Write and ask whatever you want
How it works
Credolab transforms device and behavioural metadata into powerful predictive insights and scores for credit risk, fraud prevention, and marketing optimisation.
How to integrate
Integration is seamless and flexible. Our lightweight SDKs for Android, iOS, and Web can be deployed with minimal impact on app or website performance.
We support modular integration and provide detailed technical documentation, sample code, and dedicated onboarding support.
How we handle data
We never collect personal or sensitive data. All data processed is anonymised, non-PII device and behavioural metadata.
Data stays fully under client control, processed with user consent, and stored securely in cloud environments that comply with leading global standards.
Data Sources & Collection
Credolab uses privacy-protected and permissioned metadata sourced directly from mobile devices and web interactions.
No personal content, messages, contacts, or location data is accessed. Data collection only begins after explicit user consent.
Consent & Transparency
We enable full transparency at every step. Our SDKs are designed to activate only after users opt in via client-controlled consent flows.
Clients can customise the messaging and consent screens, and we provide best-practice templates to ensure clarity and compliance.
Complicance & Regulations
Credolab operates globally with strict adherence to data protection regulations including GDPR (EU), CCPA (USA), PDPA (Singapore), LGPD (Brazil) and other local laws.
Our legal and infosec teams continuously monitor regulatory developments to ensure compliance.
Data Protection Practices
Data security is embedded into everything we do. We apply strong encryption in transit and at rest, enforce strict access controls, and isolate data by client to ensure confidentiality.
Regular audits, logging, and monitoring systems are in place to prevent unauthorised access or misuse.
ISO Certifications
Credolab is ISO/IEC 27001 certified, demonstrating our commitment to managing data security in line with internationally recognised standards.
This certification covers our infrastructure, development processes, and data handling practices, and is reviewed annually by independent auditors.
Privacy Policy
Our privacy policy outlines how we collect, use, and protect data – both on behalf of our clients and through our own corporate operations.
It clearly explains our role as a data processor, our consent-based approach, and our compliance with major privacy laws.
Topic
What kind of data does Credolab collect from users?
Credolab collects anonymised, non-personal device and behavioural metadata such as device settings, interaction patterns, or app usage categories. We do not access personal content, messages, photos, contacts, or precise location data. All data collection is consent-based and fully transparent.
Topic
Is Credolab’s SDK compliant with privacy regulations like GDPR and CCPA?
Yes. Our SDK and data handling practices are fully compliant with GDPR, CCPA, PDPA, LGPD and other local regulations. We collect data only after explicit user consent, and we operate strictly as a data processor, meaning our clients retain full control over the data collected.Credolab collects users' anonymised data to assess their financial health and status so that financial institutions are able to decide whether or not to grant a loan, a credit card or any other financial services. Credolab assesses the users' solvency, their probability of default and interest in receiving financial services only in the context of their application for the provision of financial services.
Topic
How does Credolab ensure data security?
Credolab applies enterprise-grade data protection practices, including encryption at rest and in transit, strict role-based access controls, and regular third-party audits. We are ISO/IEC 27001 certified, and our infrastructure and processes are continuously monitored to ensure data integrity and confidentiality.
Refer to the table below to see how each of Credolab's products handles data.
Topic
Can users opt out of data collection?
Only authorised and trained employees of Research and Development department have read only access to the data. In addition to this, the customer success team working with you will also have access to the data, after your explicit authorisation.
Topic
How long does it take to integrate Credolab’s SDK?
Our SDK is lightweight and modular, allowing most clients to complete integration in under a week. We provide detailed technical documentation, sample code, and dedicated onboarding support to help your development team every step of the way.
Topic
What happens to the data when a client contract ends?
When a client contract ends, all associated datasets are permanently deleted from our systems, including backups and cross-region replicas. The process is verified using AWS tools, logged for audit purposes, and a certificate of data destruction is issued to the client.
All about
Privacy & Security
Data Sources & Collection
Consent & Transparency
Compliance & Regulations
Data Protection Practices
ISO Certifications
Privacy Policies
Credolab collects metadata that reflects user behaviour patterns from mobile devices and web sessions. This includes technical attributes like app usage frequency, phone settings, and general UI interaction trends. Our technology never accesses or stores personal messages, contact lists, call logs, photos, or GPS locations. The goal is to enable accurate credit risk assessment, fraud detection, and marketing segmentation while safeguarding user privacy through non-invasive, frictionless, and privacy-consented data practices.
Key Points
Only non-intrusive, non-PII metadata from mobile and web devices is collected.
