Privacy Policy

Last updated: 2026-06-01

Credibly (“Credibly,” “we,” “our,” or “us”) takes your privacy seriously. This policy explains what personal data we collect when you use crediblyai.com, why we collect it, how we store it, and the rights you have over it under the Philippine Data Privacy Act of 2012 (RA 10173) and comparable international frameworks.

1. Who we are

Credibly is an AI-powered credibility profile and follow-up tool aimed at network marketers, recruiters, coaches, and online sellers — primarily in the Philippines. We act as both a data controller for our customer accounts and a data processor for the leads our customers capture through profiles and funnels built on the platform. See Section 7 for what that distinction means in practice.

2. What we collect

  • Account details — your name, email address, password hash (we never store passwords in plaintext; Firebase Authentication handles them), profile photo URL, and any Google-account identifiers if you sign up with Google.
  • Profile content you create — headlines, biographies, testimonials, social links, business information, images you upload, and any other content you add to your public profile or funnels. This content is public by design.
  • Leads captured through your profile / funnel — names, emails, and phone numbers of people who submit a lead-capture form on a profile or funnel you control. We process this data on your behalf (see Section 7).
  • Payment information — handled entirely by our payment processor (Gumroad). We receive a license key and your billing email; we do not store card numbers or full payment credentials.
  • Usage analytics — aggregated counts of profile views, button clicks, share events, and form submissions, used to power your in-app dashboard and detect abuse. We do not use third-party advertising cookies or cross-site trackers.
  • Technical metadata — IP address (briefly, for abuse prevention), browser type, and device type, as collected by Firebase and Vercel logs.

3. Why we collect it

We process your data for these specific purposes:

  • Service delivery — creating your account, building your profile, capturing leads, sending transactional emails (e.g. password resets, receipts), and rendering your public profile to visitors.
  • AI content generation — when you click “Generate with AI”, we send your inputs (niche, tone, audience answers) to Google Gemini to produce suggested headlines, bios, CTAs, and follow-up messages. We do not send leads' personal data to AI.
  • Billing — verifying paid subscriptions via Gumroad license keys.
  • Support & abuse prevention — debugging issues you report, detecting fraudulent signups, and enforcing our Terms of Service.
  • Product updates — only if you opted in to marketing emails at signup. You can opt out anytime via the unsubscribe link in any marketing email.

4. Who we share it with

We don't sell your data. We share with specific third-party processors who help us deliver the service:

  • Google Firebase (Authentication, Firestore database, Cloud Storage) — primary storage and auth backbone.
  • Vercel — hosting and content delivery for the Credibly application.
  • Gumroad — payment processing for paid plans.
  • Resend — transactional email delivery (password resets, receipts, optional product updates).
  • Google Gemini — AI content generation when you opt in by using the AI features.
  • Law enforcement — only when compelled by a valid legal order under Philippine law.

Each processor is bound by its own privacy commitments. We do not enable advertising trackers (Facebook Pixel, Google Ads, etc.) on the application surface.

5. How long we keep it

  • Active accounts — for as long as your account exists.
  • Deleted accounts — up to 30 days in our backup snapshots, after which the data is permanently purged.
  • Billing records — retained for 10 years as required by Philippine tax law.
  • Aggregated analytics — may be kept indefinitely in non-identifiable form.

6. Your rights (PH DPA & GDPR)

You have the right to:

  • Access — request a copy of the data we hold about you.
  • Correct — update inaccurate or incomplete personal data (most of which you can edit directly in your profile).
  • Delete — close your account and have your data removed, subject to the retention exceptions in Section 5.
  • Object & restrict — opt out of marketing or specific processing activities.
  • Portability — export your profile and leads in a machine-readable format.
  • Complain — lodge a complaint with the Philippine National Privacy Commission (NPC) at privacy.gov.ph if you believe your rights have been violated.

To exercise any of these rights, email us at privacy@crediblyai.com. We respond within 7 business days, as required by the DPA's Implementing Rules.

7. Leads captured through your profile or funnel

When you (a Credibly customer) build a profile or funnel that includes a lead-capture form, you are the personal information controller for the data submitted by your leads. Credibly is the personal information processor: we store the data on your behalf and make it available to you via your dashboard, but we don't use it for our own purposes (no marketing, no aggregation, no resale).

As the controller, you are responsible for:

  • Obtaining lawful consent from your leads before collecting their data (display a clear notice on your form when required for your industry).
  • Responding to your leads' requests to access, correct, or delete their data.
  • Using the data only for the purposes you disclosed to your leads.

If a lead contacts us directly to exercise their rights, we will forward the request to you and assist as required by the DPA.

8. Security

We rely on Firebase's industry-standard encryption in transit (TLS) and at rest (AES-256). Access to production data is restricted to authorised admins only and is logged. No method of transmission over the internet is 100% secure, but we follow accepted practices to keep your data protected.

9. Children

Credibly is not intended for individuals under 18. We do not knowingly collect personal data from minors. If you believe a child has signed up, contact us at privacy@crediblyai.com and we will delete the account.

10. Changes to this policy

If we change this policy in a material way, we will email you (if you opted into product updates) and require fresh consent on your next signin. Otherwise, minor updates will be reflected here with the “Last updated” date at the top of the page.

11. Contact

Data Protection Officer: privacy@crediblyai.com
General inquiries: support@crediblyai.com


See also our Terms of Service.