The short version. Certmesa is hosted in the European Union. It does not track you, profile you, or sell anything about you. There is no analytics provider, no advertising network, and no third-party cookie.
Certmesa runs entirely as static HTML, CSS and JavaScript served from a server in the EU. There is no account system, no login, and no form submission of any kind. As a consequence, the site does not collect or process:
The site sets no cookies. It uses a single browser localStorage entry, certmesa-theme, to remember whether you chose the dark or light theme. This value never leaves your device. If you clear your browser storage, it disappears.
The site currently loads two web fonts (Inter and JetBrains Mono) from fonts.googleapis.com. Google receives a request for the font file when your browser fetches it. We are migrating these fonts to be served from the same EU server as the rest of the site to remove this third-party request entirely.
No other third-party scripts, trackers, advertising networks, or content delivery networks are used.
The site runs a small server-side counter at /count.php. When you start a practice test it records one event ("test started", with the certification id). When you complete a test it records a second event ("test completed", with the certification id and your score out of ten).
That is the entirety of what is recorded. The counter does not store IP addresses, user agents, referrers, browser fingerprints, country, language, time-of-day, or any other identifier that could be linked back to you. It writes to a single JSON file containing aggregate totals only, for example "test_start:ccfa = 42", never per-event rows. The aggregate is publicly visible at /stats.
The purpose of the counter is to let the site operator see which certifications people actually practice for, so that effort goes into building question banks people will use. If you would like to opt out, blocking /count.php in your browser or ad blocker prevents the events from being recorded; the site will continue to work normally.
Every question, answer option and explanation on this site is original work, written from the publicly available exam objective documents published by each certification body. Nothing is harvested from real certification exams. No exam dumps, no leaked exam pools, no sat-and-recalled questions, no reproduction of confidential exam content.
The hosting provider keeps standard web server access logs (request URL, timestamp, status code, transient IP) for the technical purpose of operating the server and defending against abuse. These logs are retained for the minimum operational window and are not shared with any third party.
When you take a practice test, your individual answers are evaluated entirely in the browser. The review page is generated locally on your device. The only thing that leaves your browser is the aggregate counter event described above: your final score (an integer out of ten) without any session, identity or per-question data attached to it. The score is added to a running sum and count for that certification so an average can be displayed on the stats page; individual scores are never stored.
If you have questions about how this site handles data, write to webmaster[at]certmesa.com.