Our Privacy Policy

(Last Updated: October 2018)

At CredoLab it is important to us that you feel comfortable and trust us with your information when you use the CredoLab services. Please take a few minutes to read this Privacy Policy, so that you understand what information we collect, what we do with it and why.

Why do you collect my data?

It’s simple. We provide products and services to help produce a real-time credit decision. We use mobile device data to produce the alternative credit score via our proprietary mobile application (CredoApp) using highly sophisticated algorithms and predictive analytics. We provide this score only in relation to the financial service of the financial institution that you are applying for. We do not share your alternative credit score with anyone else. To calculate your score we use data that does not directly identify you. In particular, we may use such data to build data profiles and provide segmented risk profile, generate aggregate statistical information, and to improve and administer our current products and create new products. You can be assured that we protect the information we collect. By using our products or services, you agree to the collection, use, and sharing of your data in accordance with this Privacy Policy. Unless the specific product states otherwise, all CredoLab products and services are included under this Privacy

How do you collect my data?

We collect your data when you download our application and consent to us obtaining your digital footprint. We will not and cannot extract a digital footprint without your consent.

We do not request your data from financial institutions without your consent and do not collect or process it without your consent. We will also ask you to click on a button that says “proceed with credit analysis”, or similar, before commencing a credit scoring assessment on your mobile phone.

What data do you collect?

We collect various types of data from your smartphone to perform our services. Our CredoLab mobile application will only access the information on your mobile device after you have agreed to its collection and use. This information may include your device ID numbers, SIM card number, incoming and outgoing call history, SMS messages and history, browser history, contacts, calendars, application list, location data and storage.  You may change such permissions using your device settings.

We collect also data to improve our services, including Advertising ID associated with your device; Internet service provider or mobile network you use to connect to our products; and Information regarding other applications you may have on your device and how they are used (we never enter said applications).

Do you collect information that can identify me?

Unlike other companies, we do not collect your name or email address to identify you. We collect other information about you such as Device ID number, including Machine ID, IMEI and/or MEID; depersonalised geographic location present in media files. We use this information to detect fraudulent applications coming from the same device. In doing this, we protect your identity but retain the ability to recognise what information relates to you.

To protect your identity, we may also remove personal identifiers from the information that we collect or aggregate and/or anonymize personal data we collect about you. For instance, although we would consider your precise location to be personal data is stored separately, if we combined the locations of our users into a data set that could only tell us how many users were located in a particular country, we would not consider this aggregated information to be personally identifiable.

The information collected by our mobile application is not sent to the financial institution you are applying for a financial service with. The processing of the information is done on CredoLab’s secure servers. The financial institution of your choice receives some limited pseudonymised information about you including the results of your credit assessment. While the information remains attributable to you, it cannot be reverse engineered to produce the original raw information collected.

These techniques assist in keeping the information that is sent to our servers secure and allows you to retain your raw information on your device.

While we cannot list out each and every type of data that we collect, we’ve tried below to give you a general understanding of what types of data we collect and examples to help you see what we mean.  

For example:

  • Our mobile application collects information regarding your short text messages on your mobile device and e-mail messages. While the mobile application may scan all such messages on your phone, we only collect (and upload to the server) certain limited information about each message. For instance, the mobile application may count the messages received and their time stamp and match the senders with a list of selected Financial Institutions. It may also scan the content of messages for certain pre-determined keywords and flag when a message contains such keywords. Only this information is sent to our servers, not the underlying raw data. 
  • While our mobile application may scan and process your phone book contacts on your mobile device, the names and contact details are not sent to our servers. Information such as the number of contacts in the phone book is sent as well as parameters such as “the percent of calls made to contacts vs. new numbers”. 
  • While our mobile application may scan and process your application list i.e. information about the list of applications installed on your mobile device, we will only collect data relating to the identity and frequency of use of such applications but not the activities you engage on any such application.

How do you use my data?

We use your data to assess your financial health and status to allow Financial Institutions to decide whether or not to grant a loan or other financial

services to you.  

We also use your data to: -

  • Obtain an assessment of your solvency including but not limited to an assessment of the probability of default of your obligations in the framework of contracts for the provision of financial services;
  • Assess your interest in receiving financial services through algorithms and mathematical modelling;

You may withdraw your consent to receive advertising and marketing collateral from us and the financial institutions at any time.

Do you share my data?

We share the result of your credit assessment with the financial institution with which you are applying for a financial service and your potential willingness to communicate directly with the financial institution if requested by the financial institution. We also share your potential willingness to communicate directly with the financial institution, if requested by the financial institution.

We may also share your data in the following ways:

When authorized by law or necessary to comply with a valid legal process; when required to protect and defend the rights or property of CredoLab, including the security of our products and services; when necessary to protect the personal safety, property or other rights of the public, CredoLab or its customers or employees; or in connection with a sale of all or part of our business. If we are involved in a merger, acquisition or asset sale, we will abide by this Privacy Policy, and any affected users will be informed if we transfer any personal data to a third party or if personal data becomes subject to a different privacy policy as a result.

How long do you keep my data?

To implement and improve the functionality of the mobile application and to update the credit scorecards developed for the financial institution client, we will keep your data for up to three 3 years unless you request us to delete your data at an earlier date.

What rights do I have over my data?

You have the right to ask us about the data we process about you, the purpose and nature of the processing, and to provide information on who we share it with. You have the right to request that we update or delete (assuming that this does not impact the services we are providing to you) the data we have collected about you at any time. Please note that we may reject requests which risk the privacy of others or are unreasonable or repetitive, or would require a disproportionate effort. Unless you request us to delete your data, please note that we may keep your data after you stop being a user (but we typically keep your data no longer than is reasonably necessary given the purposes for which the data was collected). You have the right to expect us to protect your data and keep it safe. We work hard to protect CredoLab and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of the information we hold. In particular: We abide by this Privacy Policy at all times with respect to all data that we collect from you; We limit the use and disclosure of your data, and work to ensure that anyone with whom we share such information treats that information with the privacy and security it deserves; and We have put in place industry-accepted physical, technical and administrative practices to safeguard and secure the information we collect. You have the right to lodge a complaint with the relevant data protection authorities for any violation of applicable data protection laws.

What changes have you recently made?

We reserve the right to change this Privacy Policy at any time and will indicate the date the Privacy Policy was most recently updated. If there have been significant changes, we will highlight any such changes and will attempt to directly alert you when possible. We will also keep prior versions of this Privacy Policy in an archive for your review.

Recent Changes: In our latest update, we have clarified how we collect, use and share your data, and in particular how we enable users’ choice and the measures we take to protect users’ identity through our products.

How can I contact you?

If have any questions about this policy or any of the above, please email us at privacypolicy@credolab.com. You may also contact us by mail at CredoLab Pte. Ltd, #12-01 Capital Tower, 168 Robinson Road, Singapore 068912.

Is there anything else I need to know?

You may opt-out of our collection, use and disclosure of your information by removing our application from your mobile device and requesting for us to delete your information.

We require information from you to properly perform the services intended. Some or all of the functionalities of our service may not be accurate or available should you choose not to share information with us.

Periodically, our site or products may contain links to and from websites or other external destinations managed by third parties. If you follow a link to any of these destinations (like offers on mobile app stores etc.), please note that those sites have their own privacy policy. When you are on those sites you are subject to those policies, and should therefore read and understand them before you submit any personal data to those sites.