Privacy Policy

Last updated: March 16, 2026

The short version: We collect your email and name to run your account. We store credential labels and expiration dates — never actual passwords or secrets. We don't sell your data. Period.

Information We Collect

When you create an account, we collect:

Your first name, last name, and email address
A securely hashed version of your password (we cannot see your actual password)

When you use CredClock, we store:

Credential labels, types, expiration dates, and optional notes
Reminder preferences and notification settings
Organization names and team membership information
Usage logs and audit history for your account

We never store your actual passwords, API keys, certificates, SSH keys, or any secret credential values.

How We Use Your Information

To provide the CredClock service — tracking expiration dates and sending reminders
To send transactional emails — account verification, password resets, team invitations
To send credential expiration reminder notifications
To process payments through our billing provider (Stripe)
To maintain audit logs for compliance reporting

What We Don't Do

We do not sell, rent, or share your personal data with third parties
We do not use your data for advertising or marketing profiling
We do not track you across other websites
We do not store any actual passwords or secrets

Third-Party Services

We use the following third-party services to operate CredClock:

Stripe — payment processing. Stripe handles all credit card data directly; we never see or store your card number. See Stripe's privacy policy.
Postmark — email delivery for transactional and reminder emails. See Postmark's privacy policy.

Data Storage & Security

Your data is stored in an encrypted PostgreSQL database on secured infrastructure. All connections to CredClock are encrypted via TLS/SSL. Passwords are hashed using scrypt with per-user salts. See our Security page for full details.

Data Retention

We retain your data for as long as your account is active. Audit log entries are retained for 90 days. If you delete your account, all associated data is permanently removed.

Your Rights

Access — You can export all your credential data as CSV at any time
Deletion — Contact support@credclock.com to request full account deletion
Portability — Your data is exportable in standard CSV format

Changes to This Policy

We may update this privacy policy from time to time. We will notify registered users of material changes via email.

Contact

Questions about this policy? Email support@credclock.com.