CredoApply

Privacy Policy

CredoApply Privacy Policy

CredoLab Regional Privacy Policies

CredoApp Regional Privacy Policies

CredoApply Regional Privacy Policies

CredoWeb Regional Privacy Policies

We are working this. In case you want to access them immediately, please reach out to privacypolicy@credolab.com

(March 2020)

At CredoLab it is important to us that you feel comfortable and trust us with your information when you use the CredoLab services. Please take a few minutes to read this CredoApply Privacy Policy, so that you understand what information we collect, while you use CredoApply application, what we do with it and why.

What this policy covers?

This Privacy Policy covers how CredoLab Pte. Ltd. and its affiliated companies (collectively, "CredoLab," "we," "us" or "our") collect, use, and share information in connection with your access and use of our comprehensive digital mobile application that facilitates all aspects of the financial services onboarding process, named CredoApply. This Privacy Policy does not cover the privacy practices of third parties that we do not own or control.

Why do you collect my data?

It’s simple. Built on Artificial Intelligence (AI) credit scoring technology, CredoApply is packed with mobile intelligence to help financial institutions to seamlessly onboard applicants by guiding them through the application form, upload of documents for KYC purposes, perform anti-fraud checks, and generate a digital credit score. We use mobile device data to produce the alternative credit score via our CredoApply platform using highly sophisticated algorithms and predictive analytics. To calculate your score we use data that does not directly identify you. In particular, we may use such data to build data profiles and provide segmented risk profile, generate aggregate statistical information, and to improve and administer our current products and create new products. We provide this score only in relation to the financial service of the financial institution that you are applying for. We do not share your alternative credit score with anyone else.

You can be assured that we protect the information we collect. By using our CredoApply platform, you agree to the collection, use, and sharing of your data in accordance with this Privacy Policy.

How do you collect my data?

We collect your data when you download our CredoApply application and consent to us obtaining your personal data and your digital footprint. We will not and cannot extract a digital footprint without your consent.

The CredoApply consists of the home page and several tabs grouped by the following functions:

  • Application form: includes input fields, checkboxes, and photo taking functionalities that collect personal information and loan details;
  • Document upload: this tab allows you to upload documents such as national ID, a proof of income, a proof of address, etc.;
  • Permissions: this tab explains why the permissions are important to increase the chances of loan approval and provides you with details on the data being accessed and processed;
  • Data collection: this tab shows you the progress of the data collection and confirms when the report has been generated and shared with the financial institution.

The application form fields can be customized according to the requirements of your financial institution.

We do not request for your data from financial institutions without your consent and do not collect or process it without your consent. We will also ask you to click on a button that says “proceed with credit analysis”, or similar, before commencing a credit scoring and/or anti-fraud assessment on your mobile phone.

What data do you collect?

We collect various types of data from your smartphone to perform our services. Our CredoApply mobile application will only access the information on your mobile device after you have agreed to its collection and use. This information may include your device ID numbers, SIM card number, SMS messages and history, browser history, contacts, calendars, application list, location data and storage (i.e. your digital footprint) and, in some cases described below, the IP address[1] of your device. You may change such permissions using your device settings.

We would access your IP address only if your financial institution subscribes to the anti-fraud solution (offered by CredoLab on behalf of Iovation Inc. based on the reseller agreement). The IP address will be accessed only one-time, upon your application for specific financial service (loan, credit card etc.), and not persistently. The IP address information collected by us is similar to the types of information captured by common web analytics tools.

We collect also data to improve our services, including: Advertising ID associated with your device; Internet service provider or mobile network you use to connect to our products; and Information regarding other applications you may have on your device and how they are used (we never enter said applications).

You may always change your permissions on the specific data we collect using your device settings.

Do you collect information that can identify me?

