Last modified: Dec 4, 2025

Crede, Inc. (“Crede,” “we,” “us,” or “our”) provides back-office services—including bookkeeping, controller services, tax services, CFO services, stock administration services—and software-as-a-service to organizations and local partners (our “Services”). This Privacy Policy describes how we collect, use, retain, and disclose personal information when marketing and selling our Services, delivering Services to customers and partner customers, and operating and improving our business.

We market and sell Services to organizations—not individuals. To the extent we process personal information about an identifiable individual (“you”), it is solely (a) in connection with our marketing, sales, and partnership activities directed at your employer or organization, or (b) because your information appears in financial or operational data provided by a customer or partner as part of the Services. We do not knowingly collect information from children under 16.

If you are applying to work at Crede, please see our Job Candidate Privacy Policy. If you visit a Crede office, please review the notice provided at check-in. If you perform tax services for Crede as a third-party tax provider, please see the Crede Privacy Policy for Tax Service Providers.‍

‍For questions, or to exercise rights under applicable privacy laws, email privacy@crede.co.

Overview of This Privacy Policy

This Privacy Policy contains the following sections:

Information for Prospective Customers – What we collect in sales and marketing, how we use it, and how long we keep it.
Information for Customers – What data we process in providing Services (Customer Data, Business Record Data, Administrative Data), for what purposes, and our retention practices.
General Information – Call recordings; categories of disclosures; de-identification; International transfers; your rights; how to contact us; and how we update this policy.

1. INFORMATION FOR PROSPECTIVE CUSTOMERS

This section applies to you if you:

visit our website,
attend a Crede event (virtual or in-person),
submit a form,
receive marketing from us,
are referred to us by a third party,
or evaluate our Services on behalf of your employer or organization (including prospective local partners).

1.1 Personal Information We Collect

Identifiers & Contact Information

Examples: name, work email, work phone number, business address.
Sources include:

you, if you provide it directly;
your colleagues;
acquaintances who refer you;
third-party data enrichment providers;
publicly available sources and social media;
promotional and integration partners;
lead sellers.

Employment-Related Information

Examples: employer name, job title.
Same sources as above.

Website & Marketing Interaction Data

Examples: IP address, cookie identifiers, device information, referring pages, browsing activity, engagement with emails. Sources include:

analytics tools,
ad networks,
email engagement tools,
identity-resolution and enrichment services.

Inferences

Examples: likelihood of interest in Services; sales prioritization indicators.
Sources: analytics and scoring tools.

Geolocation Data

Derived from IP address.

Event-Related Information

Examples: dietary preferences for in-person events.

Recorded Communications

If you join a recorded call (with consent where required), we collect audio/visual information.

1.2 How We Use This Information

We process this information to market, sell, and deliver information about our Services to your organization, including:

sending marketing communications (email, SMS, newsletter);
engaging with you during sales and partnership discussions;
analyzing sales performance and optimizing sales operations;
managing lead lists and CRM records;
evaluating website usage to improve content, functionality, and marketing effectiveness;
conducting market and product research;
managing event participation.

Important Note on Financial Data Samples

During sales evaluations, you may provide sample financial data (which may contain personal information). We use this data only to:

understand your organization’s back-office needs,
quote appropriate Services, and
scope onboarding requirements.

This data is stored securely in Crede systems and analyzed using approved service-provider tools.

1.3 Website Operations & Cookies

We—and our service providers—use cookies, web beacons, pixels, analytics tools (including Google Analytics), session replay tools (including Hotjar), and other technologies to:

understand site usage;
personalize website experience;
measure marketing effectiveness;
improve our website and campaigns.

Visitors may instruct browsers to decline cookies; however, functionality may be affected. You may opt out of targeted advertising as described in Section Your Rights.

1.4 Retention (Prospective Customers)

We retain:

business contact information until you request deletion or we determine it is no longer needed for sales/marketing;
email addresses indefinitely to preserve opt-out records;
website behavioral data for 90–365 days depending on provider default retention;
third-party tracking data according to the provider’s retention schedule.

2. INFORMATION FOR CUSTOMERS

This section applies if you are associated with a Crede customer or a customer of a local partner (“Partner Customer”).

We process personal information within three categories:

Customer Data
Business Record Data
Administrative Data

Each is defined below.

2.1 Customer Data

Definition

Customer Data includes financial and business information customers or partners provide—or authorize us to access—so we can deliver Services. Customer Data may include personal information that appears in:

accounting data,
vendor and payroll data,
bank/credit card transaction data,
tax-related information,
stock administration data,
or reports, statements, and analyses we generate for customers.

Examples include names of individuals, job titles, invoice details, payroll amounts, ownership information, and Social Security numbers (in limited tax or equity-administration contexts).

Sources

Customer uploads
Partner uploads
Integrations with payroll, banking, accounting, or other third-party systems
Data aggregators (e.g., Plaid)
Credentials or access permissions granted by the customer

How We Use Customer Data

We process Customer Data:

To provide, monitor, and improve our Services, including bookkeeping, reconciliations, reporting, tax preparation support, financial analysis, and automation of recurring processes.
To manage customer relationships, including monitoring account activity for pricing and subscription alignment.
To provide support, including resolving inquiries and troubleshooting.
For research, benchmarking, and insights, but only in de-identified or aggregated form that does not identify you, the customer, or any individual.

