Credora
AboutDeFi RatingsReportsBlogDocs
Credora App

Privacy Policy

Last updated: March 23, 2026

Credora Ratings Group Ltd. (“Company,” “We,” “Us,” or “Credora”) respects your privacy and personal information and is committed to protecting it through our compliance with this privacy policy (“Privacy Policy”).

This Privacy Policy describes the types of information we may collect from you or that you may provide when you visit and use our website at credora.network (the “Site”), and when you use our ratings services, application program interfaces, and related services (collectively, the “Services”). It also describes our practices for collecting, using, maintaining, protecting, and disclosing that information. Capitalized terms not defined herein shall have the meaning ascribed to them in our Terms of Service.

This Privacy Policy also applies to information we collect:

  • In email, text, and other electronic messages you send in connection with the Services.
  • When you interact with our Services on third-party websites and services.

Please read this Privacy Policy carefully. If you have any questions, please contact us at support@credora.io.

Acceptance of This Privacy Policy

By accessing and using our Services, you signify acceptance of the terms of this Privacy Policy. If you do not agree with or are not comfortable with any aspect of this Privacy Policy, you should immediately discontinue access or use of our Services.

Changes to This Privacy Policy

We may modify this Privacy Policy from time to time, which will be indicated by changing the date at the top of this page. If we make any material changes, we will notify you by email (sent to the email address you have provided to us), through a notice on our Site, or as otherwise required by law. You are responsible for ensuring we have an up-to-date, active, and deliverable email address for you, and for periodically visiting the Site and this Privacy Policy to check for any changes.

Your continued use of the Services after we publish changes constitutes your acceptance of those changes.

The Information We Collect

We collect several types of information from and about users of our Services, including:

  • Information by which you may be personally identified, such as your name, date of birth, nationality, address, email address, telephone number, signature, or other identifiers, and identity documents that satisfy the definition of “personal information” applicable in your jurisdiction.
  • Information that is about you but does not individually identify you.
  • Information about your internet connection, the device or equipment you use to access our Services, and usage details.

We collect this information:

  • Directly from you when you provide it to us (e.g., through a contact form, during contract negotiations, or in the course of using our Services).
  • Automatically as you navigate through and use the Site and Services.
  • From third parties, for example, our business partners.

Information You Provide to Us Voluntarily

To access our Services, we may ask you to submit certain identifying information about yourself during the contracting process or when communicating with us. As we add new features and Services, you may be asked to provide additional information. Please note that we may not be able to serve you effectively or offer you our Services if you choose not to share certain information with us. Any information you provide to us is provided voluntarily.

We may collect the following types of information from you:

  • Personal Identification Information: Full name, date of birth, nationality, signature, phone number, address, and/or email.
  • Company Client Information: Company name, entity type, address, telephone number, and email address. We may also request certain identifying information about your directors, beneficial owners, authorized signatories, or similar individuals.
  • Financial Information: Bank account information or other payment method information.
  • Transaction Information: Information about the transactions you enter into with other users of the Services.
  • Correspondence: Survey responses, feedback, and similar information provided to our support team or user research team, including through email and chat.
  • Search: Your search queries on the Site or Services.

Please note that when you voluntarily input your financial account information, such as digital asset wallet information, in order to calculate Risk Metrics, such input data is not seen or stored by us. Our calculators operate through a privacy-preserving system, and we only have access to the Risk Metrics displayed on the platform.

Information We Collect from You Automatically

As you navigate through and interact with our Site and use the Services, we may use automatic data collection technologies to collect certain information. This information helps us address customer support issues, improve the performance of our Site, provide you with a streamlined and personalized experience, and protect against fraud by detecting unauthorized access. Information collected automatically includes:

  • Online Identifiers: Geolocation/tracking details, browser fingerprint, operating system, browser name and version, and/or personal IP addresses.
  • Usage Data: Authentication data, security questions, click-stream data, public social networking posts, and other data collected via cookies and similar technologies. Please read our Cookie Policy for more information.

For example, we may automatically receive and record the following information on our server logs:

  • How you came to and use the Services;
  • Device type and unique device identification numbers;
  • Device event information (such as crashes, system activity and hardware settings, browser type, browser language, the date and time of your request and referral URL);
  • How your device interacts with our Site and Services, including pages accessed and links clicked;
  • Broad geographic location (e.g., country or city-level location); and
  • Other technical data collected through cookies, pixel tags, and other similar technologies that uniquely identify your browser.

Information Collected from Third Parties

From time to time, we may obtain information about you from third-party sources as required or permitted by applicable law. These sources may include analytics providers that provide us with de-identified information about how you found our Site and how you interact with the Site and Services. We do not combine the information collected through the use of analytics providers with personally identifiable information.

Anonymized and Aggregated Data

Anonymization is a data processing technique that modifies personal information so that it cannot be associated with a specific individual. Except for this section, none of the other provisions of this Privacy Policy applies to anonymized or aggregated data (i.e., information about our clients that we combine into an aggregate group so that it no longer identifies or references an individual).

The Risk Metric calculation outputs Credora produces from the financial data you provide fall under this category. The types of data we may anonymize or collect in the aggregate include account balance, directional exposure metrics, aggregate position metrics, and other financial data made available to the system from API keys provided by you. We may use anonymized or aggregate data for any business purpose, including for risk analysis and to perform and improve our products and services.

How Your Personal Information Is Used

Our primary purpose in collecting personal information is to provide the Services. We generally use personal information for risk analysis and to perform our Services.

We may use this information in the following ways:

  • To satisfy legal and regulatory compliance obligations
  • To enforce our terms in our agreements with you
  • To detect and prevent fraud and/or funds loss
  • To provide the Services
  • To provide Service communications
  • To provide customer service
  • To ensure quality control
  • To ensure network and information security
  • For research and development purposes
  • To enhance your experience
  • With your permission, to enable faster onboarding with lending or borrowing counterparties as a supplement to the Services

Credora will not use your personal information for purposes other than those purposes we have disclosed to you without your permission. We may request your permission to authorize us to share your personal information with third parties. You may opt out of having your personal information shared with third parties, or allowing us to use your personal information for any purpose that is incompatible with the purposes for which we originally collected it or subsequently obtained your authorization. If you choose to limit the use of your personal information, certain features or the entirety of our Services may not be available to you.

Legal Bases for Processing Your Information

We rely on legal bases for processing your information under Article 6 of the EU General Data Protection Regulation (“GDPR”), regardless of your location, as the GDPR currently implements the most stringent global privacy regulations. We generally only process your data where we are legally required to, where processing is necessary to perform any contracts we entered with you (or to take steps at your request prior to entering into a contract with you), for our legitimate interests to operate our business or to protect Credora’s or your property, rights, or safety, or where we have obtained your consent to do so.

Marketing

Direct Marketing: Direct marketing includes any communications to you that are only based on promoting our products and services. We will only contact you by electronic means (email or other authorized channel) based on our legitimate interests, as permitted by applicable law, or your consent. To the extent we can rely on legitimate interest under the applicable law, we will only send you information about our Services that are similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new contact, we will contact you by electronic means for marketing purposes only if you have consented to such communication. If you do not want us to send you marketing communications, please contact us at support@credora.io. You may raise such objection concerning initial or further processing for purposes of direct marketing, at any time and free of charge.

Third-Party Marketing: We will obtain your express consent before we share your personal information with any third parties for marketing purposes.

