Privacy Policy
This Privacy Policy explains how Credium ("Credium," "we," "us," or "our") collects, uses, discloses, stores, and protects your information when you use our website at credium.ai, our web application at app.credium.ai, and our Credium mobile app for iOS (together, the "Services"). It also describes the choices and rights you have regarding your information. Please read it carefully. By using the Services, you agree to the practices described here.
- Who we are
- Information we collect
- How we use your information
- Automated processing and AI extraction
- How we share your information
- Service providers and sub-processors
- Mobile app permissions
- Cookies and analytics
- Data retention
- How we protect your information
- Your rights and choices
- Deleting your account and data
- Health information and HIPAA
- Children's privacy
- Data location and transfers
- Changes to this policy
- Contact us
1. Who we are
Credium is a healthcare credentialing platform. Providers use Credium to build a verified credentialing profile once, keep track of license and certification expirations, and share a credentialing packet with hospitals, health systems, and credentialing teams in one step. Credentialing teams use Credium to review and manage the credentials of the providers they work with.
Credium is the data controller for personal information processed through the Services, except where we act as a service provider or business associate to a healthcare organization, in which case that organization directs how the information is used.
2. Information we collect
We collect the following categories of information.
Account and identity information
- Name, email address, and password (passwords are stored only as a salted hash, never in plain text).
- Phone number and, for credentialing teams, your organization name.
- Two-factor authentication settings and one-time codes when you enable 2FA.
Professional and credentialing information
To perform its core function, Credium collects the professional information that credentialing requires. Depending on what you provide, this may include:
- National Provider Identifier (NPI) number, specialty, practice and mailing addresses, work history, and education history.
- License numbers, DEA registration numbers, board certifications, and their issue and expiration dates.
- Documents you upload, such as state medical licenses, DEA certificates, board certifications, malpractice and insurance documents, and identity documents (for example a driver's license, passport, or Social Security card).
Sensitive information. Credentialing documents can contain sensitive personal information, including government identifiers and health or professional-fitness records. You control what you upload. We use this information only to provide the credentialing features you request and to build the packets you choose to share.
Content and usage information
- The credential packets you create and the recipients you choose to share them with.
- Support conversations you start through our in-app chat, and emails you send us.
- Log and device data such as IP address, browser type, device type, operating system, app version, and timestamps of your activity.
- Access records for shared packets, including when a recipient opened or downloaded a packet, so that you can audit who viewed your credentials.
Information from third parties
When you use our provider onboarding feature, we look up publicly available registry data (for example from the U.S. National Library of Medicine NPI registry and the Centers for Medicare and Medicaid Services public directories) to help pre-fill your profile. You review and confirm this information before it is saved.
3. How we use your information
We use the information we collect to:
- Create and maintain your account and authenticate you.
- Extract fields from the documents you upload and build your credentialing profile.
- Track license and certification expirations and notify you before they lapse.
- Generate and deliver the credential packets you choose to share, and record who accessed them.
- Provide credentialing teams with access to the providers who have granted them access.
- Send transactional messages such as verification emails, security alerts, and expiration reminders.
- Provide customer support and respond to your requests.
- Monitor, secure, debug, and improve the Services, and measure how they are used.
- Comply with legal obligations and enforce our terms.
We do not sell your personal information, and we do not use your credentialing documents or health-related information for advertising.
4. Automated processing and AI extraction
When you upload a document, Credium uses an artificial intelligence model to read the document and extract structured fields (for example a license number or an expiration date) so you do not have to type them by hand. This processing is performed by our sub-processor Anthropic on our behalf under a data protection agreement. Documents and extracted text sent for this purpose are not used to train third-party models.
Automated extraction can make mistakes. Extracted fields are always presented to you for review, and no field is treated as final until you confirm or edit it. You remain responsible for verifying the accuracy of your credentialing information before you share it.
5. How we share your information
We share information only in the following circumstances:
- At your direction. When you share a credential packet, the recipients you choose can view and download the credentials included in that packet. You can revoke a shared packet at any time.
- With credentialing teams you authorize. If you grant a credentialing manager access to your profile, they can view the credentials you have shared with them. You can revoke that access in your settings.
- With service providers. We use vetted vendors to host, secure, and operate the Services, as listed below. They may process your information only to perform services for us and under contractual confidentiality and security obligations.
