SC-CPE — FAQ & Known Issues

I posted my code in chat but didn't get credit. Why?

Most common reasons, in order:

• You posted outside the live window. Credit is only given for chat posted while the briefing is live (with a 15-minute pre-stream grace). Your dashboard shows a "posted outside window" notice if this is what happened.
• Your YouTube channel was already bound to a different SC-CPE account. One channel per account.
• The message didn't contain three letters or digits. A message of just the SC-CPE{...} code is fine; a single emoji is not.
• The poller missed that stream. Rare but possible. File an appeal from your dashboard — admin-reconciled credits don't auto-link your YouTube channel but the credit will still show up.

How do I file an appeal for missed credit?

Open your dashboard and find the date in the attendance calendar. Missed weekdays show an "appeal?" link. Click it, optionally describe what happened, and submit. An admin reviews the appeal and either grants or denies it. Granted appeals credit 0.5 CPE just like a regular attendance.

I attended but my laptop crashed / YouTube glitched mid-stream.

As long as you posted one qualifying chat message while the stream was live, you're credited for the full session. Attendance is a binary signal, not a time-in-seat measure.

Why 0.5 CPE per session?

CE bodies count instruction time, not video time. The Daily Threat Briefing is about an hour of wall-clock, but Simply Cyber conservatively scopes the CPE-countable instructional portion to roughly 30 minutes per briefing — opens, ads, audience Q&A, and sign-off don't contribute to instructional minutes. Thirty minutes maps cleanly to 0.5 CPE under ISC2 / ISACA / CompTIA accounting, and using a conservative instructional-minutes figure keeps the certificate defensible if an auditor ever asks why a 60-minute stream yielded half a credit.

Twenty weekday briefings per month still totals 10 CPE.

Can I use more than one YouTube channel?

No. One SC-CPE account is bound to exactly one YouTube channel — the one you posted your verification code from. This keeps attendance records attributable and prevents one person from stacking credit via multiple accounts.

Per-session vs. monthly bundle — which should I pick?

Monthly bundle (default) is best for most users. One PDF per month listing every session you attended, plus total hours. Easiest to upload to (ISC)² / ISACA / CompTIA CE portals.

Pick per-session if your certification body's audit process asks for one record per CPE activity — this is uncommon; bundled multi-activity records are a common format under self-attested CE submission workflows at ISC2, ISACA, and CompTIA, though your certification body's current documentation requirements take precedence. Or pick both if you want the monthly bundle AND an on-demand per-session PDF for any briefing. Per-session certs are signed within 2 hours of request.

What does an SC-CPE certificate actually prove?

See the Attendance Rule in the Terms for the authoritative wording. Plain-English summary:

The cert is PAdES-T signed with the SC-CPE dedicated signing key, anchored to an RFC-3161 timestamp authority, and hash-linked into an append-only audit chain. Third parties can verify without talking to us via /verify.html.

I'm a CE-portal auditor. What's the shortest-possible answer on what this is?

How does SC-CPE prove attendance if chat messages aren't stored?

When the poller sees your chat message during the live broadcast, it records three things in the attendance database:

• The YouTube message ID — a permanent identifier assigned by YouTube to every chat message.
• A SHA-256 hash of the message text — a cryptographic fingerprint that proves a specific message existed, without retaining the text itself.
• The timestamp YouTube assigned to the message, confirming it was posted during the live window.

The raw chat text is purged after 7 days (GDPR data minimisation). The hash, message ID, and timestamp survive indefinitely alongside the hash-chained audit log entry recording the credit. If an auditor needs to verify the original message, the YouTube message ID can be checked against YouTube's own records (while the chat replay remains available).

This means SC-CPE's attendance proof does not depend on retaining your chat messages long-term — the cryptographic commitment is the anchor, not the plaintext.

Are appeal-granted or admin-granted credits distinguishable from regular attendance?

Yes. Every attendance row carries a source field: poll (the poller saw your chat message), appeal_granted (an admin approved your appeal), or admin_manual (an operator correction). Each source writes a distinct action in the hash-chained audit log. An auditor with database access can always tell how a specific session's credit was earned.

The public verify portal confirms a certificate is authentic and unrevoked, but does not surface the per-session credit source — that level of detail is available in the audit trail, not on the cert face.

