FAQ & Known Issues

Plain answers to the questions people actually ask. If yours isn't here, email contact@signalplane.co and we'll add it.

Attendance

I posted my code in chat but didn't get credit. Why?

Most common reasons, in order:

You posted outside the live window. Credit is only given for chat posted while the briefing is live (with a 15-minute pre-stream grace). Your dashboard shows a "posted outside window" notice if this is what happened.
Your YouTube channel was already bound to a different SC-CPE account. One channel per account. Check with the preflight tool before posting.
The message didn't contain three letters or digits. A message of just the 8-character code is fine; a single emoji is not.
The poller missed that stream. Rare but possible. File an appeal from your dashboard — admin-reconciled credits don't auto-link your YouTube channel but the credit will still show up.

I attended but my laptop crashed / YouTube glitched mid-stream.

As long as you posted one qualifying chat message while the stream was live, you're credited for the full session. Attendance is a binary signal, not a time-in-seat measure.

Why 0.5 CPE per session?

Continuing-education programs (ISC2, ISACA, CompTIA) count one full CPE per hour of instruction. The briefing runs roughly 30 minutes, so each session yields 0.5 CPE. Over a typical month of ~20 weekday briefings, that's 10 CPE with no extra effort.

Can I use more than one YouTube channel?

No. One SC-CPE account is bound to exactly one YouTube channel — the one you posted your verification code from. This keeps attendance records attributable and prevents one person from stacking credit via multiple accounts.

Certificates

Per-session vs. monthly bundle — which should I pick?

Monthly bundle (default) is best for most users. One PDF per month listing every session you attended, plus total hours. Easiest to upload to (ISC)² / ISACA / CompTIA CE portals.

Pick per-session if your employer's CPE audit requires one certificate per activity (uncommon). Or pick both if you want the monthly bundle AND an on-demand per-session PDF for any briefing. Per-session certs are signed within 2 hours of request.

What does an SC-CPE certificate actually prove?

See the Attendance Rule in the Terms for the authoritative wording. Plain-English summary:

SC-CPE certifies that a named recipient, identified by their bound YouTube channel, posted at least one qualifying chat message during each live Daily Threat Briefing on the date(s) listed, during the broadcast's active window. The message content is hash-logged but not persisted, so certificate integrity does not depend on message-content retention.

The cert is PAdES-T signed with the SC-CPE dedicated signing key, anchored to an RFC-3161 timestamp authority, and hash-linked into an append-only audit chain. Third parties can verify without talking to us via /verify.html.

I'm a CE-portal auditor. What's the shortest-possible answer on what this is?

Proof of live attendance at a cybersecurity-focused educational webinar. The attendee's identity is established through a YouTube channel binding (one-per-account) verified by an out-of-band code exchange. The certificate is PAdES-T signed and independently verifiable via the SHA-256 printed on the cert — the issuer (Simply Cyber LLC) does not need to be contacted. Credits map 1:1 with (ISC)² Group B / ISACA CPE / CompTIA CEU.

My cert shows "REVOKED". What happened?

An admin revoked it. The public verify page shows an opaque reason (e.g., issued_in_error, superseded, subject_request, key_compromise) so a relying party has enough signal without us exposing the underlying detail. If you think it was revoked in error, email contact@signalplane.co.

Will (ISC)² / ISACA / CompTIA actually accept this?

They accept self-attested continuing education under their respective CPE programs, and the SC-CPE cert has every field their portals ask for: name, issuer, date(s), hours, signature. We cannot guarantee acceptance — that's ultimately your certification body's policy call — but the cert format matches the category these programs define. See §5 of the Terms for the acceptance disclaimer.

Account & security

I clicked "Register" but got nothing. Where's my email?

Check spam — the sender is certs@signalplane.co which may look unfamiliar. Whitelist it.
Delivery typically lands within 2 minutes of registration. If it's been > 10 minutes, check /status.html to see whether the email-sender cron is stale.
You can re-register with the same email — we'll overwrite the pending code with a fresh one.

My dashboard URL got screenshotted / forwarded. What do I do?

Open your dashboard and click Rotate dashboard link. We'll email a new URL to the address on file; the old link stops working a few seconds later. No PII or cert data is lost in rotation — it's a pure URL change.

How do I delete my account?

From your dashboard: Delete my account. We scrub your email, legal name, and YouTube channel binding immediately, rotate your dashboard token so the old URL stops working, and hard-delete residual identifiers within 30 days.

One carve-out: certificates we already issued are kept indefinitely with their name-at-issuance snapshot, because third parties rely on them to verify past CPE submissions. See the Privacy Policy §4 for the GDPR Art. 17(3)(e) evidentiary detail.

Why does email come from `signalplane.co` instead of `simplycyber.io`?

signalplane.co is the operator's email domain, DKIM + SPF verified with Resend, DMARC in place. simplycyber.io is the community brand and will host the app's permanent DNS once cpe.simplycyber.io is wired. Splitting the two keeps brand and infrastructure separate — the email channel can be revoked without touching the community identity.

Known issues

Apex domain not wired yet. The canonical origin remains sc-cpe-web.pages.dev until cpe.simplycyber.io DNS is in place. Both will work once the apex lands; for now, bookmark the pages.dev URL.

DMARC policy is starting at p=quarantine. This is the recommended first step while we observe reports. It will tighten to p=reject after 2 weeks of clean receiver telemetry. Deliverability is unaffected either way.

Recovery email SLA is best-effort at launch. The outbox drainer runs every 2 minutes. Under burst load (> ~500 queued) recovery mail may arrive later than the 5-minute target. The backlog surfaces on /status.html; if you're waiting and the page says delays are in effect, that explains it.

Missing something? Open an issue at github.com/ericrihm/sc-cpe/issues or email contact@signalplane.co.

← Back to registration