Privacy Policy

This Privacy Policy statement is made by the Credenti Group consisting of all the entities listed here (collectively, "Credenti", "we", "us" or "our"). (collectively, "Credenti", "we", "us" or "our").

Introduction

Credenti LLC. (“Credenti,” “we,” “us,” or “our”) provides secure identity, access management, and user authentication solutions, employing industry-standard protocols such as AES encryption, multi-factor authentication (MFA), and compliance with FIDO2 standards to institutional organizations for their internal and external applications. This Privacy Policy (“Policy”) explains who we are and describes our practices regarding the collection, sharing, and use of personal data from visitors to our website at www.credenti.com (including its subdomains, such as our blog, collectively the “Site”) and users of our mobile, desktop, and web applications (each an “App” and collectively the “Apps”). The Apps are available through the Site and third-party sellers like the Google Play and Apple App Store (collectively, “App Store”). Together, the Site and Apps constitute the “Services.” Capitalized terms used but not defined in this Policy have the meanings provided in our Terms of Service (the “Terms”).

At Credenti, we believe that the less information we have about you, the better. We understand that when you use our Services, you trust us to protect your personal data responsibly, and we are committed to complying with relevant privacy laws, including GDPR (General Data Protection Regulation, a European Union privacy law), CCPA (California Consumer Privacy Act, a privacy law for California residents), and other applicable regulations. This trust underpins our commitment to a straightforward and transparent approach to data protection. We encourage you to read this entire Policy to fully understand our practices. By accessing or using any part of our Services, you indicate your acceptance of the current version of this Policy and all applicable terms found within our Systems. If you do not agree with this Policy, please do not use our Services, websites, applications, or purchase any Credenti products either directly or through our partners.

Roles and Responsibilities

Credenti’s Role as Controller and Processor:

Credenti generally acts as a controller of Personal Data, determining how and why your Personal Data is processed, except when processing data solely as a processor or service provider on behalf of our customers. In such cases, customers control data collection and usage, and are responsible for privacy compliance. For data collected by a customer, direct inquiries to that customer.

Privacy Officer:

  • Ensures Credenti’s compliance with applicable privacy laws and regulations.
  • Oversees and conducts privacy impact assessments.
  • Manages privacy incidents and responds to inquiries related to Personal Data protection.

Employees and Contractors:

  • Follow privacy guidelines as outlined in Credenti’s internal policies.
  • Report any suspected or confirmed privacy breaches immediately.
  • Access and handle Personal Data only as required by their specific role.

Third-Party Vendors and Partners:

  • Adhere strictly to contractual privacy obligations.
  • Maintain compliance with applicable privacy standards and laws.
  • Promptly report any data privacy incidents or concerns to Credenti.

Customers and Users:

  • Protect their authentication credentials and access methods provided by Credenti.
  • Promptly notify Credenti of unauthorized access or any suspected compromise of their accounts or data.

Our Privacy Principles

Credenti was founded on the belief that user privacy is non-negotiable. We collect only what’s necessary, never sell your information, and don’t profit from ads—period. Our business model is intentionally structured to avoid those conflicts of interest. This approach is woven into our products, practices, and policies—because respecting privacy isn't just a legal requirement; it’s the right thing to do.

  • Reliability and Confidentiality: We process Personal Data reliably and confidentially. Each individual's right to data protection is important to us, and we implement appropriate measures such as data encryption, secure storage solutions, controlled access, and regular security assessments to safeguard your Personal Data. We consistently evaluate and address potential risks associated with data processing to maintain the highest standards of reliability and confidentiality.
  • Privacy by Design: Privacy is integral to our Services. We proactively incorporate privacy considerations into product and service development rather than treating them as secondary concerns. Compliance with our privacy standards is embedded into daily operations and development practices.
  • Employee Responsibility: We continuously train and instruct our employees to understand and uphold our privacy commitments.
  • Lawful and Purposeful Processing: We clearly define and strictly adhere to lawful purposes when processing Personal Data. We avoid collecting or processing unnecessary data. Any unnecessary data presented during service provision is promptly deleted, blurred, or rendered unreadable.
  • Transparency and Fairness: We process Personal Data transparently, securely, fairly, and lawfully to prevent unauthorized disclosure or misuse.
  • Limited Data Retention: Personal Data is retained only as long as legally required or necessary, typically up to five years post-account termination.
  • Data Minimization: We ensure the Personal Data processed is strictly limited to what is necessary to achieve its intended purpose.

