Privacy Policy

Credence Credit Inc. ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our credit repair CRM platform and related services (collectively, the "Service"). This Privacy Policy applies to all users of the Service, including credit repair company operators ("Business Users"), their team members ("Staff Users"), and the end-customers of credit repair companies who access the client portal ("Client Users"). By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described herein, please do not use the Service.

2.1 Information You Provide Directly Business Users: Company name, contact name, email address, phone number, business address, payment information, tax identification numbers, and business license information. Staff Users: Name, email address, phone number, role and permission settings, and profile information. Client Users: Name, email address, phone number, mailing address, date of birth, last four digits of Social Security Number, credit report data, dispute correspondence, identity verification documents, and communication history. 2.2 Information Collected Automatically When you use the Service, we automatically collect: • Device information (browser type, operating system, device identifiers) • Log data (IP address, access times, pages viewed, referring URLs) • Usage data (features used, actions taken, time spent on pages) • Cookie and tracking technology data 2.3 Information from Third Parties We may receive information from: • Credit bureaus (Equifax, Experian, TransUnion) when processing credit monitoring integrations • Payment processors for transaction verification • Identity verification services • Analytics providers

We use the information we collect for the following purposes: Service Delivery: To provide, maintain, and improve the Service, including processing disputes, generating reports, and facilitating communications between credit repair companies and their clients. Account Management: To create and manage your account, process payments, and communicate with you about your subscription. AI Features: To power our AI-driven features, including credit report analysis, dispute letter generation, and dispute strategy recommendations. AI processing is performed on your data solely to provide these features to you. Analytics: To understand how the Service is used, identify trends, and improve our products. We use aggregated and anonymized data for this purpose. Security: To detect, prevent, and address fraud, unauthorized access, and other security issues. Communications: To send you service-related notices, updates, security alerts, and support messages. We may also send promotional communications with your consent. Legal Compliance: To comply with applicable laws, regulations, and legal processes, including the Fair Credit Reporting Act (FCRA) and the Credit Repair Organizations Act (CROA).

We do not sell your personal information. We may share your information in the following circumstances: Service Providers: We share information with third-party service providers who perform services on our behalf, including cloud hosting (Amazon Web Services), payment processing, email delivery, and analytics. These providers are contractually obligated to protect your information. Within Your Organization: Business Users and Staff Users within the same organization can access client data as permitted by their role-based access controls. Credit Bureaus: When you use our dispute management features, we facilitate the transmission of dispute letters and supporting documentation to credit bureaus on behalf of your clients. Legal Requirements: We may disclose your information if required by law, subpoena, court order, or other legal process, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others. Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. With Your Consent: We may share your information for other purposes with your explicit consent.

We implement comprehensive security measures to protect your information: Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Access Controls: Role-based access controls ensure that only authorized personnel can access sensitive data. Multi-factor authentication is available for all accounts. Infrastructure: Our Service is hosted on enterprise-grade cloud infrastructure with SOC 2 Type II certification, regular penetration testing, and 24/7 monitoring. Employee Training: All employees undergo regular security awareness training and are bound by confidentiality agreements. Incident Response: We maintain a comprehensive incident response plan and will notify affected users within 72 hours of discovering a data breach, as required by applicable law. While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining the highest industry standards.

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy: Active Accounts: We retain your data for the duration of your active subscription. After Termination: Upon account termination, we retain your data for 90 days to allow for data export. After this period, we will securely delete your data, except where retention is required by law. Legal Requirements: We may retain certain information for longer periods as required by applicable laws, including tax and accounting regulations, or to resolve disputes. Aggregated Data: We may retain anonymized and aggregated data indefinitely for analytics and product improvement purposes. You may request deletion of your data at any time by contacting us at [email protected].

Depending on your jurisdiction, you may have the following rights: Right to Access: You may request a copy of the personal information we hold about you. Right to Correction: You may request that we correct inaccurate or incomplete personal information. Right to Deletion: You may request that we delete your personal information, subject to certain exceptions. Right to Portability: You may request a copy of your data in a structured, machine-readable format. Right to Opt-Out: You may opt out of promotional communications at any time by clicking the "unsubscribe" link in our emails or contacting us directly. Right to Restrict Processing: You may request that we limit the processing of your personal information in certain circumstances. Right to Object: You may object to the processing of your personal information for certain purposes. California Residents (CCPA/CPRA): California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information is collected, the right to delete, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

We use cookies and similar tracking technologies to enhance your experience: Essential Cookies: Required for the Service to function properly, including authentication and session management. These cannot be disabled. Analytics Cookies: Help us understand how the Service is used and identify areas for improvement. We use privacy-respecting analytics that do not track individual users across websites. Preference Cookies: Remember your settings and preferences, such as language and theme choices. We do not use third-party advertising cookies or tracking pixels. We do not participate in cross-site tracking or behavioral advertising. You can manage cookie preferences through your browser settings. Note that disabling essential cookies may prevent you from using certain features of the Service.

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe we have inadvertently collected information from a child under 18, please contact us immediately at [email protected].

The Service is operated from the United States. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States. By using the Service, you consent to the transfer of your information to the United States. We take appropriate measures to ensure that your information receives an adequate level of protection in the jurisdictions in which we process it. For users in the European Economic Area (EEA) or United Kingdom, we rely on Standard Contractual Clauses approved by the European Commission as the legal basis for international data transfers.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by: • Posting the updated Privacy Policy on the Service • Sending an email notification to the address associated with your account • Displaying a prominent notice within the Service The "Last Updated" date at the top of this Privacy Policy indicates when it was last revised. We encourage you to review this Privacy Policy periodically.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: Credence Credit Inc. Email: [email protected] Phone: (888) 555-0199 Address: Miami, FL For data protection inquiries, you may also contact our Data Protection Officer at [email protected]. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.