When you sign up for Credibee, we collect your business name and contact information, your email address (managed through our secure authentication partner Clerk), your login credentials and security settings, billing information (handled by Paddle), and your profile information and preferences. We also automatically track how you use Credibee - things like which features you use, how long you spend on the platform, what type of device and browser you're using, your general location, and technical data that helps us improve the service.

Through our testimonial collection features, we handle information from your clients including their names and contact details, the actual testimonials, ratings, and reviews they provide, any profile pictures or images they upload, their company names or job titles, video testimonials if you're on our Pro plan, and timestamps showing when testimonials were submitted. From you as a business user, we store any customer lists you upload, your testimonial content and business information, your payment details (processed securely by Paddle), and data about your campaigns and projects.

We also automatically collect technical information like browser and device details, IP addresses and general geographic location, cookies and similar technologies, data about how you use our service, and error reports that help us fix problems.

Most information comes directly from you when you register for an account through Clerk (our authentication partner), submit testimonials through our forms, contact our support team, or respond to surveys and feedback requests. Business users also provide information when they upload customer data, create testimonial content, set up billing through Paddle, and configure their service preferences.

If you choose to sign in with Google (through our OAuth integration), we receive basic profile information including your name, email address, and profile picture. Google's privacy policy covers how they handle the authentication process, and you can disconnect this connection anytime through your account settings.

We automatically collect technical data through cookies and web tracking, server logs and analytics tools, performance monitoring systems, and security tools that help detect fraud and abuse. Sometimes we receive information from integration partners when you connect other platforms, import data from social media when you authorize it, or sync contacts from email platforms when you give permission.

We use your information to make Credibee work properly. This includes managing your account and login security through Clerk, helping you create and manage testimonial collection forms, storing and displaying your testimonials, processing payments through Paddle, providing customer support when you need it, and keeping your account and preferences up to date.

We also use your data to make Credibee better by personalizing your experience, improving our features and functionality, developing new tools and capabilities, and analyzing usage patterns to understand what works best. This helps us build a better product for everyone.

For communications, we'll send you important service updates like account notifications, billing confirmations, security alerts, and customer support responses. We might also send optional marketing communications about new features, tips and best practices, company updates, and special offers - but you can opt out of these anytime.

We also use information for legal and security reasons including meeting our legal obligations, responding to legal requests, enforcing our Terms of Service, protecting against fraud and abuse, preventing unauthorized access, detecting security threats, maintaining data integrity, and monitoring for suspicious activity.

If you're in the European Union, we process your personal data based on several legal grounds. For contractual necessity, we handle account management, service provision, payment processing, and customer support because these are essential to providing Credibee. For legitimate interests, we process data for service improvement, analytics, security and fraud prevention, and marketing to existing customers because these benefit both us and you.

When we need consent, we ask for it explicitly - like for marketing communications to non-customers, optional feature usage, and certain cookies and tracking technologies. We also process data to fulfill legal obligations like tax record keeping, responding to legal requests, and notifying authorities about data breaches.

We work with trusted partners to provide Credibee's services. For authentication, we use Clerk to handle user logins and account management, and Google OAuth for optional social login through Google/Gmail accounts. Both process authentication data according to their own privacy policies, including login credentials, session management, and security features.

For payments, Paddle.com handles all payment processing and acts as our merchant of record. Payment data is processed according to Paddle's privacy policy, and we don't store your full payment card information. We also work with technology partners including cloud hosting providers for secure data storage, email service providers for communications, analytics providers to improve our service, security services for threat protection, and business partners for integrations when you choose to connect other accounts.

Your testimonials are displayed publicly through widgets and pages exactly as intended - that's the whole point of the service! When someone provides a testimonial, they're consenting to public display, and you control how and where testimonials are shown.

We may share information when legally required - like complying with court orders or government requests, protecting our legal rights and property, ensuring user safety and security, investigating fraud or violations of our terms, and responding to emergencies. If we're ever acquired or merge with another company, user information may be transferred as part of that transaction, but it would still be protected by these same privacy commitments.

We take security seriously and use industry-standard protections including encryption when data moves between systems and when it's stored, secure data centers with proper physical security, regular security assessments and updates, access controls so only authorized people can see your data, and network security monitoring.

If a data breach ever happens, we'll assess and contain it immediately, notify affected users within 72 hours when required by law, inform relevant authorities as needed, and provide guidance on steps you can take to protect yourself.

You can help keep your information secure by using strong, unique passwords, keeping your account information current, reporting suspicious activity right away, logging out when using shared devices, and regularly reviewing your account for anything unusual.

For active accounts, we keep your business account data as long as your account is active, usage data for up to 2 years for analytics and service improvement, and communication records for customer support purposes. When you close your account, we delete your data within 30 days of your request and purge it from backup systems within 90 days. Some information might be kept longer if required by law.

