California Privacy Notice

Last Updated: December 2025

This California Privacy Notice (the “Notice”) supplements the information in our main Privacy Policy and applies solely to individuals who reside in the State of California. It describes how Ampliro AB (“Ampliro”, “we”, “us”, or “our”) collects, uses, discloses, and retains personal information in connection with the Diplino service available at diplino.com (the “Service”).

Ampliro AB is a company established in Sweden and is the legal entity responsible for the processing of your personal information in connection with Diplino.


Scope and Relationship to Our Privacy Policy

This Notice should be read together with our main Privacy Policy. In case of any conflict between this Notice and our Privacy Policy with respect to California residents, this Notice will prevail.

References to “personal information” in this Notice have the meaning given to that term under the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA).

This Notice does not apply to information that is exempt from the CCPA, such as:

  • Publicly available information
  • De-identified or aggregated information
  • Certain business-to-business information that may be excluded under applicable law

Notice at Collection

We collect personal information about you when you:

  • Create or manage an account with Diplino
  • Use the Service to issue, receive, manage, or verify digital certificates and credentials
  • Interact with our websites, dashboards, and APIs
  • Communicate with us (for example via email or support channels)

We may collect the following categories of personal information, as defined under California law:

  • Identifiers

    • Name, email address, account ID, IP address, cookie identifiers, and similar unique identifiers.
  • Customer Records Information

    • Account profile details (e.g., role, organization, country), billing contact details, and limited payment-related information (processed via our payment providers).
  • Commercial Information

    • Records of certificates created, issued, or received; subscription details; transaction history related to your use of the Service.
  • Internet or Other Electronic Network Activity Information

    • Device information, browser type, operating system, referring URLs, pages viewed, time and date of visits, and other usage data relating to your interaction with diplino.com and our dashboards.
  • Professional or Employment-Related Information

    • Job title, employer/organization name, department, and similar information, primarily for users who manage or receive certificates in a professional context.
  • Geolocation Data (Approximate)

    • Approximate location derived from your IP address (e.g., city, region, country) to help us understand where our Service is used and to ensure compliance with applicable laws.
  • Inferences Drawn from Other Personal Information

    • Preferences or usage patterns we derive from your use of the Service (for example, features you use frequently) to improve and personalize the Service.
  • Other Information You Choose to Provide

    • Information contained in free-text fields, support requests, feedback, or communications with us.

We do not intentionally collect or use “sensitive personal information” (such as precise geolocation, payment card numbers combined with access codes, government identifiers, etc.) for purposes that would give rise to a right to limit the use of such information under California law.

We will not collect additional categories of personal information, or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you with notice.


Sources of Personal Information

We obtain personal information from the following categories of sources:

  • Directly from you
    When you create or manage an account, issue or receive certificates, sign in, contact us, or otherwise use the Service.

  • From your organization
    If your employer, customer, or another organization uses Diplino and adds you as an administrator, instructor, issuer, or certificate recipient.

  • Automatically from your devices
    Through cookies, log files, and similar technologies when you visit diplino.com, use our dashboards, or interact with our APIs.

  • Service providers and partners
    For example, analytics providers, payment providers, and hosting providers that support our Service.


Purposes for Collecting and Using Personal Information

We use the personal information we collect for the following business and commercial purposes:

  • To provide and operate the Service

    • Creating and managing user accounts and organizations
    • Issuing, storing, and verifying digital certificates and credentials
    • Enabling recipients, employers, and third parties to validate certificates
  • To manage subscriptions and process payments

    • Administering subscription plans, invoicing, and payments
    • Handling renewals, upgrades, and downgrades
  • To provide customer support and communicate with you

    • Responding to inquiries, support requests, and feedback
    • Sending important notices about the Service, including security, technical, and administrative messages
  • To maintain security and prevent abuse

    • Detecting, investigating, and preventing fraud, abuse, or security incidents
    • Protecting the integrity of our systems, infrastructure, and users
  • To improve and develop our Service

    • Analyzing usage patterns, performance, and trends
    • Developing new features, products, and services
    • Enhancing user experience and usability
  • To comply with legal obligations and enforce our rights

    • Meeting tax, accounting, and other regulatory requirements
    • Enforcing our Terms of Service and other agreements
    • Protecting our legal rights, privacy, safety, and property, as well as those of our users and third parties

Disclosure of Personal Information

We may disclose the categories of personal information described above to the following categories of recipients for the business purposes described in this Notice:

  • Service Providers

    • Providers of hosting, infrastructure, analytics, payment processing, customer support tools, email delivery, and other technical services that help us operate Diplino.
  • Your Organization or Other Users

    • If you use Diplino as part of an organization, we may disclose your information (such as your name, email, and role) to other authorized users within that organization.
    • When a certificate is issued, certain information about the certificate and certificate holder may be visible to the issuer, recipient, and any third parties who verify the certificate, depending on the settings chosen by the issuing organization.
  • Professional Advisers

    • Legal, accounting, and other professional advisers as necessary for us to obtain professional services.
  • Authorities and Legal Recipients

    • Government authorities, regulators, or law enforcement where required by applicable law or where necessary to protect our rights, property, or safety, or that of our users or third parties.

