Skip to main content

Privacy Policy

Last updated: March 2026

1. Introduction

CredPing (“we”, “us”, “our”) is a Canadian software-as-a-service (SaaS) platform for credential and compliance tracking, operated from Ontario, Canada. We help trades businesses track licences, certificates, insurance, and safety training for their workforce.

This Privacy Policy explains how we collect, use, disclose, and protect personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Canadian privacy legislation. By creating an account or using our services, you acknowledge that you have read and understood this policy.

2. Information We Collect

We collect the following categories of personal information:

  • Account information — your name, email address, phone number, and organization details provided during registration.
  • Credential documents — certificates, licences, insurance documents, and safety training records uploaded as images or PDFs.
  • Payment information — billing name, email, and payment method, processed securely by Stripe. We do not store credit card numbers on our servers.
  • Usage data — device information, browser type, IP address, pages visited, and feature usage collected automatically to improve the service.

3. PIPEDA Compliance — 10 Fair Information Principles

CredPing is committed to compliance with PIPEDA’s ten fair information principles. The following sections describe how each principle is reflected in our practices.

3.1 Accountability

CredPing has designated a Privacy Officer who is responsible for our compliance with PIPEDA and this policy. Our Privacy Officer ensures that personal information under our control is handled in accordance with these principles, including information transferred to third-party service providers for processing. All staff with access to personal information are trained on their privacy obligations. You may reach our Privacy Officer at privacy@credping.com.

3.2 Identifying Purposes

We identify the purposes for which personal information is collected at or before the time of collection. We collect personal information to: provide and maintain our credential tracking services, send automated expiry notifications and reminders, process subscription payments, communicate service updates and policy changes, and improve the reliability and usability of our platform. If we identify a new purpose for previously collected information, we will obtain your consent before using it for that new purpose.

3.3 Consent

We obtain meaningful consent when you create an account and when you upload credential documents. By using CredPing, you consent to the collection, use, and disclosure of your personal information as described in this policy. You may withdraw consent at any time by deleting your account through the settings page, which will trigger permanent deletion of your data. Employers who add employee data to CredPing represent and warrant that they have obtained appropriate consent from those employees before uploading their information.

3.4 Limiting Collection

We collect only the personal information that is necessary for the purposes identified above. We do not collect information indiscriminately and we do not deceive individuals about the reasons for collecting their information. Our registration forms request only essential fields, and optional fields are clearly marked. We do not purchase personal information from data brokers or other third-party sources.

3.5 Limiting Use, Disclosure, and Retention

Personal information is used only for the purposes for which it was collected, unless you provide additional consent or disclosure is required by law. We do not sell personal information to third parties. We retain your data for as long as your account is active. Upon account deletion, your personal information and uploaded credential documents are permanently deleted from our systems within 30 days. Backups containing your data are purged on their regular rotation schedule.

3.6 Accuracy

We take reasonable steps to ensure that personal information is accurate, complete, and up to date for the purposes for which it is used. You can update your account information and credential details at any time through your account settings and dashboard. We encourage users to keep credential information current to ensure the accuracy of expiry notifications and compliance status indicators.

3.7 Safeguards

We protect personal information with security safeguards appropriate to the sensitivity of the information, including: encryption in transit using TLS 1.2 or higher, encryption at rest for all stored data, Row-Level Security (RLS) policies on every database table to ensure users can only access data belonging to their own organization, rate limiting on all API endpoints to prevent abuse, secure file upload handling with server-generated signed URLs, Content Security Policy and HTTP Strict Transport Security headers, and regular security reviews of our codebase and infrastructure.

3.8 Openness

This Privacy Policy is publicly available at credping.com/privacy and can be accessed at any time without requiring an account. We will notify registered users by email of any material changes to this policy. Our data handling practices and the identity of our Privacy Officer are disclosed in this document to ensure transparency.

3.9 Individual Access

Upon request, you have the right to be informed of the existence, use, and disclosure of your personal information and to be given access to that information. You may request access to your personal information by emailing privacy@credping.com. We will respond to access requests within 30 days. In most cases, you can access and export your information directly through your CredPing dashboard without needing to submit a formal request.

3.10 Challenging Compliance

You have the right to challenge our compliance with these principles by contacting our Privacy Officer at privacy@credping.com. We will investigate all complaints and respond within 30 days. If you are not satisfied with our response, you may refer your complaint to the Office of the Privacy Commissioner of Canada at priv.gc.ca.

4. Third-Party Services

We use the following third-party services to operate CredPing. Each provider processes only the data necessary for its function:

  • Supabase (database, authentication, and file storage) — stores your account data, credential records, and uploaded documents. Supabase provides the authentication infrastructure that manages your login sessions.
  • Stripe (payment processing) — processes your subscription payments. Stripe receives your name, email, and payment method. Stripe is PCI DSS Level 1 compliant, the highest level of payment security certification.
  • Resend (transactional email) — delivers expiry notifications, account verification emails, and other service communications. Resend receives your email address and the content of notifications.
  • Vercel (hosting and deployment) — hosts our web application. Vercel may process IP addresses and request metadata through standard server logs.
  • Upstash (rate limiting) — provides rate limiting to protect against abuse. Upstash processes IP addresses for this purpose and does not store personal data beyond short-lived rate limit counters.

5. Data Storage and Transfer

Your data is stored in Supabase’s cloud infrastructure. While servers may be located outside of Canada, we ensure that all cross-border transfers of personal information comply with PIPEDA’s requirements for international data protection. We require our service providers to maintain security standards comparable to our own and to use your information only for the purposes we have specified.

6. Your Rights

Under PIPEDA, you have the right to:

  • Access your personal information held by CredPing.
  • Request correction of inaccurate or incomplete information.
  • Delete your account and all associated data, including uploaded credential documents.
  • Withdraw your consent to the collection and use of your information.
  • File a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated.

To exercise any of these rights, contact us at privacy@credping.com.

7. Children’s Privacy

CredPing is designed for use by trades businesses and their adult workforce. Our service is not directed at individuals under the age of 16, and we do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@credping.com.

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make changes, we will update the “Last updated” date at the top of this page. For material changes that affect how we handle your personal information, we will notify registered users by email at least 30 days before the changes take effect.

9. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

CredPing
Ontario, Canada
Email: privacy@credping.com

You may also wish to review our Terms of Service and Cookie Policy.