Privacy Policy
Last Updated: 20/02/2026
1. Introduction
Welcome to Credia. We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website or use our SaaS platform, and tell you about your privacy rights.
2. Data Controller
Credia is operated by Credia Inc. For any privacy-specific inquiries, please contact us at support@crediaops.com.
3. Types of Data Collected
We collect the following types of information:
- Account Data: Name, email address, and billing information required to set up your account.
- Profile Data: Avatar, preferred language, timezone, and job role.
- Content Data: SOPs, articles, guidelines, audio and video recordings uploaded to the platform. You act as the controller for this data; we act as the processor.
- Payment Data: Managed entirely by Polar.sh. We do not store credit card information.
- Usage Data: Technical logs, IP addresses, browser types, and interaction data to help us maintain security and improve the platform (via PostHog, with consent only).
- Technical Data: IP address, browser type, operating system, and application errors (via Sentry).
- Cookies: See our Cookie Policy for details.
4. How We Use Your Data
| Purpose | Legal Basis |
|---|---|
| Provide and manage the service | Contract performance |
| Authentication and security | Contract performance / Legitimate interest |
| Analytics and service improvement | Explicit consent |
| Error monitoring | Legitimate interest |
| Billing and payments | Contract performance / Legal obligation |
| Service communications | Contract performance |
5. Data Sharing
We do not sell your personal data. We only share it with the following service providers necessary for the operation of our platform:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, storage | EU |
| Vercel | Application hosting | Global (edge) |
| OpenAI | Audio transcription, AI generation | US |
| Google (Gemini) | AI generation, AI Vision | US |
| PostHog | Product analytics | EU (Frankfurt) |
| Sentry | Error tracking | EU (Frankfurt) |
| Bunny.net | Video hosting | EU |
| Cloudflare | CDN, DDoS protection | Global |
| Polar.sh | Payments and billing | EU |
6. International Data Transfers
Some of our service providers (OpenAI, Google, Vercel) may process data outside the European Economic Area. In such cases, transfers are based on Standard Contractual Clauses (SCCs) approved by the European Commission or adequacy decisions.
7. Data Retention
- Account data: Retained until account deletion
- Content (SOPs, media): Retained until deleted by user or organization
- Analytics logs: Maximum 12 months
- Error logs: Maximum 90 days
- Billing data: Retained as required by law (10 years)
8. Your Rights (EEA/UK)
Under the General Data Protection Regulation (GDPR), you have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Portability: Receive your data in a structured, machine-readable format
- Objection: Object to processing based on legitimate interest
- Withdraw consent: Withdraw consent at any time
To exercise your rights, contact us at support@crediaops.com. We will respond within 30 days.
9. Your California Privacy Rights (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information.
Categories of Personal Information We Collect
| CCPA Category | Examples | Collected |
|---|---|---|
| Identifiers | Name, email address, IP address, account ID | Yes |
| Commercial information | Subscription plan, billing history | Yes |
| Internet or network activity | Browser type, pages visited, interaction data | Yes |
| Professional or employment information | Job role, company name | Yes |
| Geolocation data | Approximate location derived from IP address | Yes |
| Audio, visual, or similar information | Voice recordings and videos uploaded by users | Yes |
| Sensitive personal information | N/A | No |
Your Rights
As a California resident, you have the right to:
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purposes, and the categories of third parties with whom we share it.
- Right to Delete: Request deletion of your personal information, subject to certain legal exceptions.
- Right to Correct: Request correction of inaccurate personal information.
- Right to Opt-Out of Sale or Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising without your prior opt-in consent. Advertising cookies (such as Meta Pixel) are only activated after you provide explicit consent via our cookie banner.
- Right to Non-Discrimination: We will not deny you services, charge different prices, or provide a different quality of service because you exercised your CCPA rights.
How to Submit a Request
To exercise any of these rights, email us at support@crediaops.com with the subject line "California Privacy Request." We will verify your identity before processing your request and respond within 45 days.
Global Privacy Control
We honor Global Privacy Control (GPC) signals. If your browser sends a GPC signal, we will treat it as a valid opt-out request for the sale or sharing of your personal information.
10. Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption in transit (TLS/SSL) and at rest
- Row Level Security (RLS) on all database tables
- DDoS protection via Cloudflare
- CAPTCHA on authentication pages
- Continuous monitoring with Sentry and UptimeRobot
11. Children
Our service is not intended for individuals under 16 years of age. We do not knowingly collect data from minors.
12. Changes to This Policy
We may update this Privacy Policy periodically. In case of material changes, we will notify you via email or notice on the platform.
13. Contact
For privacy questions: support@crediaops.com