CredoAlert Privacy Policy
Last Updated: March 14, 2025
CredoAlert values your privacy and is committed to protecting your personal information. This comprehensive privacy policy details how we collect, use, share, and safeguard your data when you use our mass notification platform.
Introduction
This Privacy Policy applies to CredoAlert ("we," "our," or "us"), a notification platform that enables organizations to send mass alerts to contacts and groups through multiple communication channels. We understand the importance of safeguarding the personal information you entrust to us. This policy outlines our practices regarding data collection, usage, sharing, and protection in compliance with applicable privacy laws including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Personal Information Protection and Electronic Documents Act (PIPEDA). By using our services, you consent to the practices described in this policy.
Information We Collect
We collect various categories of information to provide and improve our notification services. The information we gather includes account data such as your company name, contact details, and user credentials which are essential for establishing and maintaining your CredoAlert account. We also collect operational data including alert configurations, message content, and recipient information that allows our system to deliver notifications effectively to your designated contacts and groups. Additionally, our platform records technical data encompassing notification statistics, delivery status information, and usage metrics that help us monitor system performance and billing accuracy. When you interact with our platform, usage data such as login activities and feature utilization is automatically collected to improve user experience and enhance security measures.
How We Use Your Information
Your information enables us to deliver our core notification services and optimize platform performance. We primarily use your data to facilitate the creation and sending of mass notifications to your contacts and groups according to your specified alert methods including SMS, email, telephone calls, and API integrations. We also utilize collected information to track notification delivery status including successful deliveries, failed attempts, and response rates to provide you with accurate reporting and troubleshooting capabilities. For platform improvement purposes, we analyze usage patterns and performance metrics to enhance functionality, address technical issues, and develop new features that better serve your communication needs. Additionally, we process your information for account management functions such as user authentication, role-based access control, billing calculations based on credit usage, and ensuring platform security through monitoring and audit processes.
Information Sharing With Third Parties
We share certain information with trusted service providers to facilitate our platform's functionality. Message delivery partners including Twilio for SMS and voice calls and Resend for email delivery receive recipient contact information and message content solely to execute the notification delivery services you request. Our database and hosting provider Supabase stores operational data including account information, contact details, and notification records to maintain platform functionality and provide secure data storage. For payment processing, we engage Stripe which receives necessary transaction details to process subscription fees and manage account credits in accordance with their own privacy policies and security standards. Additionally, we utilize Google Analytics to collect anonymized usage statistics that help us improve the user experience of our platform while adhering to relevant data protection requirements regarding analytics implementation.
Data Security Measures
We implement appropriate safeguards to protect your information from unauthorized access and data breaches. Our security infrastructure employs industry-standard encryption protocols for data in transit and at rest to prevent unauthorized interception of sensitive information during transmission and storage. We maintain strict access controls through role-based permission systems that restrict data access to authorized personnel with legitimate business needs, minimizing internal exposure of sensitive information. Regular security assessments including vulnerability scanning and periodic security reviews help us identify and address potential weaknesses in our security posture before they can be exploited. Additionally, we implement secure development practices and maintain security monitoring systems that provide early warning of suspicious activities or potential security incidents. While we take reasonable measures to protect your data, no system can guarantee absolute security against sophisticated attacks, and we continuously work to enhance our protective measures.
Your Rights Regarding Your Information
Privacy laws grant you specific rights concerning your personal information which we fully respect and facilitate. You may request access to the personal information we hold about you, and we will provide this information in a structured, commonly used format within the timeframe specified by applicable regulations. If you discover inaccuracies in your data, you have the right to request corrections, and we will update our records accordingly to maintain data accuracy. You may also request deletion of your personal information, subject to certain exceptions such as legal obligations or legitimate business purposes that require data retention. Additionally, you can exercise your right to restrict or object to certain processing activities, and we will honor these requests unless there are compelling legitimate grounds for continued processing. For CredoAlert users in applicable jurisdictions, you may also have the right to data portability, allowing you to transfer your information to another service provider in a machine-readable format.
International Data Transfers
As a global service provider, we may transfer your information across international borders while maintaining appropriate safeguards. We primarily store data on secure servers located in the European Union through our partnership with Supabase, adhering to regional data protection standards for primary storage. When transfers to other jurisdictions are necessary for service provision, we implement appropriate legal mechanisms such as Standard Contractual Clauses (SCCs) approved by regulatory authorities to ensure adequate protection of transferred data. For transfers to the United States, we rely on the EU-US Data Privacy Framework and supplementary measures designed to address concerns raised in the Schrems II decision regarding US surveillance practices. We regularly assess the privacy practices and legal compliance of our international data processing partners to verify they maintain appropriate data protection standards aligned with our commitments. Additionally, we implement technical measures including encryption and access controls that provide supplementary protection for data regardless of storage location.
Children's Privacy
Our services are not directed to individuals under the age of 16, and we do not knowingly collect personal information from children. The CredoAlert platform is designed for business use by organizations sending notifications to their contacts, not for use by minors. If we discover that we have inadvertently collected information from a child under 16, we will promptly delete such information from our systems. Parents or guardians who believe we may have collected information from a child are encouraged to contact us immediately using the information provided in the Contact section of this policy. We recommend that organizations using our service for educational institutions or youth-oriented programs implement appropriate verification measures to ensure compliance with child privacy regulations when configuring recipient lists. Our platform does not offer services specifically targeted at children, and our terms of service prohibit the use of our system for sending notifications directly to minors without appropriate parental or guardian consent.
Changes to this Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we make material changes to this policy, we will notify you through various channels to ensure transparency. Notification methods include displaying prominent notices on our platform dashboard at least seven days before implementation to give you adequate time to review the changes. We also send email notifications to account administrators and primary contacts detailing the nature of significant changes and their potential impact on your use of our services. We encourage you to review this Privacy Policy regularly to stay informed about how we protect your information and your associated rights. Your continued use of CredoAlert after policy changes constitutes acceptance of the updated terms.
Contact Information
CredoAlert Privacy Department
123 Privacy Avenue, Tech City, TC 12345
support@credoalert.com