Information We May Collect About You

This Privacy Policy applies to the processing of Personal Data that we collect in the following ways, as detailed in this section.

We collect information about you when you provide it to us, when you interact with our products and services, websites, and electronic systems, when you attend events and visit our offices, and when other sources provide it to us, as further described below.

Based on our current practices, we collect the following categories of information about you:

Information You Provide

We collect information directly from you when you register or subscribe specifically to services such as our 'Credenti Verify' product, submit forms, upload documents, or communicate with us through support channels. Examples include:

  • Contact Information: Name, email address, phone number.
  • Credentials and Authentication Data: Multi-factor authentication details, biometric data (such as face scans or fingerprints), which is only collected when you specifically use or subscribe to the 'Credenti Verify' product, and identification documentation (e.g., driver's licenses, passports).
  • Professional and Community Data: Job title, company affiliation, community usernames, biographical details.
  • Testimonials: If you voluntarily provide a testimonial, quote, or review about Credenti or our services, we may collect and publish your name, title, organization, photo, video, or other identifying information with your permission. Testimonials are used for promotional or informational purposes in accordance with applicable laws.
  • Contract Data: We may receive contract details (like signatures) from you or your organization, including Personal Data such as name and billing address, in connection with our products and services.
  • Audio, Electronic, or Visual Data: If you attend our in-person or virtual event or agree to be recorded in a telephone or video meeting, we may record some or all of that event or meeting. For events, we may document the event in various ways, such as by taking photos, interviewing you, or recording your participation in interactive sessions. We use this information for business and marketing purposes, to better inform the public about Credenti, its events, and to provide testimonials about our products and services, to the extent permitted by applicable law.
  • Job Application Data: Educational background, employment history, resumes, government-issued identifiers, and sensitive information provided during recruitment.

Data Obtained from Third Parties

Credenti securely integrates with customers' identity management systems, such as cloud-based Identity Providers (IDP) via the System for Cross-domain Identity Management (SCIM) protocol or on-premises directories, to retrieve user profile information such as names, email addresses, user roles, department affiliations, and authentication status, necessary to deliver and support the services and features purchased by customers.

We may receive additional information about you from third-party sources, such as:

  • Business Partners and Resellers: To enhance or verify your service experience.
  • Social Media Networks: Publicly available information or data shared through integrations.
  • Public Databases and Marketing Partners: To supplement or update information we already hold about you.

We collect sensitive data only after providing appropriate notice or obtaining confirmed consent, depending on applicable laws in your jurisdiction.

Biometric Data (“Credenti Verify” Services)

In connection with our Credenti Verify services, we may collect, capture, receive, or otherwise obtain biometric identifiers about you (collectively, "Biometric Data"). Specifically, this includes:

  • Face geometry
  • Voice prints
  • Voice matching
  • Video and audio footage
  • Identification documentation, such as driver's licenses or passports.

We collect Biometric Data only if you explicitly subscribe to or purchase our Credenti Verify service. Biometric Data is used strictly for identity verification purposes and handled in compliance with applicable privacy laws, maintaining rigorous security and confidentiality measures at all times. We do not store Biometric Data longer than necessary to perform verification and comply with legal obligations.