With CredoApply we collect two types of data from your smartphone to perform our services:

  • Your Personally Identifiable Information (PII) filled in the application form by you to be sent directly to your financial institution via a dedicated API. This data is used to perform host-to-host, real-time checks without being stored on our servers;
  • Your digital footprint, which is anonymous and being processed by us in CredoApply. The result of such data collection is a text file that contains only metadata (data about other data). The text file is used only to calculate your credit score and to find the correlation between you as an applicant and the predicted default rate. Your Digital Footprint is not shared with any third party nor it is used to sell any ads.

We could also collect other information about you such as: IP address[2] and/or Device ID number, including Machine ID, IMEI and/or MEID; depersonalised geographic location present in media files. We use this information to detect fraudulent applications coming from the same device. In doing this, we protect your identity but retain the ability to recognise what information relates to you.  

To protect your identity, we may also remove personal identifiers from the information that we collect or aggregate and/or anonymize personal data we collect about you. For instance, although we would consider your precise location to be personal data if stored separately, if we combined the locations of our users into a data set that could only tell us how many users were located in a particular country, we would not consider this aggregated information to be personally identifiable.

These techniques assist in keeping the information that is sent to our servers secure and allows you to retain your raw information on your device.

While we cannot list out each and every type of data that we collect, we’ve tried below to give you a general understanding of what types of data we collect and examples to help you see what we mean.  

For Example:

  • Our mobile application collects information regarding your short text messages on your mobile device and e-mail messages. While the mobile application may scan all such messages on your phone, we only collect (and upload to the server) certain limited information about each message. For instance, the mobile application may count the messages received and their time stamp and match the senders with a list of selected financial institutions. It may also scan the content of messages for certain pre-determined keywords and flag when a message contains such keywords. Only this information is sent to our servers, not the underlying raw data.
  • While our mobile application may scan and process your phone book contacts on your mobile device, the names and contact details are not sent to our servers. Information such as the number of contacts in the phone book is sent as well as parameters such as “the percent of SMS sent to existing contacts vs. new numbers”.
  • While our mobile application may scan and process your application list i.e. information about the list of applications installed on your mobile device, we will only collect data relating to the identity and frequency of use of such applications but not the activities you engage on any such application.

How do you use my data?

We use your data to assess your financial health and status to allow Financial Institutions to decide whether or not to grant a loan or other financial services to you.

We may also use your data to: -

  1. obtain an assessment of your solvency including but not limited to an assessment of the probability of default of your obligations in the framework of contracts for the provision of financial services;
  2. Assess your interest in receiving financial services through algorithms and mathematical modeling.

The IP address of your device may be used to investigate and prevent fraud, spam, malware, identity theft or other unauthorized access, or any other unlawful activity as a part of the anti-fraud solution only.

You may withdraw your consent to receive product suggestions from us and the financial institutions at any time.

Do you share my data?

We share the result of your credit assessment with the financial institution with which you are applying for a financial service and your potential willingness to communicate directly with the financial institution, if requested by the financial institution. We also share your potential willingness to communicate directly with the financial institution, if requested by the financial institution.

We may also share your data in the following ways:

When authorized by law or necessary to comply with a valid legal process; when required to protect and defend the rights or property of CredoLab, including the security of our products and services; when necessary to protect the personal safety, property or other rights of the public, CredoLab or its customers or employees; or in connection with a sale of all or part of our business. If we are involved in a merger, acquisition or asset sale, we will abide by this Privacy Policy, and any affected users will be informed if we transfer any personal data to a third party or if personal data becomes subject to a different privacy policy as a result.

How long do you keep my data?

To implement and improve the functionality of the mobile application and to update the credit scorecards developed for the financial institution client, we will keep your data for up to three 3 years unless you request us to delete your data at an earlier date.

What rights do I have over my data?

