CredentialShare logo

Privacy Policy

Last updated: December 12, 2025

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

We use Your Personal Data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

The words whose initial letters are capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

  • Account means a unique account created for You to access our Service or parts of our Service.

  • Affiliate means an entity that controls, is controlled by, or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.

  • Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to CredentialShare.

  • Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.

  • Customer means the individual or legal entity that creates credential request forms using the Service.

  • Respondent means an individual who submits information through a credential request form created by a Customer.

  • Customer Content means the content, files, text, credentials, form responses, and other information submitted to or through the Service by Customers and Respondents.

  • Device means any device that can access the Service such as a computer, a cell phone or a digital tablet.

  • Personal Data is any information that relates to an identified or identifiable individual.

  • Service refers to the Website and the SaaS application.

  • Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service, or to assist the Company in analyzing how the Service is used.

  • Single Sign-On (SSO) means authentication methods that allow You to sign in using credentials from a third-party identity provider (for example, SAML or OAuth-based sign-in).

  • Subscription means a recurring, paid plan that provides access to paid features of the Service.

  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

  • Website refers to CredentialShare, accessible from https://credentialshare.com.

  • You means the individual accessing or using the Service, whether as a Customer, Respondent, or on behalf of a company or other legal entity, as applicable.

Scope and Roles (Customer Content)

CredentialShare provides tools that allow Customers to create credential request forms and collect responses from Respondents.

  • When You are a Customer: We process Account information and Service usage information to provide the Service to You. We also process Customer Content that You create, upload, or receive.

  • When You are a Respondent: information You submit through a form is typically processed by Us on behalf of the Customer who created that form. The Customer is responsible for how they collect and use that information. If You have questions about a specific form, please contact the Customer directly.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

  • Email address

  • First name and last name

  • Organization / company name (if provided)

  • Authentication identifiers (e.g., user ID, session identifiers)

  • SSO data (if You use SSO), such as an identifier from Your identity provider, email, name, and (where provided) organization/workspace attributes

  • Customer Content (e.g., form fields, form responses, uploaded files, and messages), which may include Personal Data depending on what Customers and Respondents submit

  • Usage Data

Payment and Subscription Data

If You purchase a Subscription, payments are processed by our third-party payment processor, Stripe. We do not store full payment card numbers on our servers. We may receive and store limited information about transactions, such as billing contact details, the last four digits of a card, card brand, and transaction identifiers, as provided by Stripe.

Usage Data

Usage Data is collected automatically when using the Service.

Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device's unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies We use include beacons, tags, and scripts to collect and track information and to improve and analyze Our Service.

  • Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service.
  • Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company to count users who have visited those pages or opened an email and for other related statistics.

We may use the following categories of cookies:

  • Necessary / Essential Cookies

    Purpose: essential to provide core functionality (e.g., login, security, fraud prevention, and session management).

  • Preferences / Functionality Cookies

    Purpose: remember choices such as language, settings, and other preferences.

  • Analytics Cookies

    Purpose: help us understand how the Service is used so we can improve it. We may use Google Analytics or other analytics tools for these purposes.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

  • To provide and maintain our Service, including to monitor usage and troubleshoot issues.

  • To manage Your Account, including authentication and access management (including SSO where enabled).

  • To provide and support Customer Content workflows, including creating forms, delivering requests, receiving responses, and allowing Customers to view and manage responses.

  • For the performance of a contract, including providing paid features, billing, and Subscription administration.

  • To send transactional communications, such as account verification, password resets, security notices, product/feature updates, billing notices, receipts, and messages required to deliver the Service.

  • To send promotional emails (optional), such as newsletters and marketing communications, where You opt in (and where required by law, with Your consent). You can opt out at any time using the unsubscribe link in the email or by contacting Us.

  • To improve our Service, including analytics, product development, and measuring performance and reliability (for example, using Google Analytics or similar tools).

  • To manage Your requests, including support inquiries and administrative communications.

  • For security and fraud prevention, including monitoring for suspicious activity and protecting the integrity of the Service.

  • To comply with legal obligations and enforce our agreements and policies.

Service Providers and Third Parties

We may share Your personal information in the following situations:

  • With Service Providers to operate the Service (for example, authentication/user management, hosting, storage, analytics, customer support, and email delivery). These providers are authorized to process Personal Data only as necessary to provide services to Us.

  • Authentication and Account Management: We use Clerk to help store and manage Account and authentication information (including SSO, if enabled).

  • Payments: Subscriptions are processed through Stripe. Stripe may process Your payment information according to its own privacy practices.

  • Analytics: We may use analytics providers (such as Google Analytics) to help us understand how users interact with the Service and improve our offerings.

  • With Customers (Form Owners): If You are a Respondent, the Customer who created the form will receive the information You submit, and their privacy practices may apply.

