Credence Icon Credence

Privacy Policy

Last updated: May 15, 2025

1. Introduction

Credence (“we,” “our,” or “us”), provides Canadian CPAs with a compliance management solution for Continuing Professional Development (CPD) requirements via credencehq.com. This Privacy Policy explains how we collect, use, disclose, and protect your personal information.

Contact Email: hello@credencehq.com Mailing Address Available upon request for legitimate business purposes.

2. Information We Collect

We collect information in three broad categories:

  • Personal & Profile Information:
    • Name, email address, CPA designation(s), jurisdiction, CPA license numbers, and compliance status.
    • Continuing Professional Development records or verifiable professional ethics hours you upload or track.
  • Usage & Technical Information:
    • Log entries, dashboard interactions, file uploads.
    • IP address, browser type, operating system, device identifiers, clickstream data.
    • Analytics cookies and preferences.
  • Supporting Documents:
    • Verifiable CPD documentation (training certificates, course completion records, ethics-related documentation).
    • Audit-pack reports, compliance summaries.
    • Any correspondence (support requests, feedback).

3. How We Use Your Information

  • Service Delivery: Track and report CPD hours (including verifiable and professional ethics hours), generate audit-ready compliance reports, and ensure you meet professional requirements.
  • Account Management: User authentication, subscription billing, password resets, and customer support.
  • Compliance & Audit Assistance: Support regulatory body audits by providing access to your CPD records when explicitly authorized or required by law.
  • Platform Improvement: Analyze usage patterns to enhance features, optimize performance, and identify technical issues.
  • Communications: Send service updates, CPD deadline reminders, security alerts, and educational content relevant to your professional responsibilities.
  • Legal & Security: Comply with legal obligations, respond to court orders or regulatory investigations, prevent fraud, and protect against unauthorized access.

4. Data Storage and Security

Data Location: All user data is stored exclusively in Canada (AWS Montréal region via Supabase). Backups remain in Canadian AWS regions. Processing by certain service providers (e.g., analytics or payment gateways) may occur in the US or EU under appropriate safeguards.

Security Measures:

  • AES-256 encryption of data at rest and TLS 1.3 encryption in transit.
  • Role-based access controls and multi-factor authentication for employees and administrators.
  • Continuous security monitoring, automated vulnerability scanning, and intrusion detection.
  • Daily encrypted backups with point-in-time recovery.

Data Breach Notification: In the event of a data breach affecting your personal information, we will notify affected users via email within 72 hours and report to the Office of the Privacy Commissioner of Canada as required by law.

5. Data Retention

We retain your information as follows:

  • Active Accounts: All personal, profile, and usage data remains for as long as your account is active and for a reasonable period (up to 3 years) after deactivation, unless you request earlier deletion.
  • CPD & Professional Records: Verifiable CPD documents, including professional ethics hours, are retained for at least 7 years to comply with regulatory requirements.
  • Audit Logs & Analytics: Aggregated usage data and error logs are retained for up to 2 years for troubleshooting, performance analysis, and compliance verification.
  • Inactive Accounts: Personal and profile data is deleted 3 years after account deactivation, with advance notice. CPD records needed for audits may remain for the full 7-year CPD retention period unless you explicitly request full deletion (subject to legal obligations).

6. Your Rights

You have the following rights under Canadian law (PIPEDA):

  • Access & Correction: View and update your personal information via your account dashboard or by contacting hello@credencehq.com.
  • Data Export: Download all your data (e.g., CPD records) in portable formats (JSON, PDF, ZIP).
  • Deletion: Request the deletion of your account and associated personal data. Note: Verifiable CPD records required for regulatory audits may be retained for up to 7 years unless a specific legal exception applies.
  • Withdraw Consent: Opt out of non-essential data processing (e.g., marketing communications). Essential service emails (security alerts, CPD deadlines) cannot be disabled.
  • Complaint: If you believe your privacy rights were violated, you may file a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca).

7. Cookies and Tracking

We use cookies and similar technologies to distinguish you from other users and improve your experience:

  • Essential Cookies: Authentication tokens, session management, CSRF protection.
  • Functional Cookies: User preferences, language settings.
  • Analytics Cookies: Vercel Analytics and error-tracking to monitor performance, feature usage, and identify technical issues.

You can manage cookie preferences via your browser settings. Disabling essential cookies may limit platform functionality.

8. Third-Party Services

We partner with select service providers to support our platform. Each has its own privacy policy—you should review them before providing any data:

  • Supabase: Database hosting, authentication, file storage. See Supabase Privacy Policy.
  • Stripe: Payment processing, subscription management. See Stripe Privacy Policy.
  • Vercel: Application hosting, performance monitoring. See Vercel Privacy Policy.
  • Other Providers: We may add additional vendors; updated list will appear on our website.

9. Children's Privacy

Credence is intended exclusively for licensed CPA professionals (18 years or older). We do not knowingly collect personal information from minors. If you become aware that a minor has provided us with personal data, please contact us at hello@credencehq.com and we will delete that information.

10. International Users

While we primarily serve Canadian CPAs, international users may access our platform. By using Credence, you consent to cross-border transfers to process or store your data as described above. We adhere to applicable data protection laws and implement safeguards for any such transfers.

11. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our services, legal requirements, or business practices. When we make material changes, we will:

  • Post the revised policy on this page with an updated “Last updated” date.
  • Send an email notification to all active users.
  • Display an in-app notification upon next login.

Continued use of Credence after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise any of your privacy rights, please contact us at:
hello@credencehq.com

Regulatory Complaints: Office of the Privacy Commissioner of Canada (priv.gc.ca)