You have the right to ask us about the data we process about you, the purpose and nature of the processing, and to provide information on who we share it with. You have the right to request that we update or delete (assuming that this does not impact the services we are providing to you) the data we have collected about you at any time. Please note that we may reject requests which risk the privacy of others or are unreasonable or repetitive, or would require a disproportionate effort. Unless you request us to delete your data, please note that we may keep your data after you stop being a user (but we typically keep your data no longer than is reasonably necessary given the purposes for which the data was collected). You have the right to expect us to protect your data and keep it safe. We work hard to protect CredoLab and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of the information we hold. In particular: We abide by this Privacy Policy at all times with respect to all data that we collect from you; We limit the use and disclosure of your data, and work to ensure that anyone with whom we share such information treats that information with the privacy and security it deserves; and We have put in place industry-accepted physical, technical and administrative practices to safeguard and secure the information we collect. You have the right to lodge a complaint with the relevant data protection authorities for any violation of applicable data protection laws.

What changes you can make?

We reserve the right to change this Privacy Policy at any time and will indicate the date the Privacy Policy was most recently updated. If there have been significant changes, we will highlight any such changes and will attempt to directly alert you when possible. We will also keep prior versions of this Privacy Policy in an archive for your review.

How can I contact you?

If you have any questions about this Privacy Policy or any of the above, please email us at privacypolicy@credolab.com. You may also contact us by mail at: CredoLab Pte. Ltd, #12-01 Capital Tower, 168 Robinson Road, Singapore 068912.

Is there anything else I need to know?

You may opt-out of our collection, use and disclosure of your information by removing our application from your mobile device and/or requesting for us to delete your information.

We require information from the you to properly perform the services intended. Some or all of the functionalities of our service may not be accurate or available should you choose not to share information with us.

Periodically, our site or products may contain links to and from websites or other external destinations managed by third parties. If you follow a link to any of these destinations (like offers on mobile app stores etc.), please note that those sites have their own privacy policy. When you are on those sites you are subject to those policies, and should therefore read and understand them before you submit any personal data to those sites.

[1] Every device connected to the Internet is assigned a unique number known as an Internet protocol (IP) address. IP addresses are assigned and reassigned by Internet Service Providers and companies regularly.

[2] IP address is not always considered as Personally Identifiable Information (PII). In the Philippines, Singapore or GDPR countries it is considered as PII. In other jurisdictions it isn't.

(March 2020)

At CredoLab it is important to us that you feel comfortable and trust us with your information when you use the CredoLab services. Please take a few minutes to read this CredoApply Privacy Policy, so that you understand what information we collect, while you use CredoApply application, what we do with it and why.

What this policy covers?

This Privacy Policy covers how CredoLab Pte. Ltd. and its affiliated companies (collectively, "CredoLab," "we," "us" or "our") collect, use, and share information in connection with your access and use of our comprehensive digital mobile application that facilitates all aspects of the financial services onboarding process, named CredoApply. This Privacy Policy does not cover the privacy practices of third parties that we do not own or control.

Why do you collect my data?

It’s simple. Built on Artificial Intelligence (AI) credit scoring technology, CredoApply is packed with mobile intelligence to help financial institutions to seamlessly onboard applicants by guiding them through the application form, upload of documents for KYC purposes, perform anti-fraud checks, and generate a digital credit score. We use mobile device data to produce the alternative credit score via our CredoApply platform using highly sophisticated algorithms and predictive analytics. To calculate your score we use data that does not directly identify you. In particular, we may use such data to build data profiles and provide segmented risk profile, generate aggregate statistical information, and to improve and administer our current products and create new products. We provide this score only in relation to the financial service of the financial institution that you are applying for. We do not share your alternative credit score with anyone else.

You can be assured that we protect the information we collect. By using our CredoApply platform, you agree to the collection, use, and sharing of your data in accordance with this Privacy Policy.

How do you collect my data?

We collect your data when you download our CredoApply application and consent to us obtaining your personal data and your digital footprint. We will not and cannot extract a digital footprint without your consent.

