Privacy Policy · credgle

Last updated · 2026-05-11 — DRAFT · This is a working draft. Legal counsel review required before launch.

Credgle takes privacy seriously. This page describes what data we collect, why we collect it, and what you can do with it. Counsel review pending before launch.

What we collect

Account data: email address, password hash (Argon2id, never the plaintext), date of birth (for age verification), country code, locale, and timezone.
Verification data: phone number (E.164) and any KYC documents you upload for L3+ tier. KYC documents are encrypted at rest with per-record envelope keys.
Fraud signals: device fingerprint, IP address, ASN, country code, and the results of provider lookups (FingerprintJS Pro, IPQualityScore, Kickbox). These power the multi-account and IRSF defences.
Activity data: offer clicks, completions, ledger entries, and cashout requests. This is the operational record of your account.

Why we collect it

To run your account, credit your earnings, and dispatch your cashouts.
To comply with applicable AML / sanctions / KYC obligations (see /legal/aml).
To detect and prevent fraud and abuse.
To send you transactional email (verification, password reset, payouts) via Postmark. We only send marketing email when you've opted in.

Who we share with

We do not sell your personal data. We share only the minimum necessary to operate the service:

Tremendous — gift card dispatch (recipient email + amount).
Twilio Verify — phone-number ownership confirmation.
Persona — KYC at L3 (only when you opt to step up your tier).
Postmark — transactional email.
FingerprintJS Pro + IPQualityScore + Kickbox — fraud lookups.
Cloudflare / AWS — DNS, CDN, infrastructure.

Your rights

Subject to your local law (GDPR / CCPA / etc.), you can request export of your data, deletion of your account, correction of inaccurate fields, or opt-out of sale/sharing of personal information. Use the controls on /account/data or email [email protected]. We respect the Sec-GPC: 1 opt-out signal.

Retention

Active-account data is retained for as long as your account is open. Ledger entries are retained for 7 years to satisfy financial-records obligations even after account deletion; they are anonymised after the deletion grace window.

Security

TLS 1.3 everywhere. Sessions are stateful cookies (no JWT). Passwords are hashed with Argon2id. KYC documents are encrypted with KMS-managed keys. Detailed posture in our security documentation.