Retention of Customer Data

Tax-related Customer Data — retained at least 7 years from the filing due date (including extensions).
Other Customer Data — retained until a valid deletion request or until no longer needed for legal, contractual, or operational purposes (e.g., supporting transitions, enforcing agreements, detecting fraud).
Former customer credentials are queued for deletion 120 days after service termination.
Standard backups of former customer QuickBooks Online data are queued for deletion 7 years post-termination.
De-identified rule-based learnings used in automation are retained indefinitely.

2.2 Business Record Data

Definition

Business Record Data consists of communications, workpapers, approvals, scheduling information, and documentation generated in the normal course of delivering Services.

Examples include:

email communications,
messages in Crede’s proprietary platform,
meeting notes,
instructions and authorizations,
call or video recordings,
customer satisfaction survey responses,
internal workpapers.

How We Use Business Record Data

We process Business Record Data to:

deliver and document Services;
maintain audit trails of instructions and approvals;
manage customer and partner relationships;
analyze and improve service delivery processes;
provide technical and customer support.

Retention of Business Record Data

We retain Business Record Data:

for legal, operational, and recordkeeping purposes,
at least through the longest applicable statute of limitations,
or until we determine it is no longer required.

2.3 Administrative Data

Definition

Administrative Data includes:

account credentials and profile information;
billing and subscription information;
metadata and log data from use of Crede’s proprietary application (app.crede.co);
usage analytics;
customer health indicators;
responses to surveys;
inferences derived from usage or metadata.

How We Use Administrative Data

We process Administrative Data for:

account creation and authentication;
providing and securing the Services;
fraud prevention and system integrity;
internal analytics and product improvement;
customer communications and lifecycle management;
developing new features and Services;
internal research and benchmarking (using only non-identifying output).

Retention of Administrative Data

We retain Administrative Data:

for as long as necessary to operate, secure, and support our Services;
as needed to comply with law;
for purposes of fraud detection, product development, and business operations;
indefinitely for certain system logs, account records, and de-identified analytics, unless prohibited by law.

3. GENERAL INFORMATION

3.1 Call Recordings

We record certain sales, service, and partner-program calls (with consent where required). Recordings may include:

names of participants,
audio and video,
transcripts.

We use call recordings for:

training and quality assurance;
service delivery;
note-taking and documentation;
process improvement;
recordkeeping and compliance;
product research and development.

Retention: generally up to three years, or earlier upon lawful deletion request.

3.2 How We Disclose Personal Information

We disclose personal information to:

Service Providers

(e.g., storage, analytics, CRM systems, marketing tools, communications providers).
These providers must maintain confidentiality and act only under our instructions.

A current list of service providers that may process Customer Data is available here.

Service Fulfillment Partners

For Crede Tax Services, non-affiliated tax providers may receive Customer Data with the customer’s consent.

Integration Partners

If a customer authorizes an integration (e.g., payroll, payments, banking), we may exchange business contact information, configuration data, and integration usage details.

Promotional Partners

For joint events or co-branded content, we may share attendee information at the attendee’s direction.

Third-Party Website Services Providers

(e.g., ad networks, analytics tools) that collect personal information directly from website visitors.

Legal, Compliance, and Safety Disclosures

We may disclose information when required by law, court order, subpoena, or to protect Crede, our Services, customers, or others.

Affiliates

We may share data with our affiliates for service delivery and internal operations.

Business Transfers

If Crede is involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred.

Customer-Directed Disclosures

We disclose information to third parties upon instructions from an authorized customer representative.

With Your Consent

3.3 De-identified and Aggregated Information

Once personal information is de-identified or aggregated so that it cannot reasonably be linked to an individual or customer, it is no longer treated as personal information and may be retained or used for any purpose.

3.4 International Transfers

We and our service providers may process personal information in the United States or other countries where we operate, consistent with applicable law. Some tax service fulfillment partners use personnel located outside the United States.

3.5 Your Rights and Managing Your Privacy

Access, Update, Correction, Deletion

You may request to:

confirm whether we hold your personal information;
access, correct, or update it;
request deletion, subject to legal limitations.

Email: privacy@crede.co.

If your information is contained within Customer Data, please contact the applicable customer directly.

Marketing Communications

You may opt out of marketing emails or SMS messages at any time. We will still send necessary transactional communications.

Cookies and Tracking Preferences

You may control cookies via browser settings or opt-out mechanisms described earlier.

Do Not Track

Crede’s website does not respond to Do Not Track signals.

3.6 Privacy Rights for California and Virginia Residents

If the CCPA or VCDPA applies to you, you may request:

categories of personal information collected;
purposes of processing;
sources of personal information;
categories of third parties to whom information is disclosed, sold, or shared;
specific pieces of personal information collected;
Deletion;
Correction;
the right to opt out of “sales,” “sharing,” or targeted advertising;
non-discrimination for exercising these rights.

A detailed table of categories disclosed or shared in the last 12 months is included in the policy (unchanged).

Opt-Out Mechanism

California residents:
Click “Do Not Sell or Share My Personal Information” on our website footer.

Virginia residents: Use the same link to opt out of targeted advertising.

We do not knowingly sell or share personal information of individuals under 16.

Crede does not use or disclose sensitive personal information except for purposes permissible under Section 7027(m) of the CCPA Regulations.

3.7 How to Contact Us

Email: privacy@crede.co
Mail: Crede, Inc., 6200 Village Pkwy, Suite 200, Dublin, CA 94568

3.8 Changes to This Privacy Policy

We may update this Privacy Policy periodically.
If changes are material, we will notify you via:

our Services,
email, or
posting on our website.

Continued use of the Services after an update constitutes acceptance.