We do not knowingly disclose personal information to third parties for their own independent marketing purposes.


Sale or Sharing of Personal Information

Under California law, “sale” and “sharing” have specific meanings and may include certain disclosures of personal information in exchange for money or other valuable consideration, or for cross-context behavioral advertising.

  • We do not sell personal information for monetary consideration.
  • As of the date of this Notice, we also do not “share” personal information for cross-context behavioral advertising in the sense defined by California law.

If we later decide to sell or share personal information in a way that is subject to California’s “right to opt-out,” we will update this Notice and provide you with appropriate opt-out mechanisms.


Data Retention

We retain personal information for as long as reasonably necessary to:

  • Provide and maintain the Service (including the ability to verify previously issued certificates)
  • Support the legitimate business purposes described in this Notice
  • Comply with our legal and regulatory obligations
  • Resolve disputes and enforce our agreements

In practice, this generally means:

  • Account and organization data is retained while your account is active and for a reasonable period thereafter, in line with our backup, archival, and legal obligations.
  • Certificate and verification data may be retained for longer periods to allow organizations, certificate holders, and third parties to verify certificates, unless deletion is requested and permitted under applicable law and under our agreements with the relevant organization.

When we no longer need personal information for the purposes described above, we will delete it or de-identify it.


Your California Privacy Rights

As a California resident, you may have the following rights under the CCPA, as amended by the CPRA:

Right to Know / Access

You have the right to request that we disclose:

  • The categories of personal information we have collected about you
  • The categories of sources from which the personal information is collected
  • The business or commercial purposes for collecting your personal information
  • The categories of third parties to whom we disclose personal information
  • The specific pieces of personal information we have collected about you

Right to Delete

You have the right to request that we delete personal information we have collected from you, subject to certain exceptions. For example, we may retain information where necessary to:

  • Complete a transaction or provide a service you requested
  • Detect security incidents or protect against fraudulent or illegal activity
  • Comply with legal obligations
  • Enable the ongoing verification of certificates where we are required to retain certain records on behalf of an organization

Right to Correct

You have the right to request that we correct inaccurate personal information that we maintain about you, taking into account the nature of the personal information and the purposes of the processing.

Right to Opt-Out of Sale or Sharing

You have the right to direct us not to sell or share your personal information.
As stated above, we do not currently sell or share personal information in a manner that gives rise to this right. If that changes, we will update this Notice and provide an accessible mechanism for you to exercise your opt-out rights.

Right to Limit Use and Disclosure of Sensitive Personal Information

If we collect “sensitive personal information” as defined under California law, you may have the right to limit its use and disclosure to certain permitted purposes.
At this time, we do not use or disclose sensitive personal information in a way that would give rise to this right.

Right to Non-Discrimination

We will not discriminate against you for exercising any of your rights under California law. This means, for example, that we will not:

  • Deny you goods or services
  • Charge you different prices or rates
  • Provide you with a different level or quality of services

because you have exercised your privacy rights.


How to Exercise Your California Rights

You (or your authorized agent) can submit a request to exercise your California privacy rights in the following ways:

  1. Via your account dashboard (where available)

    • Use your in-product privacy or account settings to:
      • Access certain personal information
      • Download data (if a “Download My Data” feature is available)
      • Delete your account (if a “Delete My Account” feature is available)
  2. By email

    • Contact us at: privacy@diplino.com
    • Please include “California Privacy Request” in the subject line and specify the right(s) you wish to exercise.
  3. By mail

    • You may also write to us at:
      Ampliro AB
      Attn: Privacy / Diplino
      Warfvinges väg 31
      112 51 Stockholm
      Sweden

We will take steps to verify your identity before fulfilling your request, which may include verifying your email address, requesting additional information, or asking you to log in to your account.

If you authorize an agent to make a request on your behalf, we may require:

  • Proof that the agent is authorized to act on your behalf (e.g., written authorization signed by you), and
  • Verification of your identity directly with us, where required by law.

We will respond to verified requests within the timeframes required by California law, typically within 45 days, and may extend this period where permitted.


Contact Us

If you have any questions about this California Privacy Notice or how we handle your personal information, you can contact us at:

  • Email: privacy@diplino.com
  • Postal Address:
    Ampliro AB
    Attn: Privacy / Diplino
    Warfvinges väg 31
    112 51 Stockholm
    Sweden

Please also refer to our main Privacy Policy for more details about our data practices.