- For legal reasons. We may disclose information if required by law, subpoena, or legal process, or to protect the rights, safety, and security of Credium, our users, or the public.
- In a business transfer. If Credium is involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction, subject to this policy.
6. Service providers and sub-processors
We rely on the following categories of service providers. Each is bound by contract to protect your information and to use it only to provide services to Credium.
| Provider | Purpose |
|---|---|
| Amazon Web Services (AWS) | Cloud hosting, database, and encrypted document storage in the United States. |
| Anthropic | AI extraction of fields from uploaded documents. |
| Brevo | Delivery of transactional email (verification, reminders, alerts). |
| Website analytics and address autocomplete. | |
| Crisp | In-app support chat. |
We may update this list as our Services evolve. Where a healthcare organization requires it, we will enter into a Business Associate Agreement so that sub-processors provide equivalent protection for health information.
7. Mobile app permissions
The Credium iOS app provides a secure view of your Credium account. It may request the following device permissions, and only when you use the related feature:
- Camera. To capture a photo of a credential or identity document so you can upload it directly. Images are used only for the upload you initiate.
- Photo library. To let you select an existing document image to upload.
- Notifications. To send you expiration reminders and account alerts if you opt in. You can disable notifications at any time in your device settings.
You can grant or revoke these permissions at any time in your device's system settings. Denying a permission only disables the related feature.
8. Cookies and analytics
Our website and web app use cookies and similar technologies to keep you signed in, remember your preferences, and understand how the Services are used. We use Google Analytics to measure aggregate traffic and usage. You can control cookies through your browser settings. Disabling some cookies may affect how the Services work.
9. Data retention
We keep your information for as long as your account is active and as needed to provide the Services. When you delete a document, its stored file and extracted data are removed. When you delete your account, we delete or de-identify your personal information and uploaded documents, except where we must retain limited records to comply with legal obligations, resolve disputes, or enforce our agreements. Backups are purged on a rolling schedule.
10. How we protect your information
- Data is encrypted in transit using TLS and encrypted at rest in our cloud storage.
- Uploaded documents are stored in a private, access-controlled store and served only through short-lived, signed links.
- Passwords are stored only as salted hashes. We offer two-factor authentication.
- Shared credential packets are protected by email-gated access and rate limiting, and every access is logged for your audit.
- We apply strict access controls, security headers, and monitoring across our infrastructure.
No method of transmission or storage is completely secure, but we work continuously to protect your information and to limit access to those who need it to operate the Services.
11. Your rights and choices
Depending on where you live, you may have rights to access, correct, export, or delete your personal information, and to object to or restrict certain processing. Through the Services you can, at any time:
- View and edit your profile and credentialing information.
- Upload, replace, or delete individual documents.
- Revoke a shared packet or a credentialing team's access.
- Manage your email and notification preferences.
- Enable or disable two-factor authentication.
- Delete your entire account.
To exercise a right that is not available directly in the app, contact us at info@credium.ai. We will respond within the time required by applicable law. We will not discriminate against you for exercising your privacy rights.
12. Deleting your account and data
You can delete your account at any time from Settings in the web app or the iOS app. Deleting your account removes your profile, uploaded documents, and associated stored files from active systems, subject to the limited legal retention described above. If you are unable to access your account, email info@credium.ai and we will process your deletion request.
13. Health information and HIPAA
Some information handled through Credium may constitute protected health information. When Credium processes such information on behalf of a covered entity or its business associate, we act as a business associate and handle that information in accordance with the applicable Business Associate Agreement and the requirements of HIPAA. Credium is a tool for organizing and sharing credentialing records; it is not a source of medical advice.
14. Children's privacy
The Services are intended for licensed healthcare professionals and credentialing staff and are not directed to children. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us information, contact us and we will delete it.
15. Data location and transfers
Credium is operated from and stores data in the United States. If you access the Services from outside the United States, you understand that your information will be processed in the United States, where data protection laws may differ from those in your country.
16. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you through the Services or by email. Your continued use of the Services after an update means you accept the revised policy.
17. Contact us
If you have questions about this Privacy Policy or how we handle your information, contact us at:
- Privacy inquiries and general support: info@credium.ai
Back to home