Data includes device and behavioural biometrics signals (e.g., app usage, screen lock, typing rhythm, among others).
No access to personal files, messages, contact lists, or location data.
Consent is at the heart of Credolab’s data practices. Users are required to provide explicit, informed consent before any data collection begins via the SDK embedded into the client’s front end. Our disclosures explain in clear, user-friendly language exactly what type of data is collected, its purpose, and how it contributes to credit risk analysis and fraud detection, all while maintaining compliance with global consent requirements.
Key Points
Users must opt-in before any data is collected or processed.
Credolab is a data processor on behalf of its clients, who serve as the data controllers.
Clear explanations regarding the data collected and its purpose are provided to users.
Credolab ensures end-to-end compliance with major global data privacy regulations, including the EU’s GDPR, Brazil’s LGPD, and Singapore’s PDPA. Our legal and compliance teams conduct regular assessments to ensure that our data practices meet or exceed regional legal requirements. Compliance is integrated into the design and development of all our products, ensuring that partners can confidently deploy our solutions across diverse regulatory environments.
Key Points
Fully aligned with GDPR, LGPD, PDPA, and other local privacy laws.
Legal and regulatory assessments are built into our product lifecycle.
Continuous monitoring of data protection legislation across jurisdictions.
Data security is embedded into Credolab’s infrastructure and operational processes. All metadata is encrypted using robust, industry-standard protocols both at rest and during transmission. Access to data is tightly controlled, logged, and monitored, with permissions based on strict role segregation. Our systems undergo regular penetration testing, vulnerability assessments, and third-party audits to proactively identify and address security risks, ensuring our clients’ data is always protected.
Key Points
Encryption in transit and at rest using industry standards (e.g., TLS 1.3 protocol).
Strict access controls, with role-based permissions and audit trails.
Regular security audits, penetration testing, and vulnerability scans.
Credolab is an ISO 27001:2013 certified company. Our scope of ISO27001 certification is specific to providing alternative credit scores to banking and non-banking financial institutions globally based on mobile and web digital footprints.
With this accreditation, clients can be assured that our products are developed and delivered professionally and in full compliance with international Information Security standards and practices.
Credolab’s technology transforms device and web behavioural metadata into powerful, privacy-consented predictors of credit risk, fraud alerts, and marketing insights.
Our SDKs and APIs collect behavioural patterns such as app usage, device settings, typing speed and cadence, gestures and UI interactions, without accessing personal or sensitive information. This data is then processed through our proprietary machine learning models to generate predictive scores and granular insights. The result is a secure, scalable solution that improves predictive power and expands financial inclusion while respecting user privacy and complying with global data regulations.
Key Points
Uses behavioural metadata from mobile devices and UI interactions to assess credit risk, detect fraud, and improve marketing.
Employs privacy-by-design principles with anonymised data that never captures PII.
Machine learning models generate scores and insights for better credit risk, fraud and marketing decisions.
Credolab’s technology transforms device and web behavioural metadata into powerful, privacy-consented predictors of credit risk, fraud alerts, and marketing insights.
Our SDKs and APIs collect behavioural patterns such as app usage, device settings, typing speed and cadence, gestures and UI interactions, without accessing personal or sensitive information. This data is then processed through our proprietary machine learning models to generate predictive scores and granular insights. The result is a secure, scalable solution that improves predictive power and expands financial inclusion while respecting user privacy and complying with global data regulations.
Key Points
Uses behavioural metadata from mobile devices and UI interactions to assess credit risk, detect fraud, and improve marketing.
Employs privacy-by-design principles with anonymised data that never captures PII.
Machine learning models generate scores and insights for better credit risk, fraud and marketing decisions.
Credolab’s technology transforms device and web behavioural metadata into powerful, privacy-consented predictors of credit risk, fraud alerts, and marketing insights.
Our SDKs and APIs collect behavioural patterns such as app usage, device settings, typing speed and cadence, gestures and UI interactions, without accessing personal or sensitive information. This data is then processed through our proprietary machine learning models to generate predictive scores and granular insights. The result is a secure, scalable solution that improves predictive power and expands financial inclusion while respecting user privacy and complying with global data regulations.
Key Points
Uses behavioural metadata from mobile devices and UI interactions to assess credit risk, detect fraud, and improve marketing.
Employs privacy-by-design principles with anonymised data that never captures PII.
Machine learning models generate scores and insights for better credit risk, fraud and marketing decisions.
Only 1st Party Data
We are an embedded technology provider and process only the data we know works via our proprietary mobile and Web SDKs.
We do not buy data from anyone.