For testimonials, you as the business user control how long your collected testimonials are kept - they stay as long as your account is active, and individual testimonials can be deleted anytime. If someone wants their testimonial removed, they should contact you first. If you refuse and they contact us, we'll help mediate the situation.

We may keep some information longer to comply with tax and financial reporting requirements, legal obligations and potential legal claims, and regulatory requirements in various countries.

You can always view and update your account information, download your data through our export features, delete specific testimonials or content, and modify your privacy settings and preferences. You can also opt out of marketing emails, manage your notification settings, update your contact preferences, and control how we communicate with you.

If you're in the European Union, you have additional rights under GDPR. You can request a copy of your personal data and understand how we're using it, receive your data in a format you can move to another service, update any inaccurate information or complete incomplete data, request deletion of your personal data (the "right to be forgotten"), remove data that's no longer needed for its original purpose, get your data in a machine-readable format to transfer to another provider, limit how we use your data, object to certain types of processing, and restrict data use while disputes are being resolved.

California residents have rights under CCPA including knowing what personal information we collect, understanding how we use and share information, accessing your personal information, deleting personal information (with some exceptions), opting out of any sale of personal information (though we don't sell data anyway), and being treated fairly for exercising these rights.

To exercise any of these rights, just email us at devbrent03@gmail.com with "Privacy Request" in the subject line. Tell us clearly what you want us to do, and we may need to verify your identity for security reasons. We'll respond within 30 days or as required by law.

Credibee operates from the Philippines, but we may store and process data in various locations around the world to provide the best possible service. This might mean your data is stored on servers outside the Philippines, backed up in different countries, or processed by service providers in various locations.

When we transfer data internationally, we make sure it's properly protected through legal safeguards like standard contractual clauses with our service providers, adequacy decisions where available, binding corporate rules and certifications, and your consent where required. We also use technical safeguards including encryption during transfer and storage, secure transmission protocols, regular security assessments of our partners, and contractual requirements that our partners protect your data properly.

We use different types of cookies and tracking technologies. Essential cookies are necessary for basic functionality like keeping you logged in, remembering your preferences, balancing server load, and ensuring good performance - these can't be disabled if you want to use Credibee. Analytics cookies help us understand usage patterns, monitor performance, track errors for debugging, and understand how users interact with our service so we can make improvements.

We also use optional marketing cookies for personalized content and recommendations, measuring marketing campaign effectiveness, and social media integration - you can opt out of these through your browser settings or our cookie controls where available.

Most browsers let you control cookies, and you can block or delete them through your browser settings. Just keep in mind that some Credibee features might not work properly without certain cookies. We provide cookie preference controls where required by law, let you manage marketing cookies separately from essential ones, but essential cookies can't be disabled while you're using the service.

We may use third-party analytics services like Google Analytics, which have their own privacy policies. You can opt out through browser settings or the provider's opt-out tools. If you see social sharing buttons, those might set cookies according to the social media platform's policies, and we don't control third-party tracking on external websites.

Credibee isn't designed for anyone under 18, and we don't knowingly collect information from children. You must be old enough to enter into legal contracts in your area to use our service. If we discover we've collected data from a minor, we'll delete it right away. Parents can contact us to request deletion of their child's information, and we encourage parents to monitor their children's online activities.

If Credibee is used in schools or educational settings, proper authorization is required, schools must ensure they comply with student privacy laws, and we may require additional consent for educational use.

We may update this Privacy Policy from time to time to reflect new features, legal requirements, or changes in how we operate. We'll always maintain strong privacy protections. For major changes, we'll email you 30 days in advance. Smaller updates will be posted on our website with an updated date, and continuing to use Credibee after changes take effect means you accept the new policy.

If you disagree with changes, you can close your account before they take effect, contact us to discuss your concerns, or export your data before the changes become active.

For any privacy questions or requests, email us at devbrent03@gmail.com with "Privacy Request" or "Privacy Question" in the subject line. Include your full name and email address, describe specifically what you need, provide any relevant account information, and let us know how you'd prefer us to respond.

We commit to responding to general questions within 5 business days, data requests within 30 days (or as required by law), urgent security issues within 24 hours, and complaint investigations within 14 days.

You can reach the Solerix - Credibee Privacy Team at devbrent03@gmail.com. We're Credibee, operated under Solerix, based in the Philippines, with business hours Monday through Friday, 9:00 AM to 6:00 PM Philippine Time.

If you're not satisfied with our response to your privacy concerns, you can also contact the National Privacy Commission (NPC) in the Philippines through their website or office. EU residents can contact your local data protection authority or the EU Data Protection Board for cross-border issues. In other countries, contact your local privacy regulator - we'll cooperate fully with any regulatory investigations.