No. All your customers’ personal data like messages and contacts are not accessed. The only information that some jurisdictions may define as personal would include: Android ID number and Geographic location based on file. This information is only used to deter fraudulent behaviour.
Aside from that, the bulk of the data that we collect is considered metadata, which translates to the data about the data. Furthermore, we access only anonymous data which we code them binarily, and only after the user has agreed to the required Operating System's permissions and granted data privacy consent. In doing so, CredoLab protects the end-users' anonymity whilst retaining the ability to detect fraud deriving from particular devices.
Examples of metadata would include: the number of events you schedule during work hours, the number of contacts saved per month, total number of apps upgraded in the last month, or the number of music files. We do not collect the personal contents, we just crunch the numbers.
Our standard SLA with most clients is no more than 1 minute but 97% of our transaction records show is less than a second for our clients to see the results.
Credolab agrees, represents, and warrants to provide the Client with quality support and access to knowledgeable personnel at all times. CredoLab provides a multi-level support to the Client executed by the both Customer Success Manager and the Technical Support team. Incoming requests are prioritized according to its scale and duration of impact on production:
CredoLab only reads permissioned information and transforms them into anonymous data about other data (metadata). If you could take a look at the data CredoLab’s scoring algorithm processes, it would be as below:
We have had independent annual auditors (Ernst & Young, (2018) and eShard (2019) verify that our product do not have any exploitable vulnerabilities.
Incidents are prioritized based on severity level below to ensure that those with the highest business impact are resolved first. Technical support resources are available during local business hours.
Yes, CredoLab's end-to-end communication protocols are encrypted.
CredoLab agrees, represents, and warrants to use commercially reasonable efforts to resolve errors in a manner consistent with the requirements of the Client, the Agreement, the Services, and our SLA. CredoLab shall use the standard HTTP response codes to indicate specific failure modes. The high-level breakdown of the standard HTTP error conditions and how Client's system will interpret these are as follows:
CredoLab collects privacy consented, non Personally Identifiable Information (PII) anonymous metadata, such as:
CredoLab agrees, represents, and warrants not to post, transmit, retransmit, or store material on or through the CredoLab Infrastructure that:
CredoLab agrees, represents, and warrants to comply with data protection laws and regulations that apply to the performance of its obligations under this SLA and to process any personal data (including any which forms part of the Client's Data) as a result of, or in connection with, the provision of the Services to the Client strictly in accordance with Clients’s instructions and/or all applicable data protection laws and regulations and not otherwise. CredoLab agrees to take reasonable, appropriate technical, business, and organizational measures against accidental, deliberate, or unauthorized destruction, loss, alteration or disclosure of any data and implement adequate security programs and procedures to ensure that unauthorized persons do not have access to any equipment used to process personal data as part of the Services.
CredoLab agrees, represents, and warrants not to use or disclose Client’s Data or any end-user data, except to perform the Services and conduct activities authorized in this SLA.
With the anonymous approach, CredoLab focuses on protecting the users’ data privacy. Even if users’ data are stolen, it would be impossible to identify neither a user, or any of her contacts, or fetch any other information from a data set. CredoLab does not collect the content of messages or emails, phone numbers, contact names, geolocation or any other personal data.
CredoLab agrees, represents, and warrants that it uses data leakage protection (DLP) mechanisms, network security via TLS, access control policy, system development lifecycle (SDLC), encryption protocols, software baseline configuration system, network security and firewall management, intrusion detection and/or prevention systems (IDS/IPS), environment segregation for relevant systems, and security logging and monitoring policy, among others. These help with the daily monitoring and performance of servers.
