Security at Credence Credit
We treat your financial data with the seriousness it deserves. This page summarizes the controls and practices that protect your account.
All traffic between your device and Credence Credit is encrypted with TLS. Data at rest in our managed database is encrypted with strong, industry-standard ciphers.
When you scan a credit or debit card, we never persist the full card number, CVV/security code, expiration date, or cardholder name. Only the last four digits, network, and issuer are retained — alongside a sanitized, AI-recreated card artwork.
Subscription billing and the one-time Lifetime Premium purchase are processed entirely by Stripe. Your payment card details never touch our servers.
AI image processing powers receipt OCR and card recognition. Requests are routed through our hosted gateway. Your data is not used to train public models.
Per-user row-level security isolates your data from every other account. Raw card photos are discarded after processing. Back-of-card images are never stored. Analytics exclude founder and admin activity.
Sign in with email/password or Google. Passwords are hashed by our managed auth provider and are never visible to our team.
Reporting a security vulnerability
If you believe you've found a vulnerability in Credence Credit, please email support@credence-credit.us with the subject line "Security report". Include:
- A clear description of the issue and its impact.
- Steps to reproduce (URLs, payloads, accounts used).
- Any proof-of-concept code or screenshots.
- Your name or handle if you'd like credit.
Please give us a reasonable opportunity to investigate and remediate before public disclosure. Do not access, modify, or delete data that doesn't belong to you, and don't run intrusive scans against production. We acknowledge reports within 48 hours.