TRUST CENTER

Write and ask whatever you want

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

ALL ABOUT TECH

How it works

Credolab transforms device and behavioural metadata into powerful predictive insights and scores for credit risk, fraud prevention, and marketing optimisation.

Learn more

How to integrate

Integration is seamless and flexible. Our lightweight SDKs for Android, iOS, and Web can be deployed with minimal impact on app or website performance.

We support modular integration and provide detailed technical documentation, sample code, and dedicated onboarding support.

Learn more

How we handle data

We never collect personal or sensitive data. All data processed is anonymised, non-PII device and behavioural metadata.

Data stays fully under client control, processed with user consent, and stored securely in cloud environments that comply with leading global standards.

Learn more

Related articles

The relationship between data collection and fragments

Credit Scoring Models: How to create a model that works best for you

6 Ways To Utilise credolab's Behavioural Solutions to Drive Financial Inclusion

See more articles

ALL ABOUT PRIVACY & SECURITY

Data Sources & Collection

Credolab uses privacy-protected and permissioned metadata sourced directly from mobile devices and web interactions.

No personal content, messages, contacts, or location data is accessed. Data collection only begins after explicit user consent.

Learn more

Consent & Transparency

We enable full transparency at every step. Our SDKs are designed to activate only after users opt in via client-controlled consent flows.

Clients can customise the messaging and consent screens, and we provide best-practice templates to ensure clarity and compliance.

Learn more

Complicance & Regulations

Credolab operates globally with strict adherence to data protection regulations including GDPR (EU), CCPA (USA), PDPA (Singapore), LGPD (Brazil) and other local laws.

Our legal and infosec teams continuously monitor regulatory developments to ensure compliance.

Learn more

Data Protection Practices

Data security is embedded into everything we do. We apply strong encryption in transit and at rest, enforce strict access controls, and isolate data by client to ensure confidentiality.

Regular audits, logging, and monitoring systems are in place to prevent unauthorised access or misuse.

Learn more

ISO Certifications

Credolab is ISO/IEC 27001 certified, demonstrating our commitment to managing data security in line with internationally recognised standards.

This certification covers our infrastructure, development processes, and data handling practices, and is reviewed annually by independent auditors.

Learn more

Privacy Policy

Our privacy policy outlines how we collect, use, and protect data – both on behalf of our clients and through our own corporate operations.

It clearly explains our role as a data processor, our consent-based approach, and our compliance with major privacy laws.

Learn more

Still have questions?

Can’t find the answer you’re looking for?
Please chat to our friendly team.

Get In Touch

FAQ

Topic

What kind of data does Credolab collect from users?

Credolab collects anonymised, non-personal device and behavioural metadata such as device settings, interaction patterns, or app usage categories. We do not access personal content, messages, photos, contacts, or precise location data. All data collection is consent-based and fully transparent.

more →

Topic

Is Credolab’s SDK compliant with privacy regulations like GDPR and CCPA?

Yes. Our SDK and data handling practices are fully compliant with GDPR, CCPA, PDPA, LGPD and other local regulations. We collect data only after explicit user consent, and we operate strictly as a data processor, meaning our clients retain full control over the data collected.Credolab collects users' anonymised data to assess their financial health and status so that financial institutions are able to decide whether or not to grant a loan, a credit card or any other financial services. Credolab assesses the users' solvency, their probability of default and interest in receiving financial services only in the context of their application for the provision of financial services.

more →

Topic

How does Credolab ensure data security?

Credolab applies enterprise-grade data protection practices, including encryption at rest and in transit, strict role-based access controls, and regular third-party audits. We are ISO/IEC 27001 certified, and our infrastructure and processes are continuously monitored to ensure data integrity and confidentiality.

Refer to the table below to see how each of Credolab's products handles data.

more →

Topic

Can users opt out of data collection?

Only authorised and trained employees of Research and Development department have read only access to the data. In addition to this, the customer success team working with you will also have access to the data, after your explicit authorisation.

more →

Topic

How long does it take to integrate Credolab’s SDK?

Our SDK is lightweight and modular, allowing most clients to complete integration in under a week. We provide detailed technical documentation, sample code, and dedicated onboarding support to help your development team every step of the way.

more →

Topic

What happens to the data when a client contract ends?

When a client contract ends, all associated datasets are permanently deleted from our systems, including backups and cross-region replicas. The process is verified using AWS tools, logged for audit purposes, and a certificate of data destruction is issued to the client.

more →
See more FAQs

SUBSCRIBE TO
OUR LATEST NEWSLETTER

Join 25,000+ practitioners from risk, fraud and marketing teams to discover behavioural data insights

All about
Privacy & Security

Data Sources & Collection

Consent & Transparency

Compliance & Regulations

Data Protection Practices

ISO Certifications

Privacy Policies

Data Sources & Collections

Credolab collects metadata that reflects user behaviour patterns from mobile devices and web sessions. This includes technical attributes like app usage frequency, phone settings, and general UI interaction trends. Our technology never accesses or stores personal messages, contact lists, call logs, photos, or GPS locations. The goal is to enable accurate credit risk assessment, fraud detection, and marketing segmentation while safeguarding user privacy through non-invasive, frictionless, and privacy-consented data practices.

