (for example, name, certification title, status, and dates) when a valid certificate identifier is supplied.

International transfers

We are based in the United States. If you access the Services from other countries, your information may be processed in the United States and other locations where our service providers operate. We take steps designed to protect information consistent with this policy and applicable law.

Data retention

We retain information only as long as needed for the purposes described above, including:

• Enrollment and exam records: for the life of your certification relationship, dispute resolution, audit, and legal compliance (typically multiple years unless a shorter period is required by law).
• Exam environment technical data: for a limited period after your exam window for grading, security review, and operations.
• Server logs: for a limited operational and security period.
• Advisory poll data: while the poll operates and for aggregated planning purposes.
• Support email: as long as needed to address your inquiry and maintain reasonable business records.

Your choices and rights

Depending on where you live, you may have rights to:

• Access, correct, or delete certain personal information
• Object to or restrict certain processing
• Withdraw consent where processing is consent-based
• Port data you provided in a structured format where applicable

To make a request, email contact@ospinstitute.org. We may need to verify your identity. We will respond within the time required by applicable law. You may also have the right to lodge a complaint with a supervisory authority.

You can update some account information in the portal. You may opt out of non-essential communications by contacting us. Transactional exam email cannot be disabled while you have an active enrollment.

Security

We use administrative, technical, and organizational measures designed to protect personal information, including encryption in transit (HTTPS), access controls, and isolated exam environments. No method of transmission or storage is completely secure.

Children

The Services are not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us information, contact contact@ospinstitute.org.

Third-party links and software

The Services may reference third-party documentation, tools, or websites (for example, vendor documentation allowed during an exam). OSPI does not control third-party privacy practices. Exam tasks may require you to use open source software under separate licenses.

Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top indicates the current version. Material changes may be communicated through the Site or by email where appropriate. Continued use after changes take effect constitutes acceptance of the updated policy.

Contact

Privacy questions and requests: contact@ospinstitute.org
Website: https://ospinstitute.org