Credit repair data is among the most sensitive personal information that exists. We treat it that way. Enterprise-grade security isn't an upsell — it's standard for every customer.
Multiple layers of protection ensure your data and your clients' data remain secure at every level of the platform.
All data is encrypted using AES-256 at rest and TLS 1.3 in transit. Database connections use SSL/TLS with certificate verification. No unencrypted data ever touches the wire.
Multi-factor authentication, role-based access control, session management with automatic expiration, and account lockout after failed attempts. SSO available for enterprise customers.
Each customer's data is logically isolated at the database level. Strict access controls prevent cross-tenant data access. Regular penetration testing validates isolation boundaries.
Hosted on enterprise-grade cloud infrastructure with SOC 2 Type II certification. Automated security patches, network segmentation, and intrusion detection systems.
Comprehensive audit trail of all user actions, data access, and system events. Logs are immutable, tamper-evident, and retained for 7 years to meet regulatory requirements.
Social Security numbers are masked (***-**-XXXX) in the UI and stored with field-level encryption. Credit report data is encrypted and access-logged.
We maintain industry-recognized certifications and comply with applicable regulations.
Annual third-party audit of security controls, availability, and confidentiality.
Payment Card Industry Data Security Standard compliance for payment processing.
Gramm-Leach-Bliley Act safeguards for financial information protection.
Compliance with CCPA, VCDPA, and other state-level privacy regulations.
Our security program goes beyond technology. These operational practices ensure continuous protection.
If you believe you've found a security vulnerability in Credence Credit, we want to hear from you. We appreciate the security research community and will work with you to address any legitimate findings.
Please report security issues to [email protected]. We commit to acknowledging reports within 24 hours and providing a resolution timeline within 72 hours.