No. CredoLab doesn't collect and share user's personal info
CredoLab agrees, represents, and warrants to undertake commercially reasonable measures to ensure that System Availability equals or exceeds the SLC of 95% during each calendar month, excluding Maintenance Windows, provided that any Unscheduled Downtime occurring as a result of the following exclusions: (i) incompatibility of Client’s equipment or software with the CredoLab Infrastructure; (ii) performance of Client's systems or website; or (iii) Force Majeure or (iv) any other circumstances that are not within CredoLab’s control which for purposes of this SLA is limited to scheduled or unscheduled interruptions caused by third party service providers (e.g., third party networks, domain name registrars) and outages on the part of internet service providers, shall not be considered toward any reduction in System Availability measurements or the application of Service Credits provisions. CredoLab shall comply with the following API requirements:
CredoLab agrees, represents, and warrants to use commercially reasonable efforts to determine the source of any excess packet loss or latency and to correct such problem to the extent that the source of the issue is on CredoLab Infrastructure or network.
The metadata assessed and the score generated on your customers are stored by CredoLab for your use as long as the contract is valid. On termination of the contract, this data is deleted from all servers.
CredoLab agrees, represents, and warrantsto use standard industry practices to regularly back up all data stored on behalf of the Client in accordance with the Schedule below, and implement a disaster recovery plan in the event of a site catastrophe or other Force Majeure Event that prevents CredoLab from delivering the Services or the client from accessing the Services or CredoLab’s Infrastructure, and agrees to use commercially reasonable efforts to have the Services restored to operation as soon as practicable
CredoLab agrees, represents, and warrants to back up all Client Data (including but not limited to File Data, Database Data, and Archive Data), on a daily basis using a combination of full and incremental backup procedures. In addition, CredoLab shall archive database logs to permit recovery to a specific point in time if necessary. Backups will be executed automatically using a predefined schedule. Backup records will be rotated offsite on a periodic basis to ensure availability in the event of a site catastrophe. CredoLab agrees to archive and retain such records using predefined schedules and policies.
CredoLab agrees to exercise commercially reasonable efforts to restore data files from archived copies as quickly as reasonably practicable, as necessary as a result of system failure or data corruption or losses. Client acknowledges that the amount of time required to restore data files is dependent upon numerous factors, including, but not limited to, severity or the relevant data corruption or loss. Any expense relative to data restoration is for the account of CredoLab.
CredoLab has been working with Microsoft Azure for our cloud storage solutions. If your country or company has any other service provider you’d like to use instead, we could confirm on this after checking the security levels and the integration requirements from our side.
All data collected are encrypted at all times - when at rest as well as in transit. Production data, the data used to generate the scorecards once you go live, are restricted from being used in test and development systems unless the data is appropriately masked or sanitised to protect sensitive information (if any). Data leakage protection (DLP) mechanisms are put in place to monitor and prevent the data form leaving the organisation via removable media or via a network. We maintain separate and appropriately segregated development, test and production environments for all Client`s relevant systems.
We have a formal security incident monitoring, reporting and response process to identify, report, and appropriately respond to known or suspected security incidents. Theft or loss of user systems (such as workstations or laptops) considered security incidents and follow our incident reporting process.
CredoLab agrees, represents, and warrants to use all commercially reasonable efforts to have the Services running and available to the Client continuously, every day, in dedicated environments of at least 95% during any monthly billing cycle (“Service Level Commitment” or SLC) and a mean time of between any non-Availability equal to or greater than one hundred twenty days (120).
A Scheduled Downtime may be scheduled by CredoLab as reasonably necessary for maintenance, updating, or repair by giving the client at least eight (8) hours advance written notice, unless a shorter notice period is required under the circumstances. The notice will specify the date and start time of the Scheduled Downtime and the expected period during which the Services will non-Available. CredoLab agrees to use commercially reasonable efforts to minimize the effects of such Scheduled Downtime on the Client's regular business operations.
Please refer to the sections below for more on our service level commitment.
Only authorized and trained employees of Research and Development department have read only access to the data. In addition to this, the customer success team working with you will also have access to the data, after your explicit authorization.
Couldn’t find an answer to your query? Get in touch with us directly at email@example.com.