CredentialCal Privacy Policy
Effective date: 2026-06-02
Last updated: 2026-06-02
1. Introduction & Scope
This Privacy Policy explains how Martello Systems LLC ("Martello Systems," "we," "us," or "our") collects, uses, shares, and protects personal information when you use CredentialCal at credentialcal.com and related applications and services (the "Service"). It applies to information we process about visitors, account holders, and the medical and professional practices that use the Service.
By using the Service, you agree to the practices described in this Policy. This Policy is incorporated into and subject to our Terms of Service. If you do not agree with this Policy, please do not use the Service.
2. Information We Collect
- Account information. When you register, we collect information such as your name, email address, password (stored in hashed form), and practice or organization details you provide.
- Credentialing data you enter. We collect the information you input about your providers and credentials, such as provider names and identifiers, license and credential types, issuing bodies, license/DEA/CAQH numbers, payer enrollments, hospital privileges, board certifications, CME records, renewal and expiration dates, checklists, and related notes.
- Payment information (via Stripe). Subscription payments are processed by Stripe, Inc. We do not collect or store your full payment card numbers. Stripe processes your payment details directly; we receive limited information such as a transaction identifier, the last four digits and card brand, subscription status, and billing metadata.
- Usage, device, and log data. We automatically collect information such as IP address, browser and device type, pages and features used, referring URLs, timestamps, and diagnostic/log data.
- Cookies and similar technologies. We and our providers use cookies and similar technologies as described in Section 6.
- Communications. If you contact us (for example, at support@credentialcal.com), we collect the content of your messages and our correspondence.
We do not intend the Service to be used to store patient health records, and we ask that you submit only the provider and credential information needed to track deadlines — not patient data or unnecessary sensitive personal information.
3. How We Use Information
We use personal information to: provide, operate, and maintain the Service and your account; track and display your providers' credential and deadline information and generate reminders and alerts; process subscriptions, billing, and payments through Stripe; send transactional and account communications; provide customer support; monitor, secure, debug, and improve the Service; detect and prevent fraud, abuse, and security issues; and comply with legal obligations and enforce our agreements. We do not use your data for automated decisions producing legal or similarly significant effects without human involvement, and we do not sell your personal information.
4. Legal Bases for Processing (EEA/UK)
Where the GDPR or UK GDPR applies, we process personal information on the bases of: performance of a contract (to provide the Service and process your subscription); legitimate interests (to secure, improve, and analyze the Service and prevent fraud, balanced against your rights); consent (for optional communications and certain cookies, which you may withdraw at any time); and legal obligation (to comply with applicable laws, including tax and recordkeeping requirements).
5. How We Share Information
We share personal information only as described below. We do not sell your personal information, and we do not share it for cross-context behavioral advertising.
- Service providers (processors). Stripe, Inc. (payment processing and subscription billing); Brevo (transactional and notification/reminder email delivery); and hosting and infrastructure providers that operate the Service.
- Legal and safety. We may disclose information if required by law or legal process, or to protect the rights, property, or safety of Martello Systems, our users, or others, or to enforce our Terms.
- Business transfers. If we are involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction, subject to this Policy.
- With your direction. We share information when you ask us to or otherwise consent.
6. Cookies & Analytics
We use essential cookies to keep you logged in, remember your preferences, and secure the Service. These are always active because the Service cannot function without them.
For analytics, we use Google Analytics 4 (GA4) to understand how the Service is used and to improve it. GA4 only runs after you accept analytics in our cookie consent banner. If you decline, or until you make a choice, no analytics cookies are set and no GA4 data is collected. You can change your choice at any time by clearing the relevant cookie or local-storage entry in your browser. We do not use advertising cookies and do not use this data for advertising or cross-context behavioral advertising. You can also control cookies through your browser settings; disabling some cookies may affect functionality.
7. Data Retention
We retain personal information for as long as your account is active and as needed to provide the Service, then for a reasonable period afterward to comply with legal, tax, accounting, and recordkeeping obligations, resolve disputes, and enforce our agreements. When information is no longer needed, we delete or anonymize it. You may request deletion as described in Section 9; certain records (such as billing records) may be retained where required by law. You may also delete most data directly within the Service or by closing your account.
8. Security
We use reasonable administrative, technical, and organizational measures designed to protect personal information, including encryption in transit, hashed passwords, access controls, and reputable infrastructure and payment providers. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential. If we become aware of a breach affecting your personal information, we will notify you and authorities as required by law.
9. Your Privacy Rights
Depending on where you live, you may have rights to: access a copy of the personal information we hold; correct inaccurate information; delete your personal information; port/export your data; object to or restrict certain processing; withdraw consent where processing is based on consent; and non-discrimination for exercising your rights.
California residents (CCPA/CPRA). You have rights to know, access, correct, and delete personal information, and to opt out of any "sale" or "sharing" — note that we do not sell or share personal information as those terms are defined.
EEA/UK residents (GDPR/UK GDPR). You have the rights listed above and the right to lodge a complaint with your local data protection authority.
To exercise any right, email support@credentialcal.com. We will verify your request and respond within the timeframes required by applicable law.
10. Children's Privacy
The Service is intended for business use by adults who are at least 18 years old and is not directed to children. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected such information, we will delete it. If you believe a minor has provided us information, contact support@credentialcal.com.
11. International Users
We operate in the United States, and the Service is intended primarily for U.S.-based practices. If you access the Service from outside the United States, you understand that your information will be processed in the United States, where data-protection laws may differ from those in your country. By using the Service, you consent to this transfer and processing, subject to this Policy and applicable law.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and may provide additional notice. Your continued use of the Service after the changes take effect constitutes acceptance of the updated Policy.
13. Contact
If you have questions or requests regarding this Privacy Policy or your personal information, contact Martello Systems LLC — CredentialCal, at support@credentialcal.com (credentialcal.com).