Last Updated: December 9th, 2025

This Privacy Policy describes how Creditable LLC (“Creditable,” “we,” “our,” or “us”) collects, uses, discloses, and protects information when you visit our website (creditable.com), use our SaaS platform for plan-level creditable coverage testing, or otherwise interact with our Services.

1. Scope

This Privacy Policy applies to all users of Creditable’s website and platform, including prospective customers, current customers, and visitors who interact with our Services. By using the Services, you agree to the terms of this Privacy Policy.

2. Definitions

• Personal Information: Information that identifies or can reasonably identify you (name, email, employer, etc.).

• Usage Data: Technical information automatically collected through your interactions with our Services (IP address, device type, browser type, pages visited, etc.).

• User Content: Plan data, test inputs, calculations, and results submitted or generated using our platform.

• Service Provider: A third party that processes data on our behalf to support the Services.
  
  

3. Legal Basis for Processing

We process Personal Information based on:

• The necessity to perform a contract;

• Our legitimate business interests;

• Your consent (where applicable);

• Compliance with legal obligations.
  
  

4. Information We Collect

Information You Provide Directly

• Account information (name, email, company, password)

• Plan details and testing inputs

• Communications with our support or sales teams
  
  

Information Collected Automatically

• IP address, browser type, device identifiersUsage logs

• Cookies and analytics data
  
  

Information We Do Not Collect

We do not collect, store, or process Protected Health Information (PHI) under HIPAA.

5. How We Use Information

We use information to:

• Operate the platform and provide Services

• Authenticate users

• Generate plan testing results and reports

• Communicate with customers

• Improve platform performance

• Maintain security

• Comply with legal and regulatory obligations
  
  

5A. User Content and Data Ownership

Your Ownership

You retain all rights, title, and interest in your User Content. Creditable claims no ownership over User Content.

License You Grant Us

You grant Creditable a limited license to:

• Access, store, and process User Content to provide Services

• Perform compliance testing and generate results

• Maintain backups

• Improve our Services using aggregated, de-identified data that cannot reasonably identify you
  
  

Confidentiality

Creditable treats User Content as confidential business information and will not access or share it except:

• As needed to operate the Services

• To provide support

• As required by law

• As disclosed in this Policy
  
  

Your Responsibilities

You represent and warrant that:

• You have all rights needed to submit User Content

• All User Content is accurate and complete

• You have obtained all required consents

• Your User Content does not violate any laws or third-party rights
  
  

6. Disclosure of Information

We may disclose information:

• To Service Providers (cloud hosting, analytics, customer support)

• To attorneys, auditors, and regulators

• To authorities when required by law

• In connection with a merger or acquisition

• With your consent
  
  

We do not sell Personal Information.

7. International Data Transfers

Your information may be transferred to and processed in the United States and other jurisdictions where our Service Providers operate. We require safeguards consistent with applicable laws.

7A. Data Storage and Location

Your information is primarily stored on secure cloud servers located in the United States.

Some Service Providers may process data in other countries to support:

• Hosting

• Analytics

• Customer support

• Payment processing
  

We require all Service Providers to maintain appropriate security and contractual data protection measures.

8. Cookies and Tracking Technologies

What Are Cookies

Cookies are small text files placed on your device that help us operate and improve our Services.

Types of Cookies We Use

• Essential Cookies — Required for login, session management, security

• Analytics Cookies — We use Google Analytics to track usage and improve performance

• Performance Cookies — Monitor uptime and detect errors
  
  

Third-Party Services Using Cookies

• Google Analytics
  
  

Your Choices

• You can disable cookies in your browser

• You can opt out of Google Analytics using:
  https://tools.google.com/dlpage/gaoptout

• Disabling essential cookies will prevent the platform from functioning properly
  
  

For more information: https://www.allaboutcookies.org

9. Data Retention and Security

Retention Periods

• Account Information: Stored for the life of your account + 7 years

• User Content: Deleted within 30 days after account closure unless you request earlier deletion

• Usage Logs: Stored for up to 24 months

• Marketing Data: Retained until opt-out or 3 years of inactivity

• Support Communications: Stored for 3 years
  
  

Legal Holds

We may retain information longer if required for legal compliance, dispute resolution, or protection of our rights.

Security Measures

We use industry-standard protections including:

• TLS 1.2+ encryption in transit

• Encryption at rest

• Role-based access controls

• MFA for administrative accounts

• Continuous monitoring

• Security training

• Regular audits and vulnerability testing

• Incident response procedures
  
  

Limitations

No transmission or storage system is completely secure.

Your Responsibilities

• Use a strong, unique password

• Do not share login credentials

• Notify us of suspected unauthorized access: support@joincreditable.com
  
  

Data Breach Notifications

If a breach affects your Personal Information, we will notify you without undue delay as required by law.

10. Your Rights and Choices

You may request to:

• Access your Personal Information

• Correct inaccuracies

• Delete Personal Information

• Opt out of marketing

• Manage cookie preferences
  
  

Submit requests to: support@joincreditable.com
We may ask for identity verification.

11. Children’s Privacy

Our Services are not intended for individuals under 18, and we do not knowingly collect information from minors. If we become aware that a minor has provided information, we will delete it promptly.

12. Third-Party Links

Our Services may link to third-party websites. We are not responsible for the content or privacy practices of those sites.

13. U.S. State Privacy Rights

California (CCPA/CPRA)

California residents have the right to:

• Know what Personal Information we collect

• Request deletion

• Request correction

• Access specific pieces of data

• Not be discriminated against for exercising privacy rights
  

We do not sell or share Personal Information.

Virginia, Colorado, Connecticut, Utah

Residents may, in accordance with state laws:

• Confirm Personal Information is processed

• Access Personal Information

• Correct inaccuracies

• Delete Personal Information

• Obtain a portable copy of Personal Information

• Opt out of targeted advertising (we do not engage in targeted advertising)
  
  

How to Submit a Privacy Request

Email: support@joincreditable.com
Subject Line: “Privacy Rights Request”

Verification

We may verify identity using account email and other details.

Response Times

• Standard response: 45 days

• Extension (if needed): additional 45 days

• Appeals responded to within 60 days
  
  

Authorized Agents

Requests may be submitted by an authorized agent with proper documentation.

14. Changes to This Privacy Policy

We may modify this Privacy Policy from time to time. Updates will be posted with a revised “Last Updated” date. Continued use of the Services after updates constitutes acceptance of the revised Policy.

15. Contact Us

Creditable LLC
122 W 68th Street
Kansas City, MO 64113

Support: support@joincreditable.com

We aim to respond to all inquiries within 10 business days.