Data Collected Automatically by Credenti Services

We automatically log certain information about your computer or mobile device when you access Credenti Products & Services. This information includes:

  • Device and Technical Information: Operating system name and version, device identifier, browser type, browser language, geolocation, and IP address. This information is collected whenever a user interacts with our products installed on your endpoints, ensuring we continuously enhance user experience and maintain service security.
  • Usage Data: Details of your interactions within our platforms, accessed content, and feature usage patterns. We may also collect data about your use of our portals, websites, applications, products, and services, including data regarding service configurations, support data, operational data, log data, logs of your usage and click activities, logs about your login history, identity confirmation, and performance results for the hosted Service. Credenti uses Usage Data to:
    • Analyze usage trends
    • Detect, investigate, and combat fraud, security incidents, and cyber-attacks
    • Improve overall security posture of the Credenti platform
    • Improve service and product functionality
  • Bug, Error, and Crash Reports: We may collect data about any problems you experience with our websites, admin portals, applications, and products and services, including bug, error, and crash reports, which can include Device Data, location data, Usage Data, and user data at the time of the bug, error, and/or crash.

Cookies

We may collect metadata about you, including technical data about your performance or use of our website, products, and services. One common technology we use to collect metadata that may be considered Personal Data is our use of cookies. Cookies are small text files that are placed on your web browser and help us recognize your browser or device as a unique visitor in different ways based on the type of cookie. The three main types of cookies are:

  • Essential cookies: Essential cookies are required for website functionality and security. For example, authentication, security, and session cookies may be required for our website or products to work.
  • Functional cookies: We use functional cookies to help enhance our websites’ performance, for market research, or other analytics or advertising that is not tied to a specific individual. For example, we may use Google Analytics to help us track how many individuals visited our websites. We may also utilize HTML5 local storage cookies for the reasons described in this section. These types of cookies are different from browser cookies in the amount and type of data they store and how they store it.
  • Performance cookies: We use performance cookies to to monitor website visits and traffic sources so we can measure and improve the performance of our Sites. They help us find out which pages visitors go to most often and understand how visitors navigate our Sites. All the information in these cookies collect is in aggregate form and therefore anonymous.
  • Targeting or advertising cookies: We use targeting and advertising cookies to help us understand our marketing efforts and to reach potential customers across the web. For example, we contract with third-party advertising networks that may track your activity over time and across different channels, including our websites, email activity, and other websites and applications that display advertisements. They may use this tracking information to understand and predict your interests, to display an advertisement for Credenti on another website, or email you with a marketing communication for Credenti products.

Use of Artificial Intelligence (AI)

Credenti incorporates artificial intelligence (AI) technologies in its services to enhance security, improve user experience, facilitate efficient identity verification, and proactively detect and prevent fraudulent activities and security anomalies. Our AI-driven capabilities include:

  • Q&A Assistance: AI-powered virtual assistants handle customer inquiries, improving response times and accuracy. These interactions are analyzed to continuously improve our knowledge base and user support experience.
  • Anomaly Detection: AI algorithms monitor user activities, authentication events, and usage patterns in real-time to identify unusual behaviors indicative of potential security threats, fraud, or unauthorized access attempts.
  • Identity Verification: Utilizing biometric data analysis, our AI services enhance the accuracy and reliability of identity verification processes.

We implement stringent privacy measures when utilizing AI, including robust data anonymization, secure handling protocols, continuous algorithmic monitoring, and regular compliance assessments to mitigate bias and adhere strictly to applicable privacy legislation.

When AI-based automated decisions significantly impact users, Credenti commits to transparency by providing clear explanations of decision-making processes and outcomes. Users retain the right to request human intervention for automated decisions that materially affect their access or use of Credenti services. Credenti adheres rigorously to ethical standards, prioritizing transparency, accountability, fairness, and the protection of user privacy.

User-submitted prompts or questions directed to Credenti’s AI systems are securely retained for a period of up to 30 days. After this period, data is deleted from active storage but may temporarily persist within secure backups or archives. Customers may request permanent deletion of their data at any time by contacting our privacy team. Stored prompts and interaction data are kept confidential, isolated per customer, and accessed strictly on a need-to-know basis for purposes of service delivery, quality assurance, customer support, and service enhancement.

