Privacy Policy

Introduction

NeoCred Corp ("we," "our," or "us") is committed to protecting your privacy as we revolutionize global mobility by making credit history portable across borders. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform to:

• • Create portable credit profiles for international use
• • Facilitate credit applications with partner financial institutions
• • Provide financial background verification services to businesses
• • Enable banks to assess international customers' creditworthiness
• • Process credit data across 50+ countries and jurisdictions

This policy applies to all users of our services, including individuals seeking portable credit profiles, financial institutions using our verification APIs, and businesses conducting background checks.

Information We Collect

Personal Identification Information

• • Full legal name, email address, and phone number
• • Government-issued identity documents (passport, driver's license, national ID)
• • Date of birth and citizenship status
• • Current and previous residential addresses (up to 7 years)
• • Employment history, employer information, and income verification
• • Social security numbers or national identification numbers
• • Biometric data for identity verification where legally permitted
• • Immigration status and visa information where relevant

Financial and Credit Information

• • Credit reports and scores from multiple countries and credit bureaus
• • Banking relationships, account types, and account history
• • Transaction patterns, payment history, and financial behavior data
• • Credit card accounts, limits, utilization rates, and payment patterns
• • Loan accounts including mortgages, personal loans, and payment histories
• • Bankruptcy filings, debt settlements, and legal financial judgments
• • Income verification documents, tax returns, and financial statements
• • Investment accounts, assets, and financial portfolio information
• • Insurance claims history and premium payment records
• • Utility payment histories and telecommunications account records

Technical and Usage Information

• • Device information, browser type, operating system, and unique identifiers
• • IP addresses, geolocation data, and country/region information
• • Platform usage patterns, feature interactions, and session data
• • API usage logs, request/response data, and integration patterns
• • Cookies, web beacons, and similar tracking technologies
• • Error logs, diagnostic information, and performance metrics
• • Communication records including support interactions and notifications

Third-Party Data Sources

• • Credit bureau reports from authorized agencies in your home and destination countries
• • Banking data through secure open banking APIs with your explicit consent
• • Employment verification data from HR systems and payroll providers
• • Public records including court filings, property records, and regulatory databases
• • Identity verification data from trusted third-party verification services

How We Use Your Information

We process your information through our comprehensive 4-step global credit mobility process and other legitimate business purposes:

NeoCred 4-Step Process

• • Consent & Verification: Identity verification, document authentication, and explicit consent collection
• • Data Collection: Secure gathering of credit bureau data and financial information from your home countries
• • AI Analysis: Automated normalization of credit scores across different systems and economic contexts using machine learning
• • Global Score Generation: Creation of unified, internationally comparable credit profiles

AI and Automated Decision-Making

Our AI systems process your financial data to normalize credit scores across different countries' systems. This includes automated analysis of:

• • Cross-system credit score normalization between different countries' scoring models
• • Economic context analysis factoring in regional financial behaviors and market conditions
• • Risk assessment calculations for partner financial institutions
• • Pattern recognition in payment behaviors and financial stability indicators
• • Fraud detection and identity verification through behavioral analysis

Your Rights Regarding Automated Processing: You have the right to request human review of any automated decision that significantly affects you, and to challenge or request explanation of AI-driven credit assessments.

Service-Specific Uses

General Business Operations

• • Platform maintenance, security monitoring, and technical support
• • Legal and regulatory compliance across 50+ jurisdictions
• • Service improvement through usage analytics and user feedback
• • Research and development of new credit mobility solutions
• • Marketing communications (only with your explicit consent)
• • Financial reporting and business operations

Information Sharing and Disclosure

As a global credit mobility platform, we share your information with authorized parties to provide our core services. All sharing is governed by strict contractual agreements and regulatory compliance requirements.

Banking and Financial Institution Partners

We share credit assessment data with licensed financial institutions when:

• • You explicitly authorize sharing for a specific credit application
• • Banks use our API services to verify international customer creditworthiness
• • Partner institutions request risk assessments for existing applications
• • Regulatory requirements mandate disclosure for compliance purposes

Data Shared: Normalized credit scores, risk assessments, payment history summaries, debt-to-income ratios, and fraud indicators. Full raw credit reports are never shared without explicit consent.

Business and Employment Verification Services

For background verification services, we share verified financial information with:

• • Employers conducting pre-employment screenings (with candidate consent)
• • Property managers and landlords for tenant verification
• • Business partners conducting due diligence assessments
• • HR departments for international employee relocations

Data Shared: Financial stability scores, payment reliability indicators, bankruptcy/default history, and risk assessment summaries. Full credit reports require separate explicit authorization.

Credit Bureaus and Data Sources

• • Authorized credit reporting agencies in your home and destination countries
• • Banking data aggregators for transaction history and account verification
• • Identity verification services for document authentication
• • Government agencies for sanctions screening and compliance verification

Service Providers and Vendors

• • Cloud infrastructure providers (AWS, Azure) for secure data processing
• • Cybersecurity firms for fraud detection and security monitoring
• • Customer support platforms for service delivery
• • Legal and compliance advisors for regulatory matters
• • Auditing firms for security certifications and compliance reviews

Legal and Regulatory Disclosures

We may disclose your information when required by law or to protect legitimate interests:

• • Compliance with court orders, subpoenas, or regulatory investigations
• • Anti-money laundering (AML) and know-your-customer (KYC) requirements
• • Sanctions screening and terrorism financing prevention
• • Consumer protection agency investigations
• • Law enforcement requests with proper legal authority
• • Protection of our rights, property, or user safety

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections and with advance notice to affected users.

