Last updated: 2023.09.12
Credal AI (“we,” “our,” “us”) provides software to help employers and developers leverage AI at enterprise scale. We assist employers and developers (our “Customers”) in using AI applications while keeping data secure.
This Privacy Policy explains how we collect, use, and share the personal information that we gather on the subdomains and websites on https://www.credal.ai/ (“Sites”), that we collect when you contact us directly to become a Customer or to obtain more information, or that we collect directly through our Customer’s use of our products and services (“Services”), such as through customer service requests.
This Privacy Policy does not apply to the way we process information in our role as a service provider to our Customers. We encourage you to review our Data Processing Addendum to learn more about how we process and safeguard information as a service provider to our Customers.
If you are an employee of one of our Customers, please contact your employer directly for information regarding how your employer uses and shares your personal information gathered from our Services.
Please click the following links to learn more about our Privacy Policy:
1. Whose Personal Information We Collect
2. Information We Collect
3. How We Use Your Information
4. How We Share Your Information
5. How We Respond to ‘Do Not Track’ Signals
6. Cookies
7. Children’s Privacy
8. Change of Control
9. Data Security
10. Data Retention
11. Policy Updates
12. Contact Information
13. Privacy Rights & Additional Disclosures for California Residents
14. Privacy Rights & Additional Disclosures for EEA & UK Individuals
Whose Personal Information We Collect
Credal AI obtains information from various entities. These entities are defined below by what they are referred to in this Privacy Policy and when their information is collected. Entities may overlap and are not exclusive categories.
- Website Visitors: when you visit this website or contact us directly for information.
- Customers: when you engage Credal AI for a free demo or paid services for training,
support, or customization of Credal AI software.
- End Users: when we collect and process information of the employees or contractors of a Customer on the Customer’s behalf.
- Service Providers: when you become a service provider to Credal AI.
- Employees and Applicants: through the Credal AI job candidacy process.
The use of “you” and “your” throughout this Privacy Policy will, depending on the context, refer to a Credal AI Website Visitor, Customer, or End User.
Information We Collect
Information You Give Us. You may give us information by signing up for an online account, entering information through our online forms or surveys, inputting information while using our services, contacting us through our chat service, or contacting us by phone or email for information or customer service.
The categories of information include:
● Identifiers, such as real name, postal address, online identifier, Internet Protocol address,
email address, account name, or other similar identifiers.
● Categories of personal information described in Section 1798.80(e) of the California
Civil Code, such as name, address, telephone number, education, employment, or
employment history.
● Commercial information, such as products or services purchased, obtained, or considered.
● Internet or other electronic network activity information, such as browsing history, search
history, and information regarding a consumer’s interaction with an Internet website,
application, or advertisement.
● Professional or employment-related information.
● Education information.
● Inferences drawn from the above categories of information.
The categories of sensitive information include:
- Account log-in, in combination with any required security or access code, password, or credentials allowing access to the account.
- Information About End Users We Collect from Credal AI Customers. If your employer has engaged the services of Credal AI, we may collect information from you on their behalf as your employer’s service provider. This information may be passively recorded from interactions on your browser or through integrations with your business management software.
This information may include:
● Identifiers, such as real name, postal address, email address, or other similar identifiers.
● Commercial information, such as product usage data.
● Internet or other electronic network activity information, such as website cookies.
● Professional or employment-related information.
● Inferences drawn from the above categories of information.
We encourage you to review our Data Processing Addendum to learn more about how we process and safeguard employee information as a service provider to our Customers. Please contact your employer directly for information regarding how your employer uses and shares your personal information gathered from our Services.
Information We Automatically Collect. Like many website operators, we collect information that your browser sends whenever you visit our Sites. This includes log data, such as your computer’s IP address, browser type, browser version, the pages of our Sites that you visit, the time and date of your visit, the time spent on those pages and other statistics, and whether you reached our page via a social media or email campaign. This information may be collected via several technologies, including cookies, web beacons, clear GIFs, canvas fingerprinting and other means, such as Google Remarketing and Facebook Pixel. You can control cookies in your browser to enable or disable them. Learn more in our Cookie Policy.
Information We Collect From Third Parties. If you access our Sites or Services through third parties (e.g., Facebook or Google), or if you share content from our Sites or Services to a third-party social media service, the third-party service may send us certain information about you if the third-party service and your account settings allow such sharing. The information we receive will depend on the policies and your account settings with the third-party service.
How We Use Your Information
We use your personal information for the following purposes:
● To provide you with the Services and Sites, which includes:
- maintaining and servicing accounts,
- providing customer service,
- processing and fulfilling orders and transactions,
- verifying customer information, and
- processing payments.
● To provide analytic services, such as analyzing customer usage and improving services offered.
● To conduct market research and project planning.
● To detect security incidents, protect against fraudulent or other criminal activity, debug and repair errors, and maintain the overall quality and safety of our Sites.
● To share your website visitor activity, through website cookies, with third-party partners to analyze your usage of our Sites.
● To fulfill our legal and financial obligations.
● To provide you with employment opportunities.
Marketing: We may use your personal information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe instructions provided in any email we send, or you can contact us using the contact details provided in the “Contact Information” section below. You will still continue to receive service-related messages concerning products and services you have purchased (unless we have indicated otherwise).
How We Share Your Information
To Users or the Public with Your Consent. We may share your information with other users or the public with your consent. The settings you choose will determine how much information is shared with other users and/or the public.
Affiliates and Service Providers. We share your information with our third-party service
providers and any subcontractors as required to offer you our products and services. The service providers we use help us to:
- Run, operate, and maintain our Sites and Services through third-party platforms and
software tools;
- Perform content moderation and crash analytics;
- Run email and mobile messaging campaigns;
- Perform marketing analytics;
- Provide measurement services (you can opt out of these services at websites such as http://www.aboutads.info/choices and http://www.youronlinechoices.eu/);
- Provide payment attribution; and
- Provide technical and customer support.
Some external service providers may also collect information directly from you (for example, a payment processor may request your billing and financial information) in accordance with their own privacy policy. These external service providers do not share your financial information, like credit card number, with us, but may share limited information with us related to your purchase, like your zip code.
Aggregated Data. We may also aggregate or otherwise strip information of all personally identifying characteristics and may share that aggregated, anonymized data with third parties or publish it. This data does not personally identify you and helps us to measure the success of our Sites and its features and to improve your experience. We reserve the right to make use of any such aggregated data as we see fit.
Disclosures Required by Law. We may be required to disclose your data in response to lawful requests by public authorities, including to meet law enforcement requirements. We may be under a duty to disclose or share your personal information to comply with any legal obligation, to enforce or apply our terms and conditions and other agreements, to protect our rights, property, or safety, or to protect the rights, property, or safety of others. This includes exchanging information with other companies and organizations for the purposes of fraud protection.
How We Respond to ‘Do Not Track’ Signals
Some browsers provide you with a way to signal that you do not want your browsing activity to be tracked. The Services may not currently respond to all Do Not Track (“DNT”) or similar signals, as we are awaiting consensus from the Internet policy and legal community on the meaning of DNT and the best way to respond to these signals.
Cookies To make our Sites and services work properly, we sometimes place small data files called cookies on your device. A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, shopping cart, or other preferences) over a period of time, so you do not have to keep re-entering them whenever you come back to the site or browse from one page to another. To learn more, please see our Cookie Policy.
You may wish to restrict the use of cookies. Please be aware that some of the features of our Sites may not function correctly if you disable cookies. Most modern browsers allow you to change your cookie settings. You can usually find these settings in the options or preferences menu of your browser. To understand these settings, the following links for commonly used browsers may be helpful:
- Cookie settings in Chrome
- Cookie settings in Firefox
- Cookie settings in Microsoft Edge
- Cookie settings in Safari web and iOS
Children’s Privacy
The Sites are not directed at individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us using the contact details provided at the end of this Privacy Policy. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information.
Change of Control Personal information may be transferred to a third party because of a sale, acquisition, merger, reorganization, or other change in control. If we sell, merge, or transfer any part of the business, part of the sale may include your personal information.
Data Security
We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information. However, no website, application, or transmission can guarantee security. Thus, while we have established and maintain what we believe to be appropriate technical and organizational measures to protect the confidentiality, security, and integrity of personal information obtained through the Sites, we cannot ensure or warrant the security of any information you transmit to us.
Data Retention
We retain information from or about you for so long as necessary to fulfill the purposes outlined in this Privacy Policy. When the information is no longer necessary for these purposes, we delete it or keep it in a form that does not identify you, unless we are required by law to keep this information for a longer period. When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible re-enrollment with our products or services, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations.
Policy Updates
This Privacy Policy may be periodically updated. We encourage you to periodically review this Privacy Policy to ensure you are familiar with the most current version. Please review carefully before submitting personal information to our Sites. The date the Privacy Policy was last updated is indicated at the top of this page.
Contact Information
If you wish to contact us or have any questions about or complaints in relation to this Privacy Policy, please contact us at the following contact details: privacy@credal.ai
Privacy Rights & Additional Disclosures for California
Residents California law provides state residents with certain rights and disclosures. We provide the following information to further help you understand your potential privacy rights. If you would like to exercise any rights or inquire as to whether such rights are available to you, please email us at privacy@credal.ai.
Request for Information or Deletion. Residents of California have the right to know whether we are processing your personal information, and in some instances, you have the right to request that we disclose to you the categories listed below for the preceding 12 months. We have the right to request verification of your identity for all requests for information. In responding to this right, we shall provide to you:
- The categories of personal information we collect about you.
- The categories of sources from which your personal information is collected.
- The business or commercial purpose(s) for collecting, selling, sharing, or disclosing your personal information, and the categories of personal information disclosed for such purpose(s).
- The categories of third parties with whom we share your personal information.
- The categories of personal information we have sold, if any, about you and the categories of third parties to whom your personal information was sold, by category or categories of personal information for each third party to whom the personal information was sold.
- The specific pieces of personal information we have collected about you.
In addition, you may have the right to request we delete your personal information.
Request for Correction. Residents of California have the right to request the correction or rectification of inaccurate information in the resident’s personal information.
- Request for Portable Data. Residents of California have the right to receive, in certain
circumstances, a portable format of their personal information that allows the data to be transmitted to another entity.
Do Not Sell or Share My Personal Information.
Residents of California have the right to opt out of the sale or sharing of the consumer’s personal information. However, we do not sell your personal information, nor do we share your personal information to provide personalized or targeted advertising.
Limiting the Use of Sensitive Personal Information.
Residents of California have the right to direct us to use or disclose sensitive personal information only for providing goods or services, or as otherwise minimally permitted under applicable law. However, we do not use or disclose sensitive personal information for any purpose other than providing our goods and services to you, or as otherwise minimally permitted under applicable law.
Third Party Marketing.
If you are one of our customers, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information to third
parties for the third parties’ direct marketing purposes. However, we do not disclose your personal information to third parties for the third parties’ direct marketing purposes.
Automated Processing & Profiling. Residents of California have the right to opt out of the processing of personal information for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects concerning a consumer.
Right to Equal Service & Price. Residents of California have the right to receive equal service and price, even if you exercise a privacy right.
Verification Process for Exercising Rights. To protect our consumers’ privacy, we verify privacy rights requests to ensure that only you (or your authorized agent) can exercise rights pertaining to your personal information. As part of our verification process, we may request you to submit additional information.
If you are an authorized agent wishing to exercise rights on behalf of a state resident, please contact and provide us with a copy of the California resident’s written authorization designating you as their agent. We may need to verify your identity and place of residence before completing your rights request.
Privacy Rights & Additional Disclosures for EEA & UK
Individuals
Lawful Bases for Processing (EEA and UK Individuals). If you are from the European
Economic Area (EEA) or United Kingdom (UK), our legal bases for collecting and using your personal information is as follows:
● The performance of your contract or to enter into the contract and to take action on your requests. For example, the processing of your account registration.
