We believe privacy is a fundamental right. Our platform is built with privacy by design, and we comply with GDPR, CCPA, and other applicable data protection regulations.
Under GDPR and similar regulations, individuals have specific rights regarding their personal data. Here's how we support each right.
Individuals can request a copy of all personal data we hold about them. We provide data exports in machine-readable format within 30 days of a verified request.
Individuals can request correction of inaccurate personal data. Our platform allows clients and administrators to update personal information directly.
Individuals can request deletion of their personal data ("right to be forgotten"). We process deletion requests within 30 days, subject to legal retention requirements.
Individuals can request their data in a structured, commonly used, machine-readable format. We provide JSON and CSV exports of all personal data.
Individuals can request that we limit how their data is processed. We support data processing restrictions at the account level.
Individuals can object to processing of their personal data for specific purposes. We honor objections to marketing communications immediately.
How we collect, process, and protect personal data across the Credence platform.
We process personal data only when we have a lawful basis: contract performance (providing our services), legitimate interest (improving our platform), consent (marketing communications), or legal obligation (regulatory compliance).
We collect only the personal data necessary to provide our services. Credit report data is processed for dispute purposes only and is not used for marketing, profiling, or any secondary purpose.
Personal data is collected for specified, explicit, and legitimate purposes. We do not process data in ways that are incompatible with the original purpose of collection.
Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected. We maintain a data retention schedule aligned with regulatory requirements.
Privacy considerations are integrated into every feature from the design phase. We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities.
When personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.
We use a limited number of sub-processors to provide our services. Each is bound by data processing agreements.
| Category | Purpose |
|---|---|
| Cloud Infrastructure | Application hosting and data storage |
| Email Service Provider | Transactional email delivery |
| Payment Processor | Subscription billing and payment processing |
| Analytics Platform | Anonymous usage analytics for product improvement |
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information. These include the right to know what personal information we collect, the right to delete your personal information, the right to opt out of the sale of personal information, and the right to non-discrimination for exercising your privacy rights.
We do not sell personal information. Credence Credit does not sell, rent, or trade personal information to third parties for monetary or other valuable consideration.
To exercise your CCPA rights, contact us at [email protected]. We will verify your identity and respond within 45 days.
For any questions about our data protection practices, to exercise your data subject rights, or to file a complaint, please contact our Data Protection Officer:
Email: [email protected]
We aim to respond to all data protection inquiries within 72 hours and to fulfill data subject requests within 30 days.