Data Security and Protection Measures

Given the sensitive nature of financial data we process across 50+ countries, we implement enterprise-grade security measures that exceed industry standards:

Technical Security Measures

• • AES-256 encryption for all data at rest and TLS 1.3 for data in transit
• • Zero-knowledge architecture - we never see your raw financial data in plain text
• • End-to-end encryption for all API communications with banking partners
• • Multi-factor authentication and hardware security modules (HSMs)
• • Real-time fraud detection using AI-powered behavioral analysis
• • Regular penetration testing and security vulnerability assessments

Compliance Certifications

• • SOC 2 Type II certified for security, availability, and confidentiality
• • ISO 27001 certified information security management
• • PCI DSS Level 1 compliant for payment card data processing
• • NIST Cybersecurity Framework alignment and regular audits

Access Controls and Monitoring

• • Role-based access controls with least privilege principles
• • Complete audit trails for all data access and system interactions
• • 24/7 security monitoring and incident response capabilities
• • Employee background checks and mandatory security training

Security Disclaimer: While we implement industry-leading security measures, no method of transmission over the internet or electronic storage is 100% secure. We continuously update our security practices to address emerging threats.

International Privacy Law Compliance

NeoCred complies with privacy laws in all jurisdictions where we operate. Below are specific compliance details for major regulatory frameworks:

GDPR Compliance (European Union/EEA/UK)

CCPA Compliance (California, USA)

PIPEDA Compliance (Canada)

Other Jurisdictions

• • Australia: Privacy Act 1988 and Notifiable Data Breach scheme compliance
• • Singapore: Personal Data Protection Act (PDPA) compliance
• • Brazil: LGPD (Lei Geral de Proteção de Dados) compliance
• • Japan: Act on Protection of Personal Information (APPI) compliance
• • South Korea: Personal Information Protection Act (PIPA) compliance

Your Privacy Rights and How to Exercise Them

Your privacy rights depend on your location and the legal basis for processing your data. We provide easy mechanisms to exercise all applicable rights.

Universal Rights (Available to All Users)

• • Right to Information: Clear explanation of how we process your data
• • Right of Access: View all personal data we hold about you
• • Right to Rectification: Correct inaccurate or incomplete information
• • Right to Account Deletion: Delete your account and associated data
• • Right to Withdraw Consent: Cancel consent-based processing at any time

Enhanced Rights (Jurisdiction-Specific)

How to Exercise Your Rights

International Data Transfers and Cross-Border Processing

As a global credit mobility platform operating across 50+ countries, we necessarily transfer and process personal data internationally. All cross-border transfers are protected by appropriate legal mechanisms and security measures.

Legal Basis for International Transfers

• • European Commission Adequacy Decisions for transfers to countries with adequate data protection
• • Standard Contractual Clauses (SCCs) approved by the European Commission and UK ICO
• • Binding Corporate Rules (BCRs) for transfers within our corporate group
• • Explicit user consent for specific cross-border processing purposes
• • Necessity for contract performance when providing international credit verification

Data Processing Locations

We process data in secure, SOC 2 certified facilities across multiple jurisdictions to ensure compliance with local data protection laws and to provide optimal service performance. Processing locations are strategically distributed to support our global operations while maintaining appropriate data protection safeguards.

Transfer Safeguards and Protections

• • All transferred data is encrypted using AES-256 encryption during transit and storage
• • Transfer Impact Assessments (TIAs) conducted for high-risk jurisdictions
• • Contractual data localization requirements where mandated by local laws
• • Regular compliance audits of all international processing partners
• • Data minimization principles applied to all cross-border transfers

Data Retention Periods and Deletion Policies

We retain different types of data for specific periods based on legal requirements, business needs, and the nature of our services. All retention periods are designed to balance service provision with privacy protection.

Active User Data Retention

Post-Account Deletion Retention

When you delete your account, most data is removed immediately, but some information may be retained for legal compliance:

• • Fraud Prevention Records: 10 years (to prevent re-registration for fraudulent purposes)
• • Financial Transaction Records: 7 years (tax and audit requirements)
• • Regulatory Compliance Data: As required by applicable laws (typically 5-7 years)
• • Legal Dispute Records: Until resolution plus applicable statute of limitations

Business Customer Data Retention

Automated Deletion Processes

We employ automated systems to ensure timely deletion of data:

• • Monthly automated reviews of retention periods and automatic deletion of expired data
• • Quarterly compliance audits of data retention practices
• • Annual review of retention policies to ensure continued legal compliance
• • Immediate processing of user deletion requests (within 72 hours)

Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website and updating the "Last updated" date above.

Contact Information and Data Protection Officers

For privacy-related inquiries, complaints, or to exercise your data protection rights, please contact our dedicated privacy team:

Global Privacy Office

Regional Data Protection Officers

Regulatory Authority Contacts

If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with relevant supervisory authorities: