Privacy Notice

Welcome to Crediflow AI's Privacy Notice.

Crediflow AI respects your privacy and is committed to protecting your personal data.

This Privacy Notice explains how we collect, use, store, and protect your personal data when you use our website, support channels, and platform services.

We do not sell your personal data and we do not share it with third parties unless you explicitly authorize it or a legal basis applies.

This policy explains your relationship with our company and how we process information you provide to us.

It applies to personal data collected through your use of our website, including when you use our solutions and credit underwriting platform.

This website is not intended for children and we do not knowingly collect data related to children.

This Privacy Notice supplements other specific privacy notices and is not intended to override them.

Crediflow AI is the trading name of Generative Technology Ltd, registered in the United Kingdom.

We operate in alignment with applicable frameworks including UK GDPR, UK DPA 2018, UK PECR, EU GDPR, and CPRA where relevant.

You can contact us by post at 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ, or by email at privacy@crediflow.ai.

You can request changes to your contact, web, and marketing preferences at any time by contacting privacy@crediflow.ai.

This notice covers use of our website (https://www.crediflow.ai/), support channels (including Slack and Notion), and platform services.

Our website may link to trusted third-party websites. Those sites operate under their own privacy notices.

Crediflow AI is committed to upholding your personal data rights and enabling you to change or withdraw consent where applicable.

We can also guide you on making formal complaints to relevant authorities, including the Information Commissioner's Office (ICO).

Crediflow AI does not intentionally collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, trade union membership, sexual orientation, criminal records, or health data.

This policy applies to individuals and companies interacting with Crediflow AI as users, customers, administrators, or in other operational roles.

We process personal data you provide directly and data collected indirectly through website and platform usage.

This may include information provided during registration, onboarding, account management, communications, product usage, and support interactions.

We use personal data to operate, secure, and improve our website and platform services.

Where required, we rely on one or more legal bases depending on the purpose of processing.

By submitting personal data through our website, you consent to processing consistent with this Privacy Notice where consent is the applicable basis.

You can amend preferences, withdraw consent, or object to certain processing by emailing privacy@crediflow.ai.

Crediflow AI collects and stores data in the UK.

Unless otherwise required, we store data for up to 5 years after your last recorded login attempt.

Transaction and order related data may also be retained up to 5 years, with extensions where required by applicable law.

We use selected third-party vendors for payments, commercial operations, and account management, and some may process data outside the EU/UK.

We may send marketing communications if you provided contact details and opted in.

You can opt out and manage preferences at any time.

As a data controller, Crediflow AI is responsible for personal data processed under our control.

As a data processor in certain contexts, we apply appropriate technical and organizational safeguards to protect data.

We share personal data with third parties only under limited and specific circumstances.

Crediflow AI can act as a data controller and/or data processor depending on the relationship and processing activity.

We are generally controller for website visitors, support communications, newsletter subscriptions, onboarding, and platform user account management.

We are generally processor for data you ingest into the platform on your own behalf.

You remain responsible for access permissions, dataset sharing decisions, and retention policies in your organization.

Protecting personal data is a core priority for Crediflow AI.

We implement technical, organizational, and administrative controls, including encryption in transit and at rest, access controls, backup procedures, network defenses, and regular security maintenance.

We also use internal policies, DPIAs, and role-based data access limitations.

Where permitted by law, we may share selected information for non-marketing legitimate interests such as fraud prevention, identity verification, and credit-related risk controls.

Crediflow AI does not knowingly process children's personal data without the required legal basis and safeguards.

Our services are not directed to children under 18 years of age.

If you believe a child has provided personal data without valid authorization, contact privacy@crediflow.ai and we will take appropriate action.

We may work with partners that support marketing across third-party websites and apps.

These providers may use cookies, web beacons, or similar technologies under their own policies and controls.

Crediflow AI does not advertise to children and does not use child activity data for personalized advertising.

You may have the following rights under applicable data protection laws.

We aim to provide a response within one month where required by applicable law, including reasons if we cannot act on a request.

You may also have the right to lodge a complaint with a competent supervisory authority or seek judicial remedy.

Requests involving children under 18 must be made by a parent or legal guardian.

Rights and response obligations may vary depending on your jurisdiction.

We may require additional information to verify identity before responding.

Certain information may be exempt from disclosure where necessary for legal compliance or legal claims.

If you have questions, concerns, or requests related to this Privacy Notice or your personal data, contact us at privacy@crediflow.ai.

We aim to process requests within 30 days. Subject Access Requests are generally free of charge, though we may charge for excessive or unreasonable requests where law allows.