Privacy Policy
CredX Tech Inc. - Protecting Your Privacy
1. Overview
CredX Tech Inc. ("CredX", "we", "our", or "us") is committed to protecting your privacy and handling your personal data with transparency, integrity, and accountability. This Privacy Policy describes how we collect, use, disclose, retain, and protect your information when you interact with our platform, use our services, or engage with us as a merchant, lender, or end-user.
We comply with applicable data protection laws in the jurisdictions in which we operate, including but not limited to:
- PIPEDA, Quebec's Law 25, and other provincial privacy laws in Canada
- CCPA, CPRA, GLBA, and sectoral U.S. regulations
- GDPR and its equivalents internationally
Your continued use of our services constitutes acceptance of this Privacy Policy.
2. Scope
This policy applies to all personal information we collect, whether:
- You are a consumer using CredX's platform
- You are a lender or merchant integrated with our services
- You are browsing our website or mobile application
- You engage with our marketing, support, or product teams
This policy does not apply to anonymized or aggregated data that cannot reasonably identify an individual.
3. What Personal Information We Collect
We collect personal information directly from you, automatically through your use of the services, and from third parties, including identity verification and financial institutions.
a. Information You Provide
- Name, address, email, phone number
- Government-issued ID, date of birth, SIN/SSN (where legally required)
- Income and employment information
- Banking and payment information
- Consent confirmations (e.g., lending agreement acceptance)
b. Automatically Collected Information
- IP address, browser, and device type
- Geolocation data (with user permission)
- Login timestamps, usage patterns, device fingerprinting
- Cookies and pixel data (see Section 12)
c. Information from Partners
- Credit score and credit bureau data
- Merchant transaction history
- Financial behavior patterns (spending, repayment, defaults)
- Identity and business verification data (KYB/KYC)
4. Why We Collect Personal Information
We collect your personal information for the following purposes:
| Purpose | Legal Basis (Canada, U.S., EU) |
|---|---|
| Verifying identity and performing KYC | Legal obligation; consent; contract performance |
| Enabling personalized credit & lending offers | Consent; legitimate interest; contract performance |
| Processing payments and managing accounts | Contract performance |
| Fraud detection, risk analysis, and compliance | Legal obligation; legitimate interest |
| Improving our platform and analytics | Legitimate interest; consent (for cookies, profiling) |
| Marketing communications and promotions | Consent; legitimate interest (where lawful) |
| Legal defense, dispute resolution, audits | Legal obligation; legitimate interest |
5. Consent Management
We follow opt-in consent standards where required and provide clear mechanisms for consent withdrawal.
- Explicit consent is requested before processing sensitive data or sharing with partners.
- Implied consent may apply where the context reasonably requires data processing for services you've requested.
- Opt-out options are provided for marketing and non-essential data uses.
You can withdraw consent at any time via account settings or by contacting privacy@credx-tech.com. Withdrawal may affect your eligibility for services or rewards.
6. Disclosure and Sharing of Personal Information
We do not sell your personal information.
We may share your personal information with the following categories of third parties, with appropriate safeguards:
| Recipient | Purpose |
|---|---|
| Lenders | To provide tailored credit offers with your explicit consent |
| Merchants | To enable smart discounts and rewards programs |
| Service Providers | Identity verification, cloud hosting, analytics, marketing, and payments |
| Affiliates/Subsidiaries | For internal purposes aligned with this policy |
| Regulators & Authorities | To comply with AML, tax, or legal obligations |
| Legal/Professional Advisors | In connection with audits, investigations, or litigation support |
All partners and vendors are bound by confidentiality agreements and data protection clauses and must meet equivalent data security standards.
7. International Data Transfers
Your personal information may be stored or processed outside your province, state, or country of residence. We ensure that cross-border data transfers:
- Comply with PIPEDA, GDPR (via SCCs), CCPA, or other applicable transfer mechanisms
- Are made only to jurisdictions with adequate protections or under binding contracts
- Are documented in our Record of Processing Activities (ROPA)
8. Data Retention & Storage
We retain personal data only for as long as necessary to:
- Provide services and maintain records of transactions
- Comply with legal, tax, and regulatory obligations (e.g., 7 years for lending documentation)
- Protect our legal rights or resolve disputes
We securely delete or anonymize data that no longer has a lawful or business purpose.
9. Your Rights
Depending on your jurisdiction, you may exercise the following rights:
| Canada (PIPEDA) | USA (CCPA/CPRA) | EU (GDPR) |
|---|---|---|
| Access | Access | Access |
| Correction | Correction | Rectification |
| Consent withdrawal | Deletion | Erasure |
| Filing complaints | Opt-out of sale | Portability |
| Limit use of sensitive data | Object/Restrict Processing |
To exercise these rights, please contact privacy@credx-tech.com. We will respond within legally required timeframes.
10. Security & Safeguards
We take the security of your data seriously. Measures include:
- AES-256 encryption for data at rest and TLS encryption in transit
- Secure APIs with role-based access and tokenization
- Multi-factor authentication for internal and external access
- Real-time monitoring, anomaly detection, and incident response
- Independent audits, vulnerability testing, and SOC 2/ISO 27001 frameworks
- Annual employee security & privacy training
11. Automated Decision-Making & Profiling
CredX may use algorithms to:
- Assess creditworthiness
- Generate loan recommendations
- Detect suspicious behavior
You have the right to request human intervention, contest decisions, and obtain an explanation of logic used, where required by law (e.g., GDPR, EU AI Act). We do not engage in profiling that produces significant legal effects without appropriate safeguards.
12. Cookies & Tracking
We use cookies and similar technologies to:
- Improve user experience
- Analyze performance and traffic
- Deliver relevant content and offers
You may control cookie settings through your browser or platform preferences. For EU visitors, we comply with ePrivacy and offer a Cookie Consent Banner with opt-in options. For detailed information about our cookies, please see our Cookie Information page.
13. Children's Privacy
CredX does not knowingly collect personal data from children under the age of 18. If you believe we have inadvertently collected such data, please contact us to have it deleted.
14. Changes to this Policy
We may update this Privacy Policy from time to time. If material changes are made, we will:
- Notify you by email or in-app message
- Update the "Last Updated" date at the top
- Provide a 30-day review period if legally required
15. Contact Us
If you have questions about this Privacy Policy or your personal information, please contact:
CredX Tech Inc.
Attn: Data Protection Officer
Email: privacy@credx-tech.com
Address: Suite 159, #406, 917-85 St. SW Calgary, AB T3H 5Z9
You may also contact:
• The Office of the Privacy Commissioner of Canada (www.priv.gc.ca)
• Your local Data Protection Authority if you are in the EU
• The California Attorney General (www.oag.ca.gov/privacy) if applicable