Data Protection & Privacy
CredFolio takes the security of your professional credentials seriously. This article explains how we protect your data and what privacy controls are available to you.
In this article:
How We Encrypt Your Data
CredFolio uses multiple layers of encryption to protect your documents and information:
Protection | Method |
Data at rest | AES-256 encryption |
Data in transit | TLS 1.2+ encryption |
Document storage | Private cloud storage with signed URLs |
Authentication | Secure token-based sessions |
Access Controls
Your Data is Private by Default
Your documents and credentials are private by default. Only you can access them unless you explicitly share via CredShare™.
Role-Based Access
CredFolio uses role-based access controls to ensure:
Your data is only accessible by your authenticated sessions
Support staff cannot access your documents without your explicit permission
Shared packages have granular permission controls
Audit Logging
We maintain audit logs of account activity for security monitoring. You can view your recent sessions in Settings → Security.
Privacy Controls
Data You Own
You retain ownership of all credentials and documents you upload to CredFolio. We do not claim any ownership rights to your content.
Data Export
You can export your CME compliance data at any time:
CME Reports: Export as PDF, CSV, or ZIP from CME Manager (Pro and Premium plans)
Account Deletion
You can delete your account from Settings → Security → Danger Zone. When you delete your account:
Your profile information is removed
Your documents are deleted from our storage
A 90-day grace period allows recovery if needed
After the grace period, deletion is permanent
Data Retention
Data Type | Retention Period |
Active account data | As long as account is active |
After cancellation | 90-day grace period, then deleted |
Backup retention | Up to 3 years for disaster recovery |
Frequently Asked Questions
Is CredFolio HIPAA compliant?
CredFolio is not yet HIPAA certified. You should NOT upload Protected Health Information (PHI) of third parties such as patient records. You may upload your own professional credentials at your discretion.
Where is my data stored?
CredFolio data is stored on secure cloud infrastructure with data centers in the United States.
Can CredFolio employees see my documents?
No. Your documents are encrypted and stored in private buckets. Support staff cannot access your documents without your explicit permission during a support session.
How do I contact CredFolio about privacy concerns?
For privacy questions or to exercise your privacy rights, email [email protected]. We will respond within 30 days as required by applicable law.
Need More Help?
For privacy questions, email [email protected] or click the chat icon to contact support.