Privacy notice · Pilot phase · 2026-04-12

Privacy notice

BoreReady collects only what it needs to deliver the certification workflow. This notice explains what, why, and how we protect it.

What we collect

• Learner data: legal name, contact info, enrollment records, module completions, hands-on session evidence, exam attempts, card issuance records. Required for DLI-compliant recordkeeping under Minn. Stat. § 326B.198, subd. 3.
• Provider data: company info, DLI license #, approved course #, instructor list, cohort records.
• Usage data: standard web-server logs (IP address, user agent, request timestamps) retained 90 days for troubleshooting and security.

Why we collect it

• To operate the certification workflow (enrollment, curriculum, exam, card)
• To produce audit-ready records DLI requires
• To communicate with providers and learners about their enrollments

How we protect it

• Hosted on Frappe Cloud — industry-standard server hardening and encryption at rest
• HTTPS everywhere — no plaintext credentials on the wire
• Role-based access control — each user sees only what their role permits
• Immutable audit trail — attempted tampering is recorded

Who sees your data

• Your provider's authorized admins (you pick who)
• BoreReady engineering staff (only when troubleshooting with your consent)
• Minnesota DLI, when they request audit records from your provider
• No one else. We don't sell data, run ads, or share records with third parties.

Your rights

You can request a copy of your data, correct inaccuracies, or request deletion (subject to statutory recordkeeping requirements — Minn. Stat. § 326B.198 requires certified-installer records to be retained through the certification cycle + one refresher period).

Contact

Privacy questions: jordandamhof@gmail.com.