Key Points

Only non-intrusive, non-PII metadata from mobile and web devices is collected.
Data includes device and behavioural biometrics signals (e.g., app usage, screen lock, typing rhythm, among others).
No access to personal files, messages, contact lists, or location data.

User Content And Transparency

Consent is at the heart of Credolab’s data practices. Users are required to provide explicit, informed consent before any data collection begins via the SDK embedded into the client’s front end. Our disclosures explain in clear, user-friendly language exactly what type of data is collected, its purpose, and how it contributes to credit risk analysis and fraud detection, all while maintaining compliance with global consent requirements.

Key Points

Users must opt-in before any data is collected or processed.
Credolab is a data processor on behalf of its clients, who serve as the data controllers.
Clear explanations regarding the data collected and its purpose are provided to users.

Compliance & Regulations

Credolab ensures end-to-end compliance with major global data privacy regulations, including the EU’s GDPR, Brazil’s LGPD, and Singapore’s PDPA. Our legal and compliance teams conduct regular assessments to ensure that our data practices meet or exceed regional legal requirements. Compliance is integrated into the design and development of all our products, ensuring that partners can confidently deploy our solutions across diverse regulatory environments.

Key Points

Fully aligned with GDPR, LGPD, PDPA, and other local privacy laws.
Legal and regulatory assessments are built into our product lifecycle.
Continuous monitoring of data protection legislation across jurisdictions.

Data Protection Practices

Data security is embedded into Credolab’s infrastructure and operational processes. All metadata is encrypted using robust, industry-standard protocols both at rest and during transmission. Access to data is tightly controlled, logged, and monitored, with permissions based on strict role segregation. Our systems undergo regular penetration testing, vulnerability assessments, and third-party audits to proactively identify and address security risks, ensuring our clients’ data is always protected.

Key Points

Encryption in transit and at rest using industry standards (e.g., TLS 1.3 protocol).
Strict access controls, with role-based permissions and audit trails.
Regular security audits, penetration testing, and vulnerability scans.

ISO Certification

Credolab is an ISO 27001:2013 certified company. Our scope of ISO27001 certification is specific to providing alternative credit scores to banking and non-banking financial institutions globally based on mobile and web digital footprints.

With this accreditation, clients can be assured that our products are developed and delivered professionally and in full compliance with international Information Security standards and practices.

All about
Tech

How It Works

How To Integrate

How We Handle Data

How It Works

Credolab’s technology transforms device and web behavioural metadata into powerful, privacy-consented predictors of credit risk, fraud alerts, and marketing insights.

Our SDKs and APIs collect behavioural patterns such as app usage, device settings, typing speed and cadence, gestures and UI interactions, without accessing personal or sensitive information. This data is then processed through our proprietary machine learning models to generate predictive scores and granular insights. The result is a secure, scalable solution that improves predictive power and expands financial inclusion while respecting user privacy and complying with global data regulations.

Key Points

Uses behavioural metadata from mobile devices and UI interactions to assess credit risk, detect fraud, and improve marketing.
Employs privacy-by-design principles with anonymised data that never captures PII.
Machine learning models generate scores and insights for better credit risk, fraud and marketing decisions.

Risk

Scores and Insights

Fraud

Scores and Insights

Marketing

Scores and Insights

How To Integrate

Credolab’s technology transforms device and web behavioural metadata into powerful, privacy-consented predictors of credit risk, fraud alerts, and marketing insights.

Our SDKs and APIs collect behavioural patterns such as app usage, device settings, typing speed and cadence, gestures and UI interactions, without accessing personal or sensitive information. This data is then processed through our proprietary machine learning models to generate predictive scores and granular insights. The result is a secure, scalable solution that improves predictive power and expands financial inclusion while respecting user privacy and complying with global data regulations.

Key Points

Uses behavioural metadata from mobile devices and UI interactions to assess credit risk, detect fraud, and improve marketing.
Employs privacy-by-design principles with anonymised data that never captures PII.
Machine learning models generate scores and insights for better credit risk, fraud and marketing decisions.

How We Process Data

Credolab’s technology transforms device and web behavioural metadata into powerful, privacy-consented predictors of credit risk, fraud alerts, and marketing insights.

Our SDKs and APIs collect behavioural patterns such as app usage, device settings, typing speed and cadence, gestures and UI interactions, without accessing personal or sensitive information. This data is then processed through our proprietary machine learning models to generate predictive scores and granular insights. The result is a secure, scalable solution that improves predictive power and expands financial inclusion while respecting user privacy and complying with global data regulations.

Key Points

Uses behavioural metadata from mobile devices and UI interactions to assess credit risk, detect fraud, and improve marketing.
Employs privacy-by-design principles with anonymised data that never captures PII.
Machine learning models generate scores and insights for better credit risk, fraud and marketing decisions.

Only 1st Party Data

We are an embedded technology provider and process only the data we know works via our proprietary mobile and Web SDKs.

We do not buy data from anyone.