Privacy Policy

Credify ("we", "us", "our") is the data controller for personal data collected through this platform. For data-related enquiries, contact us at hostmateuk@gmail.com.

Account data: Your name, email address, and password (hashed — we never store your plain-text password).

Profile data: Job title, profile photo, nationality, location, LinkedIn URL, and website URL — all optional, provided by you.

Document metadata: File name, document type, and SHA-256 hash. If you enable public visibility, the document file itself is stored in our secure cloud storage.

Scan analytics: When someone views your verification page, we record the approximate city and country derived from their IP address, and the date/time of the scan. We do not store raw IP addresses.

Payment data: Payment is processed by Stripe. We receive confirmation of payment status and a Stripe customer ID. We do not store your card number or bank details.

Technical data: Basic server logs for security and error monitoring (e.g. request timestamps, browser type). These are deleted after 30 days.

• To provide the Service: Authenticating your account, storing and verifying your documents, generating your public profile page.
• To provide analytics: Showing you scan statistics on your dashboard.
• To process payments: Verifying purchase status and unlocking paid features.
• To keep the Service secure: Detecting fraud, spam, and policy violations.
• To communicate with you: Sending transactional emails (account confirmation, password reset). We do not send marketing emails without your explicit consent.

• Contract performance: Processing necessary to deliver the Service you signed up for.
• Legitimate interests: Security monitoring, fraud prevention, and improving the platform.
• Consent: Optional profile data (photo, LinkedIn, etc.) and public document visibility.
• Legal obligation: Retaining payment records as required by UK tax law.

We do not sell your personal data. We share data only with:

• Supabase: Our database and file storage provider (EU/US data centres — subject to Standard Contractual Clauses where applicable).
• Stripe: Payment processing. Subject to Stripe's own privacy policy.
• Verifiers / Recruiters: When you share your public verification link, third parties can see your name, job title, profile photo, and any documents you have marked as publicly visible.
• Law enforcement: When required by applicable law or court order.

• Account and profile data: Retained while your account is active and for 12 months after deletion, for fraud prevention.
• Document hashes and revocation history: Retained indefinitely for audit integrity (anonymised after account deletion).
• Document files: Deleted within 30 days of account deletion or document revocation.
• Payment records: Retained for 7 years as required by UK HMRC regulations.
• Scan event data: Retained for 2 years, then anonymised.

You have the right to:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Correct inaccurate data — most profile data can be updated directly in your dashboard.
• Erasure ("right to be forgotten"): Request deletion of your account and associated data, subject to legal retention obligations.
• Restriction: Request that we limit processing of your data in certain circumstances.
• Portability: Receive your data in a machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Withdraw consent: For optional data (e.g. public document visibility), you can withdraw consent at any time in your dashboard.

To exercise any of these rights, email hostmateuk@gmail.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Credify uses only essential cookies required for authentication (session tokens). We do not use tracking or advertising cookies. No cookie consent banner is required for essential cookies under UK PECR.

We use industry-standard security measures including encrypted connections (TLS), hashed passwords, row-level database security, and private file storage. Documents are only accessible to the owner and, where explicitly enabled, via time-limited signed URLs. Despite our efforts, no system is completely secure — please use a strong, unique password.

Credify is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If you believe a child has created an account, contact us immediately.

We may update this Privacy Policy. Material changes will be communicated by email or dashboard notice. Continued use after changes constitutes acceptance.

For privacy enquiries, email hostmateuk@gmail.com.