Aggregated insights from commonly asked questions may inform updates to Credenti’s general product FAQs and documentation, benefiting all users collectively. Individual customer prompts remain confidential, securely stored, and are never directly shared with other customers or unauthorized third parties. Credenti explicitly does not utilize any customer-submitted prompts or data to train, refine, or enhance AI models.

Links to Third-Party Sites

The System may contain links to other websites or media not operated or controlled by Credenti. These links are provided as a convenience to the visitors of the System. Since Credenti does not operate or control linked websites or media, Credenti cannot be responsible for the personal information collection and use policies of such linked websites or media. Therefore, you should review the privacy policy of linked websites or media prior to use or giving personal information.

For example, chat rooms, forums, message boards, links to third-party websites or mobile applications (including social media websites and mobile applications), and/or news groups may be available through the System. While Credenti will only use and disclose the Collected Data as set forth herein, any information disclosed in these areas is or may be deemed public information, and you must exercise caution and discretion when deciding to disclose personal and non-personal information.

Additionally, please keep in mind that if you directly disclose Personal Data or personally sensitive data through your home page, linked sites, or other public forums, this information may be collected and used by others. Credenti encourages all users to review the privacy statements of websites and/or mobile applications you choose to link to from the System so that you understand how those third parties collect, use, and share information about you and/or your electronic devices. Credenti is not responsible for the data collection, data usage, privacy statements, or content on other websites, applications, or other solutions.

Security & Safeguarding

Security is a critical priority for Credenti. We maintain a comprehensive security program that contains industry-standard administrative, technical, and physical safeguards designed to prevent the loss or theft and unauthorized access, use, disclosure, or alteration of Personal Data. We follow industry best practices and standards to ensure the confidentiality, integrity, and availability of your data. Our security measures include but are not limited to:

  • Encryption: We employ encryption techniques to safeguard your data during transmission and storage.
  • Access Control: We restrict access to Personal Data to authorized personnel only, ensuring that it is accessible on a need-to-know basis.
  • Regular Audits: We conduct regular security audits and assessments to identify and address any vulnerabilities or risks.
  • Employee Training: Our employees undergo comprehensive data protection training to ensure they understand the importance of data security and privacy.

We are committed to continuously enhancing our security practices and staying up to date with the latest industry standards to provide a secure environment for your Personal Data.

While we strive to protect your Personal Data, no method of transmission or storage is 100% secure. Therefore, we cannot guarantee absolute security. If you have any concerns about the security of your data, please contact us using the contact information provided in this Privacy Notice.

However, no security system is perfect, and due to the inherent nature of the Internet, we cannot guarantee that data, including Personal Data, is absolutely safe from intrusion, alteration, disclosure, and/or other impermissible uses, and Credenti is not responsible for such unauthorized access or other impermissible uses by others. You are responsible for protecting your password(s) and other authentication factors, as well as maintaining the security of your devices.

Your Rights

Under certain circumstances, you have the rights under data protection laws in relation to your Personal Data. These include the right to:

  • Request access to your Personal Data.
  • Request correction of your Personal Data.
  • Request erasure of your Personal Data.
  • Object to processing of your Personal Data.
  • Request restriction of processing your Personal Data.
  • Request transfer of your Personal Data.
  • Right to withdraw consent.

Opt Out

From time to time, you may receive periodic mailings, telephone calls, or emails from Credenti with news or other information on Credenti Products and/or Services. If at any time you wish to stop receiving emails or mailings, please send us an email to privacy@credenti.com with the phrase “Privacy Opt-out: Credenti, Mailings” in the subject line, or write to us at 5177 Richmond Ave, STE 1160, Houston, TX 77056, and we will process your opt-out request. Alternatively, for email communications, you may opt out of receiving such communications by following the unsubscribe instructions set forth at the bottom of most e-mail messages from Credenti.