  • For business transfers: We may share or transfer Your information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business.

  • For legal reasons: We may disclose information if required by law or in response to valid requests by public authorities.

  • With Your consent: We may disclose Your information for any other purpose with Your consent.

Retention of Your Personal Data

We will retain Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy, including to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements.

Customer Content is retained according to the Customer's configuration and actions (e.g., deletion) and our operational needs. We may retain certain information where required or permitted by law or for legitimate business purposes (e.g., security, fraud prevention, backups, and dispute resolution).

Transfer of Your Personal Data

Your information may be processed in locations where We or our Service Providers operate, including outside Your state, province, or country, where data protection laws may differ.

Where required, we use appropriate safeguards for international transfers (for example, contractual protections).

Delete Your Personal Data

You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You, subject to certain legal exceptions.

You may be able to delete or update certain information from within the Service. You may also contact Us to request access to, correct, or delete Personal Data.

Please note that We may need to retain certain information when we have a legal obligation or lawful basis to do so.

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other legal requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

  • Comply with a legal obligation
  • Protect and defend the rights or property of the Company
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of Users of the Service or the public
  • Protect against legal liability

Security of Your Personal Data

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially reasonable means to protect Your Personal Data, We cannot guarantee its absolute security.

Email Communications

We send transactional emails that are necessary to provide the Service (for example, security alerts, verification, receipts, and important account notices). You generally cannot opt out of transactional emails, because they are essential to the Service.

We may also send promotional emails if You opt in (and where required, with Your consent). You can opt out of promotional emails at any time using the unsubscribe link in the email or by contacting Us.

Analytics

We may use Google Analytics and/or other analytics tools to help us understand usage of the Service and improve performance. These tools may use cookies or similar technologies and may collect information such as IP address, device identifiers, and usage events.

Depending on Your location, You may have the ability to control analytics cookies through browser settings, device settings, or cookie preference tools (where available).

Payments

If You purchase a Subscription, payments are handled through Stripe. Stripe may collect and process payment information according to its own privacy policy. We do not store full payment card numbers on our servers.

Children's Privacy

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Your Privacy Rights

GDPR (EEA/UK Users)

If You are located in the European Economic Area (EEA) or the United Kingdom, You may have certain rights under the GDPR (and UK GDPR), including the right to access, rectify, delete, restrict processing, object to processing, and data portability. You also have the right to withdraw consent where processing is based on consent, and the right to lodge a complaint with a supervisory authority.

We generally process Personal Data under the following legal bases (as applicable):

  • Contract (to provide the Service and administer Subscriptions)
  • Legitimate interests (to secure, maintain, and improve the Service, and prevent fraud)
  • Consent (for optional promotional emails and certain cookies/analytics where required)
  • Legal obligation (to comply with applicable laws)

California Privacy Rights (CCPA/CPRA)

If You are a California resident, You may have rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), including:

  • The right to know what personal information we collect, use, disclose, and share
  • The right to access and receive a copy of personal information
  • The right to delete personal information (subject to exceptions)
  • The right to correct inaccurate personal information
  • The right to opt out of the sale or sharing of personal information (if applicable)
  • The right to limit the use and disclosure of sensitive personal information (if applicable)
  • The right not to receive discriminatory treatment for exercising your rights

Categories of Personal Information (Collected in the Prior 12 Months)

Depending on how You use the Service, we may collect the following categories of personal information:

  • Identifiers (e.g., name, email address, account IDs, IP address)
  • Internet or network activity (e.g., usage events, pages viewed, interactions, device identifiers)
  • Customer Content submitted through forms (which may include identifiers and other information provided by Customers/Respondents)
  • Commercial information (e.g., subscription status and transaction identifiers)
  • Sensitive personal information may be included in Customer Content depending on what Customers and Respondents submit. We use such information only as necessary to provide the Service and for security, compliance, and fraud prevention.

Sale / Sharing

We do not sell personal information. We do not share personal information for cross-context behavioral advertising in the manner contemplated by the CCPA/CPRA.

How to Exercise Your California Rights

You (or your authorized agent) may submit a request by contacting us at support@credentialshare.com. We may need to verify your identity before completing your request.

Global Privacy Control (GPC)

Where required by applicable law, we treat user-enabled global privacy controls (such as the Global Privacy Control signal) as a valid request to opt out of the sale or sharing of personal information.

CalOPPA (California Online Privacy Protection Act) Disclosures

CalOPPA requires us to disclose how we respond to Do Not Track (DNT) signals.

  • Do Not Track Signals: At this time, our Service does not respond to browser "Do Not Track" signals.

  • Third-Party Tracking: Some third parties (such as analytics providers) may use cookies or similar technologies to collect information about your online activities over time and across different websites or online services when you use our Service.

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, You can contact us: