Privacy Policy

CreditAxis respects your privacy and maintains strict controls over how customer data is handled. This Privacy Policy describes how CreditAxis collects, uses, stores, and protects information in connection with the Platform and associated services.

1. Information We Collect

• Account information provided by authorized institutional users;
• Business and credit data submitted by customer institutions for platform use;
• Technical information including IP address, browser type, device information, and usage logs;
• Platform activity data including login events, decision events, audit records, and session metadata;
• Contact information submitted through approved inquiry channels.

2. How We Use Information

CreditAxis uses collected information exclusively to:

• Deliver the contracted Platform services;
• Maintain security and audit controls;
• Support authorized compliance and regulatory review;
• Improve Platform functionality in accordance with the customer agreement.

3. Data Not Sold

CreditAxis does not sell, rent, or commercially share customer data with any third party. Customer data is used solely to deliver the contracted Platform services.

4. Subprocessors

CreditAxis uses the following subprocessors to deliver the Platform: Supabase (database hosting, US-West), Vercel (frontend hosting, global CDN), and optionally Hugging Face (AI/ML inference, US). A complete and current subprocessor list is available at our Trust Center.

5. Data Security

CreditAxis implements technical and organizational measures to protect customer data, including TLS encryption in transit, AES-256 encryption at rest, role-based access control, Row Level Security, and comprehensive audit logging. See our Trust Center for our full security posture.

6. Data Retention and Deletion

Customer data is retained for the period required by applicable agreements and regulations. Deal and decision records are retained for seven years. Upon contract termination, customer data is deleted within 30 days of a written deletion request. A deletion certificate is available upon request.

7. Data Processing Agreement

A Data Processing Agreement (DPA) is available for institutional customers. The DPA governs the processing of customer data in compliance with applicable law. Contact legal@creditaxis.org to execute a DPA.

8. Governing Agreement

For institutional customers, data handling obligations are governed by the executed DPA and customer agreement. In the event of a conflict between this Policy and a signed agreement, the signed agreement governs.

9. Changes to This Policy

Material changes to this Privacy Policy will be communicated to institutional customers per the applicable agreement.

10. Contact

Privacy inquiries: legal@creditaxis.org
Security inquiries: security@creditaxis.org