The CredoApply consists of the home page and several tabs grouped by the following functions:

  • Application form: includes input fields, checkboxes, and photo taking functionalities that collect personal information and loan details;
  • Document upload: this tab allows you to upload documents such as national ID, a proof of income, a proof of address, etc.;
  • Permissions: this tab explains why the permissions are important to increase the chances of loan approval and provides you with details on the data being accessed and processed;
  • Data collection: this tab shows you the progress of the data collection and confirms when the report has been generated and shared with the financial institution.

The application form fields can be customized according to the requirements of your financial institution.

We do not request for your data from financial institutions without your consent and do not collect or process it without your consent. We will also ask you to click on a button that says “proceed with credit analysis”, or similar, before commencing a credit scoring and/or anti-fraud assessment on your mobile phone.

What data do you collect?

We collect various types of data from your smartphone to perform our services. Our CredoApply mobile application will only access the information on your mobile device after you have agreed to its collection and use. This information may include your device ID numbers, SIM card number, SMS messages and history, browser history, contacts, calendars, application list, location data and storage (i.e. your digital footprint) and, in some cases described below, the IP address[1] of your device. You may change such permissions using your device settings.

We would access your IP address only if your financial institution subscribes to the anti-fraud solution (offered by CredoLab on behalf of Iovation Inc. based on the reseller agreement). The IP address will be accessed only one-time, upon your application for specific financial service (loan, credit card etc.), and not persistently. The IP address information collected by us is similar to the types of information captured by common web analytics tools.

We collect also data to improve our services, including: Advertising ID associated with your device; Internet service provider or mobile network you use to connect to our products; and Information regarding other applications you may have on your device and how they are used (we never enter said applications).

You may always change your permissions on the specific data we collect using your device settings.

Do you collect information that can identify me?

With CredoApply we collect two types of data from your smartphone to perform our services:

  • Your Personally Identifiable Information (PII) filled in the application form by you to be sent directly to your financial institution via a dedicated API. This data is used to perform host-to-host, real-time checks without being stored on our servers;
  • Your digital footprint, which is anonymous and being processed by us in CredoApply. The result of such data collection is a text file that contains only metadata (data about other data). The text file is used only to calculate your credit score and to find the correlation between you as an applicant and the predicted default rate. Your Digital Footprint is not shared with any third party nor it is used to sell any ads.

We could also collect other information about you such as: IP address[2] and/or Device ID number, including Machine ID, IMEI and/or MEID; depersonalised geographic location present in media files. We use this information to detect fraudulent applications coming from the same device. In doing this, we protect your identity but retain the ability to recognise what information relates to you.  

To protect your identity, we may also remove personal identifiers from the information that we collect or aggregate and/or anonymize personal data we collect about you. For instance, although we would consider your precise location to be personal data if stored separately, if we combined the locations of our users into a data set that could only tell us how many users were located in a particular country, we would not consider this aggregated information to be personally identifiable.

These techniques assist in keeping the information that is sent to our servers secure and allows you to retain your raw information on your device.

While we cannot list out each and every type of data that we collect, we’ve tried below to give you a general understanding of what types of data we collect and examples to help you see what we mean.  

For Example:

  • Our mobile application collects information regarding your short text messages on your mobile device and e-mail messages. While the mobile application may scan all such messages on your phone, we only collect (and upload to the server) certain limited information about each message. For instance, the mobile application may count the messages received and their time stamp and match the senders with a list of selected financial institutions. It may also scan the content of messages for certain pre-determined keywords and flag when a message contains such keywords. Only this information is sent to our servers, not the underlying raw data.
  • While our mobile application may scan and process your phone book contacts on your mobile device, the names and contact details are not sent to our servers. Information such as the number of contacts in the phone book is sent as well as parameters such as “the percent of SMS sent to existing contacts vs. new numbers”.
  • While our mobile application may scan and process your application list i.e. information about the list of applications installed on your mobile device, we will only collect data relating to the identity and frequency of use of such applications but not the activities you engage on any such application.

How do you use my data?

