CredaHub Privacy Policy

This Privacy Policy describes how CredaHub and related Creda Network services (“Creda,” “we,” “us,” or “our”) collect, use, and protect information when you visit our websites, use our dashboards, or access our platforms and APIs (collectively, the “Services”).

By using the Services, you agree to the practices described in this Privacy Policy. If you do not agree, you should not use the Services.

1. Information We Collect

A. Information You Provide to Us

We may collect information you provide directly, including:

• Contact details such as name, email address, job title, and organization;
• Information submitted through forms (early access requests, demos, or support inquiries);
• Account registration details if you are provisioned with a login;
• Feedback, survey responses, or other communications you send to us.

B. Information We Process on Behalf of Organizations

CredaHub is designed primarily for use by organizations (such as hospitals, airports, financial institutions, and government agencies) to help manage identity, credentials, and compliance workflows.

In this context, we may process data about individuals (“End Users” or “Credential Holders”) on behalf of those organizations. This may include:

• Basic identity attributes (for example, name, contact details, role, or organizational unit);
• Credential-related details (for example, license type, status, issuing authority, expiry dates, or training completion);
• Metadata associated with verification events, tokens, and access decisions.

When we process such information on behalf of an organization, that organization is typically the data controller, and CredaHub acts as a processor or service provider. Your rights may be exercised through your organization.

C. Information Collected Automatically

When you access the Services, we may automatically collect:

• Log data (IP address, browser type, device information, pages viewed, timestamps);
• Usage data (features used, interaction patterns, error reports);
• Cookie and similar technologies data to help remember preferences and secure sessions.

D. Information from Third Parties

Subject to agreements and applicable law, we may receive information from:

• Identity providers or authentication platforms;
• Verification and background-check partners;
• Credential authorities, licensing boards, or registries;
• Integration partners or your organization’s internal systems.

2. How We Use Information

We use information for purposes including:

• Providing, operating, and improving the Services;
• Enabling identity, credential, and compliance workflows configured by your organization;
• Authenticating users and securing accounts;
• Monitoring and maintaining the security, integrity, and performance of the platform;
• Responding to inquiries, support requests, and feedback;
• Sending administrative and transactional communications;
• Analyzing usage to help guide product improvements;
• Complying with legal obligations and enforcing agreements.

3. Legal Bases (Where Applicable)

Where required by law (for example, in the European Economic Area or the United Kingdom), we process personal data based on the following legal bases:

• Contract: to provide Services under an agreement with your organization;
• Legitimate interests: such as securing the platform, preventing misuse, and improving Services;
• Legal obligations: to comply with applicable laws and regulations;
• Consent: where explicitly required for certain activities (such as specific forms of marketing).

4. How We Share Information

We do not sell personal information.

We may share information with:

• Your organization: to deliver Services and provide dashboards, logs, and analytics;
• Service providers: who assist with infrastructure, hosting, analytics, security, or support;
• Integration partners: when your organization connects third-party systems to CredaHub;
• Authorities or regulators: when required by law or to protect rights, safety, or property;
• Successors: in connection with a merger, acquisition, or similar transaction involving Creda’s assets.

5. Cookies & Similar Technologies

We may use cookies and similar technologies to:

• keep you signed in and secure sessions;
• remember preferences and settings;
• analyze usage trends and improve the platform.

You can control cookies through your browser settings, but disabling certain cookies may affect functionality or security.

6. Data Security

We use technical and organizational measures designed to protect information, which may include encryption, access controls, monitoring, and audit logging.

No system is completely secure. You, your organization, and your users are responsible for:

• using strong access controls and device security;
• protecting passwords, keys, and credentials;
• notifying us promptly of suspected unauthorized access.

7. Data Retention

We retain information for as long as necessary to:

• provide the Services and fulfill contractual obligations;
• comply with legal, regulatory, or audit requirements;
• resolve disputes and enforce agreements;
• support your organization’s retention policies, where applicable.

When data is no longer needed, we may delete, anonymize, or aggregate it in accordance with our policies and any applicable agreements.

8. Your Rights

Depending on your location and applicable law, you may have rights regarding your personal data, such as:

• accessing the data we hold about you;
• requesting corrections or updates;
• requesting deletion or restriction of processing;
• objecting to certain processing activities;
• data portability, where applicable.

When we process your data on behalf of an organization, you may need to direct your request to that organization. We will work with them to address appropriate requests.

9. International Data Transfers

The Services may involve transferring data across borders, including to countries that may not provide the same level of data protection as your home jurisdiction.

Where required, we implement safeguards (such as contractual protections) to help ensure that personal data is appropriately protected.

10. Children’s Privacy

The Services are not intended for direct use by children under 16. We do not knowingly collect personal data directly from children without appropriate authorization.

If you believe a child has provided personal data to us without authorization, please contact us so we can take appropriate steps.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page reflects the most recent changes.

Material changes will be communicated through the Services or other appropriate channels. Continued use of the Services after changes become effective constitutes your acceptance of the updated Policy.

12. Contact Us

If you have questions about this Privacy Policy or how we handle personal data, you can contact us at:

Creda Technologies
Email: privacy@credahub.com
Address: [Insert your business address here]