Last Updated: 24/07/2025
CredIssuer (“we,” “our,” or “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy outlines how we collect, use, disclose, and protect your information when you access or use the CredIssuer platform and related services (the “Services”).
1. Who We Are
CredIssuer is a digital identity and verifiable credentials platform designed to help organizations issue, manage, and verify credentials in a secure and privacy-conscious manner.
We are committed to maintaining high standards of data privacy and security. We are actively pursuing SOC 2 and ISO 27001 certifications as part of our broader commitment to industry best practices in information security.
2. What Data We Collect
Depending on how you use CredIssuer, we may collect the following types of data:
a. Personal Data
- Name, email address, organization details
- User IDs or identifiers tied to credential issuances
- Contact or profile information (for admin users)
b. Credential Metadata
- Credential types, schemas, and issuer/holder identifiers
- Revocation status
- Timestamps and verification logs (not content of credentials)
c. Technical Data
- IP address
- Browser type and version
- Device identifiers
- Usage logs and diagnostics
3. How We Use Your Data
We use your data to:
- Provide and improve the Services
- Issue and manage verifiable credentials
- Respond to support or technical requests
- Comply with legal or regulatory obligations
- Monitor security and detect misuse or fraud
4. Legal Basis for Processing
We process personal data based on:
- Your consent (where required)
- Performance of a contract (e.g., to deliver our Services)
- Compliance with legal obligations
- Legitimate interests, including platform security and usage analytics
5. Sharing and Disclosure
We do not sell your data. We may share data only when necessary:
- With verified service providers under strict confidentiality
- To comply with legal requirements (e.g., subpoenas or court orders)
- With your explicit consent
- During a merger, acquisition, or reorganization
6. Data Retention
We retain personal data only as long as necessary for the purposes stated above or as required by law. Credential-related data is retained in line with issuer configurations and legal guidelines.
7. Security Practices
We implement reasonable administrative, technical, and organizational safeguards to protect personal data from unauthorized access or disclosure.
We are actively pursuing SOC 2 and ISO 27001 certifications to align with internationally recognized standards in data privacy and information security. These efforts reflect our commitment to building a secure and trustworthy credentialing platform.
8. International Data Transfers
If you are located outside of our primary operating region, your data may be transferred and processed in other countries. We implement safeguards such as Standard Contractual Clauses (SCCs) where applicable.
9. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access your personal data
- Correct or update inaccuracies
- Request deletion
- Withdraw consent (where applicable)
- Lodge complaints with a supervisory authority
To exercise these rights, please contact us at [privacy@credissuer.com].
10. Cookies and Analytics
CredIssuer may use cookies or similar technologies to enhance user experience and track platform usage. You can control cookie preferences via your browser settings.
11. Third-Party Links
Our Services may include links to external services not operated by us. We are not responsible for the privacy practices of those sites.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last Updated” date. Significant changes may also be communicated directly via email or in-app notice.