Accredible takes data privacy very seriously. We're handling your personal data, and we recognize that it needs to be protected and that you have a right to view and remove your data.
Does Accredible Sell My Data To Third Parties?
Accredible doesn't sell your data to any party. We work with a small number of third parties that we need to provide our services. They do things like host our databases (Amazon Web Services), provide data backup hosting (Google Cloud), and power our support desk (Hubspot).
We have contractual agreements in place with each of these suppliers that:
- Ensures they're not allowed to use or pass your data to other parties.
- They properly secure your data.
What Does Accredible Do To Protect My Personal Data?
Accredible does a lot to ensure that we secure and limit access to your data:
- Our data is stored at a secure tier 3 SOC 2-certified data center.
- Accredible employs a role-based access control framework that ensures access
to data is only provided to employees whose job responsibilities necessitate
such access. We conduct annual audits to ensure compliance with our access
control policies. Any breaches or inconsistencies are documented, investigated, and
remediated according to a standard procedure.
- Accredible’s security and data privacy controls, software, infrastructure, and systems
are audited both internally and independently (externally) on an annual basis.
- We regularly undergo penetration tests and enforce a framework and set of policies that help ensure that we’re compliant with security and privacy standards.
- We have contractual agreements in place with every supplier ensuring that they provide the same standard of protection.
Can I Remove My Data From Accredible?
If you'd like us to remove the data that we have about you at any time, please submit a request to email@example.com.
Important Note: If you have credentials issued to you through Accredible, we will need to write to your issuer and request that they delete these credentials first. Under GDPR regulations Accredible is a 'Data Handler,' meaning that we can look after your data, but we are not permitted to alter or delete it. Only your issuer has the authority to do this.
Once your issuer has deleted all credentials related to you, we aim to process 'Right to be Forgotten' requests within 5 working days.
Has this article helped you? Let us know!
If you would like to tell us about any improvements you feel could be made to this page, you can email us at firstname.lastname@example.org.