Security
A credential is only as good as its custody.
Emeri exists so that a grade can be trusted. That obligation extends to how we hold the data behind it. This page states, plainly, what we collect, how it is protected, and who processes it on our behalf. If a security review needs more than what is written here, write to us — a person answers.
What we hold, and what we deliberately do not
Emeri stores what the credential requires: your name as you want it to appear, your email address, your role category, your answers, and your results. The free check can be taken anonymously — we ask for identity only when it is about to appear on a credential.
We do not hold payment card details at any time. Payment runs entirely on Stripe; Emeri receives only confirmation that payment succeeded. We do not sell or share personal data for advertising, and exam responses are used for grading and integrity review — not for marketing.
How it is protected
All traffic is encrypted in transit with TLS. Application data lives in managed Postgres (Neon) with encryption at rest. Sessions are signed server-side; sign-in uses one-time magic links that expire in fifteen minutes rather than passwords, so there are no Emeri passwords to steal. Administrative access to production systems is limited to the operators of Emeri and protected by multi-factor authentication.
Credential integrity
Every badge carries a cryptographically signed token in its QR code. A verification page renders from the live registry and reports whether a scanned badge matches its record — which means a forged or altered badge fails verification in seconds, by design. Serial numbers and issue dates are a permanent matter of record.
Subprocessors
These providers process data on Emeri’s behalf. We keep this list current.
- Vercel
- Application hosting and content delivery
- Neon
- Managed Postgres — all application data
- Stripe
- Payment processing — card data never touches Emeri
- Anthropic
- AI examiner for scenario grading
- Resend
- Transactional email delivery
For teams and reviewers
Buying certifications for a team? We can provide a signed data processing agreement, a completed security questionnaire, and a W-9 on request. We answer security questionnaires personally and quickly — ask for what your review needs.
We publish real posture, not aspirations: certifications and audit reports will be listed here when they are in hand, with dates, and not before.
Reporting a vulnerability
If you believe you have found a security issue in Emeri, tell us at support@emeri.org. We read every report, we respond, and we credit good-faith researchers who give us time to fix what they find.