Why We Share Personal Information with Other Parties

We take care to ensure your personal information is accessed only by those who require access to perform their tasks and duties, and to share only with third parties who have a legitimate purpose for accessing it, as authorized by you. We will never sell or rent your personal information to third parties without your explicit consent. We will only share your information in the following circumstances:

  • With third-party lending or borrowing counterparties for due diligence purposes, with your permission.
  • With financial institutions with which we partner to process payments you have authorized.
  • With service providers under contract who help with our business operations. Our contracts require these service providers to only use your information in connection with the services they perform for us and prohibit them from selling your information to anyone else. Examples of the types of service providers we may share personal information with include: know-your-customer and anti-money laundering compliance vendors, network infrastructure, cloud storage, payment processing, transaction monitoring, security, document repository services, customer support, internet (e.g., ISPs), data analytics, information technology, and marketing.
  • With our professional advisors who provide banking, legal, compliance, insurance, accounting, or other consulting services to complete third-party financial, technical, compliance, and legal audits of our operations or otherwise comply with our legal obligations.
  • With law enforcement, governmental officials, or other third parties when we are compelled to do so by a subpoena, court order, or similar legal procedure, or when we believe in good faith that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of our agreements or any other applicable policies.
  • With companies or other entities that we plan to merge with or be acquired by.
  • With companies or other entities that purchase our assets under a court-approved sale or where we are required to share your information under insolvency law in any applicable jurisdiction.

Third-Party Sites and Services

The Site and Services may enable you to interact with or contain links to third-party websites, mobile software applications, and services that are not owned or controlled by us. We are not responsible for the privacy practices or the content of such third-party services. Please be aware that third-party services may collect personal information from you. Accordingly, we encourage you to read the terms and conditions and privacy policy of each third-party service that you choose to use or interact with.

How We Protect and Store Personal Information

We maintain appropriate physical, technical, and administrative safeguards to protect the security and confidentiality of the personal information you entrust to us.

We may store and process all or part of your personal and transactional information, including certain payment information, such as your encrypted bank account and/or routing numbers, in the British Virgin Islands and elsewhere in the world where our facilities or our service providers are located. We protect your personal information by maintaining physical, electronic, and procedural safeguards in compliance with the applicable laws and regulations.

For example, we use computer safeguards such as firewalls and data encryption, enforce physical access controls to our buildings and files, and authorize access to personal information only for those employees who require it to fulfill their job responsibilities. However, we cannot guarantee that loss, misuse, unauthorized acquisition, or alteration of your data will not occur. Please recognize that you play a vital role in protecting your own personal information. It is important to choose a password of sufficient length and complexity where applicable, to not reveal this password to any third parties, and to immediately notify us if you become aware of any unauthorized access to or use of your information.

Furthermore, we cannot ensure or warrant the security or confidentiality of information you transmit to us or receive from us by Internet or wireless connection, including email, phone, or other channel, since we have no way of protecting that information once it leaves and until it reaches us. If you have reason to believe that your data is no longer secure, please contact us using the contact information provided in this Privacy Policy.

Cross-Border Transfers

Credora is incorporated in the British Virgin Islands (BVI). If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with data protection laws that restrict international transfers of personal data, please note that your personal information may be transferred to, stored, and processed in the BVI or other countries where our facilities or service providers are located.

The BVI has not received an adequacy decision from the European Commission. Therefore, where we transfer personal data from the EEA or the UK to the BVI or to other jurisdictions without an adequacy decision, we implement appropriate safeguards to ensure that your personal data remains protected. These safeguards include entering into Standard Contractual Clauses (“SCCs”) as approved by the European Commission (or the UK equivalent, as applicable) with data recipients or processors, or relying on other approved transfer mechanisms under applicable data protection law.

By communicating electronically with Credora and using our Services, you acknowledge and agree to your personal information being processed in this way. For more information about the safeguards we have in place, please contact us at support@credora.io.

Retention of Personal Information

We store your personal information securely throughout the duration of our contractual relationship with you. We will only retain your personal information for as long as necessary to fulfill the purposes for which we collected it, including to satisfy any legal, accounting, or reporting obligations or to resolve disputes. While retention requirements vary by jurisdiction, information about our typical retention periods for different aspects of your personal information is described below.

Legal compliance data: Personal information collected to comply with our legal obligations may be retained after the end of our contractual relationship for as long as required under applicable laws.

Contact information: Your name, email address, and telephone number for marketing purposes are retained on an ongoing basis until you unsubscribe. Thereafter, we will add your details to our suppression list to ensure we do not inadvertently market to you.

Content: Content that you provide to us, such as support desk comments and other correspondence, may be kept after the end of our contractual relationship for audit and crime prevention purposes.

Technical data: Information collected via technical means such as cookies, webpage counters, and other analytics tools are kept for a period of up to one year from expiry of the cookie.

Transaction data: Information about transactions entered into using the Services may be retained even after the end of our contractual relationship.

As a reminder, when you input your financial account information, such as digital asset wallet information, in order to calculate Risk Metrics, such data inputs are not seen or stored by us. Our calculators operate through a privacy-preserving system.

Minors' Personal Information

Our Services are not intended for minors. No minors may provide any personal information to or on the Site. We do not knowingly collect personal information from any minor. If you are a minor, do not use or provide any information on this Site. If we learn we have collected or received personal information from a minor without parental consent, we will delete that information. If you believe we might have any information from or about a minor, please contact us at support@credora.io.

Your Privacy Rights

Your rights to personal information are not absolute. Depending upon the applicable law, access may be denied: (a) when denial of access is required or authorized by law; (b) when granting access would have a negative impact on another's privacy; (c) to protect our rights and properties; (d) where the request is frivolous or vexatious, or for other reasons.

Access and Portability. You may request that we provide you a copy of your personal information held by us by emailing support@credora.io. This information will be provided without undue delay subject to a potential fee associated with gathering of the information (as permitted by law), unless such provision adversely affects the rights and freedoms of others. In certain circumstances, you may request to receive your personal information in a structured, commonly used, and machine-readable format, and to have us transfer your personal information directly to another data controller.

Rectification. You may request us to rectify or update any of your personal information held by us that is inaccurate by emailing us at support@credora.io.

Erasure. You may request to erase your personal information, subject to applicable law. If our contractual relationship ends, we will mark your data accordingly in our database but will keep certain information for a period of time as described above. This is necessary to deter fraud, by ensuring that persons who try to commit fraud will not be able to avoid detection simply by ending one relationship and starting a new one, and to comply with our legal obligations. However, once our contractual relationship ends, your personal information will not be used by us for any further purposes, nor shared with third parties, except as necessary to prevent fraud and assist law enforcement, as required by law, or under this Privacy Policy.

Withdraw Consent. To the extent the processing of your personal information is based on your consent, you may withdraw your consent at any time. Your withdrawal will not affect the lawfulness of our processing based on consent before your withdrawal.

Restriction of Processing. In some jurisdictions, applicable law may give you the right to restrict or object to us processing your personal information under certain circumstances. We may continue to process your personal information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.

Automated Individual Decision-Making, Including Profiling. We may rely on automated tools to help determine whether a transaction or a client presents a fraud or legal risk. In some jurisdictions, you have the right not to be subject to a decision based solely on automated processing of your personal information, including profiling, which produces legal or similarly significant effects on you, save for the exceptions applicable under relevant data protection laws.

How to Make a Privacy Request or Lodge a Complaint

You can make privacy rights requests or lodge complaints relating to your personal information by contacting us at support@credora.io. When we receive an individual rights request, we may take steps to verify your identity before complying with the request to protect your privacy and security.

If you reside in the EU, you can file a complaint with the International Centre for Dispute Resolution by phone at +1.212.484.4181, or by visiting the website http://info.adr.org/safeharbor, or with your relevant data protection authority.

In the UK, the relevant data protection authority is the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, 0303 123 1113, casework@ico.org.uk.

In Ireland, the relevant data protection authority is the Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23 Co. Laois; phone: +353 (0761) 104 800; LoCall: 1890 25 22 31; Fax: +353 57 868 4757; email: info@dataprotection.ie.

How to Contact Us

To ask questions or comment about this Privacy Policy and our privacy practices, contact us at: support@credora.io