● Our legitimate business interests. For example, fraud prevention, maintaining the security of our network and services, direct marketing to you, and improvement of our services.
● Compliance with a mandatory legal obligation. For example, accounting and tax
requirements, which are subject to mandatory retention periods. We may also collect your
Personal Information to record your requests to exercise your rights and to verify your
identity for such requests.
● Consent you provide where we do not rely on another legal basis. Consent may be
withdrawn at any time.
● In some limited cases, we may also have a legal obligation to collect personal
information from you in response to lawful requests by public authorities, including to
meet law enforcement requirements, as described above in the “How We Share Your
Information” section.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided at the end of this Privacy Policy.
EEA or UK Individuals’ Rights. If you are from the EEA or UK, you have the right, under
certain circumstances, to:
● Access your personal information;
● Correct inaccurate information in your personal information;
● Request erasure of your personal information without undue delay;
● Request restriction of, in certain circumstances, the processing of your personal
information;
● Request receiving a portable copy of your personal information held by us, and to have that portable copy transmitted to another controller; and
● To object to the processing of your personal information.
To exercise any of these rights, contact us using the contact details provided at the end of this Privacy Policy, and please specify which privacy right(s) you wish to exercise. We may need to verify your identity to honor your request.
Right to Lodge a Complaint. If you have any issues with our compliance, you have the right to lodge a complaint with an EEA supervisory authority. We would, however, appreciate the opportunity to first address your concerns and would welcome you directing an inquiry to us via the contact information at the bottom of this Privacy Policy.
Data Privacy Frameworks & International Transfers of Data. We may transfer information from or about you or your devices to countries other than the country where you are located (including to the United States), which may not have the same data protection laws as your jurisdiction. For more information regarding our compliance with the U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework to authorize these data transfers, please review the following disclosures.
Credal AI complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF (“UK-U.S. DPF”), and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) (collectively, the “DPF”) as set forth by the US Department of Commerce. Credal AI has certified that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Credal AI has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles (collectively, the “DPF Principles”), the DPF Principles shall govern. To learn more about the, DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov.
With respect to personal data received or transferred pursuant to the DPF, Credal AI is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the DPF Principles, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the DPF should direct their query to privacy@credal.ai. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out or opt-in choice before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to privacy@credal.ai.
As explained in this Privacy Policy, we sometimes provide your information to third parties to perform services on our behalf. If we transfer personal information received under the DPF to a third party, the third party's access, use, and disclosure of the personal data must also be in compliance with our DPF obligations, and we will remain liable under the DPF for any failure to do so by the third party unless we prove we are not responsible for the event giving rise to the damage. We may be required to disclose personal information that we handle under the DPF in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
DPF Complaints Involving Personal Data We Process as a Controller. For EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received or collected as a controller in reliance on the EU-U.S. DPF, the UK-U.S. DPF, and the Swiss-U.S. DPF, please first contact us at: privacy@credal.ai.
If your DPF-related complaint cannot be resolved through this channel, Credal AI commits to refer unresolved complaints to JAMS DPF Dispute Resolution, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgement of your DPF Principles-related complaint from us, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint. The services of JAMS DPF Dispute Resolution are provided at no cost to you.
DPF Complaints Involving Human Resources Data We Receive from Customers. For EU, UK, and Swiss individuals with inquiries or complaints concerning human resources data that we process on behalf of our employment customers, please first refer to your employer’s privacy notice and contact them to resolve the issue.
If your DPF complaint cannot be resolved through this channel, Credal AI commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities, the UK Information Commissioner’s Office and the Gibraltar Regulatory Authority, and the Swiss Federal Data Protection and Information Commissioner with regard to unresolved complaints concerning our handling of human resources data received in reliance on the DPF in the context of the employment relationship.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See DPF Annex 1 at https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.
Credal gives you everything you need to supercharge your business using generative AI, securely.