My cert shows "REVOKED". What happened?

An admin revoked it. The public verify page shows an opaque reason (e.g., issued_in_error, superseded, subject_request, key_compromise) so a relying party has enough signal without us exposing the underlying detail. If you think it was revoked in error, email certs@signalplane.co.

Will (ISC)² / ISACA / CompTIA actually accept this?

They accept self-attested continuing education under their respective CPE programs. SC-CPE certificates include all seven fields ISACA requires for audit evidence: attendee name, sponsoring organization, activity title, activity description, date(s), CPE hours awarded, and organizational attestation (PAdES-T digital signature). We cannot guarantee acceptance — that's ultimately your certification body's policy call — but the cert format satisfies the documentation requirements these programs publish. See §5 of the Terms for the acceptance disclaimer.

ISACA 2027 update: Starting January 2027, ISACA splits CPE into certification-aligned (90 CPE minimum) and professional-aligned (30 CPE maximum) categories. The Daily Threat Briefing covers cybersecurity threats, risk management, security operations, and governance — these map to certification-aligned domains for CISA, CISM, CRISC, and CGEIT. No action required on your part; SC-CPE certificates already include the activity description needed for domain-relevance verification under the new rules.

I clicked "Register" but got nothing. Where's my email?

• Check spam — the sender is certs@signalplane.co which may look unfamiliar. Whitelist it.
• Delivery typically lands within 2 minutes of registration. If it's been > 10 minutes, check /status.html to see whether the email-sender cron is stale.
• You can re-register with the same email — we'll overwrite the pending code with a fresh one.

My dashboard URL got screenshotted / forwarded. What do I do?

Open your dashboard and click Rotate dashboard link. We'll email a new URL to the address on file; the old link stops working a few seconds later. No PII or cert data is lost in rotation — it's a pure URL change.

How do I delete my account?

From your dashboard: Delete my account. We scrub your email, legal name, and YouTube channel binding immediately, rotate your dashboard token so the old URL stops working, and hard-delete residual identifiers within 30 days.

One carve-out: certificates we already issued are kept indefinitely with their name-at-issuance snapshot, because third parties rely on them to verify past CPE submissions. See the Privacy Policy §4 for the GDPR Art. 17(3)(e) evidentiary detail.

Why does email come from signalplane.co instead of simplycyber.io?

signalplane.co is the operator's email domain, DKIM + SPF verified with Resend. simplycyber.io is the community brand and will host the app's permanent DNS once cpe.simplycyber.io is wired. Splitting the two keeps brand and infrastructure separate — the email channel can be revoked without touching the community identity.

Can I access my dashboard without the email link every time?

Yes. When you first open your dashboard, you'll see a "Remember this device?" prompt. If you click "Yes, remember me," the site saves your session in your browser's local storage. Next time, just visit sc-cpe-web.pages.dev/dashboard directly — no email link needed.

The saved session expires after 30 days. You can clear it any time by clicking "Forget this device" on the dashboard. Only use this on a personal device you trust — on shared or public computers, click "No thanks."

What is the attendance streak?

Your dashboard tracks consecutive weekdays you've attended the Daily Threat Briefing. Weekends don't break the streak. You'll see both your current streak and your longest streak.

What is the renewal tracker?

If you're working toward a certification renewal deadline (e.g., CISSP requires 120 CPE over 3 years), set up the renewal tracker on your dashboard. Enter your cert name, deadline, and CPE required — the dashboard shows a progress bar with how many CPE you've earned so far and how many days remain.

Can I download all my certificates at once?

Yes. If you have two or more downloadable certificates, a "Download All (ZIP)" button appears on your dashboard. It bundles all your signed PDFs into a single ZIP file.

How does the community leaderboard work?

The leaderboard ranks users by CPE earned in the current calendar month. It's entirely opt-in — toggle "Show me on the leaderboard" on your dashboard to appear. Only your first name and last initial are shown (e.g., "Alex T."). Your email and full name are never displayed.

What is the achievement badge?

Your badge is a shareable SVG image showing your CPE earned, attendance streak, and total sessions. Share it on LinkedIn or X directly from your dashboard via the "Share achievement" button — or share the badge page URL with anyone.