If you wish to exercise rights you may have under the California Consumer Privacy Act or other similar laws which may apply to you, to have your information opted out of the sale of Collected Data by Credenti, or to request the deletion of your information from the Collected Data, please send us an email to privacy@credenti.com with the phrase “Privacy Opt-out: Credenti, Notice of Opt-Out” in the subject line, or write to us at 5177 Richmond Ave, STE 1160, Houston, TX 77056, and we will process your opt-out request. In processing your request, Credenti reserves all obligations and rights it has to maintain your information as necessary for compliance with the laws of the jurisdictions in which it operates.

In the event that Credenti wishes to transfer or release your Personal Data to a third party in a manner not set forth in this Policy, Credenti shall inform you prior to such transfer or release and provide you with the ability to opt out of such transfer or release of Personal Data. Please contact Credenti at privacy@credenti.com if you have any questions as to how to opt out of any specific disclosures or any marketing or other programs.

EU-US and Swiss-US Data Privacy Framework

We comply with the EU-US and Swiss-US Data Privacy Frameworks (DPF) and the UK Extension to the EU-U.S. DPF as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from the EEA, Switzerland, and the UK, respectively.

Credenti adheres to the Department of Commerce Data Privacy Framework Principles and remains responsible for any of your personal information that is shared under the Onward Transfer Principle with third parties for external processing on our behalf, as described in the “Collection and Usage” section of our Privacy Policy.

If you have any inquiries or complaints about our handling of your personal information under the Data Privacy Framework, or about our privacy practices generally, please contact us at: privacy@credenti.com. We will respond to your inquiry promptly. If dispute resolution does not resolve your complaint, you may pursue binding arbitration through the Data Privacy Framework Panel.

Measures to Safeguard Children

Credenti Products and Services are not directed or intended for the use of children or users under the age of 18. Credenti encourages parents and guardians to spend time with their children online and to be fully familiar with the websites and other software visited by their children. Credenti does not knowingly collect or maintain personal information from children under 18 years of age. If Credenti learns that Personal Data of a child under 18 years of age has been collected, Credenti will take steps to delete the information as soon as possible. If you are under 18 years of age or the proper legal age, you are not allowed to use or access the System at any time or in any manner, and any such use is unauthorized.

If you believe that a child under 18 may have provided Credenti Personal Data, please contact us at privacy@credenti.com.

Governing Law/Claims

This Policy, the System, and any claim associated with, related to, or arising from the Policy and/or System are governed by the law of the State of Texas within the United States. Any claim associated with, relating to, or arising from this Policy or the System shall be brought in a federal or state court in Harris County, Texas within one year after the claim arises. You hereby affirm your consent to the sole and exclusive jurisdiction of the courts located in Harris County, State of Texas as the most convenient and appropriate forum for the resolution of disputes concerning this Policy or System. The System is controlled, operated, and administered entirely within the United States. Use of the System from locations outside the United States where these practices are illegal or violate any law is prohibited.

Changes to this Policy

Credenti and its subsidiaries reserve the right to change or modify this Policy, including, without limitation, to reflect company and user feedback or changes in applicable law. Please revisit this Policy periodically for changes and updates. If Credenti refuses access to you, Credenti may provide you with the reasons for such refusal upon request; provided, however, that Credenti™ reserves the right to refuse to give a reason for such refusal, including, without limitation, where such information contains references to other individuals, such information cannot be disclosed for legal, security, or commercial reasons, or the information is subject to attorney-client or litigation privilege. Your continued use of the System constitutes your consent to any and all such changes.

Contact Information

Questions about this Policy should be directed to privacy@credenti.com or by writing to us at 5177 Richmond Ave, STE 1160, Houston, TX 77056. Please note that email communications may not be secure. Accordingly, you should not include personal or other sensitive information in your email correspondence to us.