We use your data to assess your financial health and status to allow Financial Institutions to decide whether or not to grant a loan or other financial services to you.

We may also use your data to: -

  1. obtain an assessment of your solvency including but not limited to an assessment of the probability of default of your obligations in the framework of contracts for the provision of financial services;
  2. Assess your interest in receiving financial services through algorithms and mathematical modeling.

The IP address of your device may be used to investigate and prevent fraud, spam, malware, identity theft or other unauthorized access, or any other unlawful activity as a part of the anti-fraud solution only.

You may withdraw your consent to receive product suggestions from us and the financial institutions at any time.

Do you share my data?

We share the result of your credit assessment with the financial institution with which you are applying for a financial service and your potential willingness to communicate directly with the financial institution, if requested by the financial institution. We also share your potential willingness to communicate directly with the financial institution, if requested by the financial institution.

We may also share your data in the following ways:

When authorized by law or necessary to comply with a valid legal process; when required to protect and defend the rights or property of CredoLab, including the security of our products and services; when necessary to protect the personal safety, property or other rights of the public, CredoLab or its customers or employees; or in connection with a sale of all or part of our business. If we are involved in a merger, acquisition or asset sale, we will abide by this Privacy Policy, and any affected users will be informed if we transfer any personal data to a third party or if personal data becomes subject to a different privacy policy as a result.

How long do you keep my data?

To implement and improve the functionality of the mobile application and to update the credit scorecards developed for the financial institution client, we will keep your data for up to three 3 years unless you request us to delete your data at an earlier date.

What rights do I have over my data?

You have the right to ask us about the data we process about you, the purpose and nature of the processing, and to provide information on who we share it with. You have the right to request that we update or delete (assuming that this does not impact the services we are providing to you) the data we have collected about you at any time. Please note that we may reject requests which risk the privacy of others or are unreasonable or repetitive, or would require a disproportionate effort. Unless you request us to delete your data, please note that we may keep your data after you stop being a user (but we typically keep your data no longer than is reasonably necessary given the purposes for which the data was collected). You have the right to expect us to protect your data and keep it safe. We work hard to protect CredoLab and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of the information we hold. In particular: We abide by this Privacy Policy at all times with respect to all data that we collect from you; We limit the use and disclosure of your data, and work to ensure that anyone with whom we share such information treats that information with the privacy and security it deserves; and We have put in place industry-accepted physical, technical and administrative practices to safeguard and secure the information we collect. You have the right to lodge a complaint with the relevant data protection authorities for any violation of applicable data protection laws.

What changes you can make?

We reserve the right to change this Privacy Policy at any time and will indicate the date the Privacy Policy was most recently updated. If there have been significant changes, we will highlight any such changes and will attempt to directly alert you when possible. We will also keep prior versions of this Privacy Policy in an archive for your review.

How can I contact you?

If you have any questions about this Privacy Policy or any of the above, please email us at privacypolicy@credolab.com. You may also contact us by mail at: CredoLab Pte. Ltd, #12-01 Capital Tower, 168 Robinson Road, Singapore 068912.

Is there anything else I need to know?

You may opt-out of our collection, use and disclosure of your information by removing our application from your mobile device and/or requesting for us to delete your information.

We require information from the you to properly perform the services intended. Some or all of the functionalities of our service may not be accurate or available should you choose not to share information with us.

Periodically, our site or products may contain links to and from websites or other external destinations managed by third parties. If you follow a link to any of these destinations (like offers on mobile app stores etc.), please note that those sites have their own privacy policy. When you are on those sites you are subject to those policies, and should therefore read and understand them before you submit any personal data to those sites.

[1] Every device connected to the Internet is assigned a unique number known as an Internet protocol (IP) address. IP addresses are assigned and reassigned by Internet Service Providers and companies regularly.

[2] IP address is not always considered as Personally Identifiable Information (PII). In the Philippines, Singapore or GDPR countries it is considered as PII. In other jurisdictions it isn't.