Secure, transparent, and compliant data protection

We use collected information to:

• Provide, operate, and improve our services
• Manage provider credentialing workflows
• Maintain provider records and compliance documentation
• Send notifications, reminders, and workflow updates
• Monitor platform performance and security
• Detect compliance risks and workflow delays
• Respond to customer support requests
• Meet legal, regulatory, and contractual obligations

CredX Health is committed to supporting healthcare organizations with privacy and security best practices aligned with applicable U.S. healthcare regulations.

Where applicable, we implement administrative, technical, and physical safeguards designed to support compliance with the Health Insurance Portability and Accountability Act (HIPAA).

Customers are responsible for determining whether HIPAA or other healthcare regulations apply to their use of our services.

We maintain industry-standard security measures designed to protect information from unauthorized access, misuse, disclosure, alteration, or destruction.

Security measures may include:

• Encrypted data transmission
• Access controls and authentication safeguards
• Role-based permissions
• Continuous monitoring and audit logging
• Secure cloud infrastructure hosted on Amazon Web Services (AWS)

We do not sell personal information.

We may share information only:

• With authorized customer organizations and users
• With trusted service providers supporting our operations
• When required by law, regulation, subpoena, or legal process
• To protect the security, integrity, and rights of our platform and users
• During a merger, acquisition, or business transition

We may use cookies and similar technologies to:

• Improve user experience
• Analyze website performance and usage trends
• Maintain secure sessions and authentication
• Enhance platform functionality

We retain information only as long as necessary to:

• Provide our services
• Meet contractual obligations
• Comply with legal and regulatory requirements
• Resolve disputes and enforce agreements

Subject to applicable U.S. laws and regulations, users may have the right to:

• Access their information
• Request corrections or updates
• Request deletion of certain data
• Object to specific processing activities
• Request information about stored personal data

Our platform or website may contain links or integrations with third-party services. We are not responsible for the privacy practices, content, or security of third-party services.

Users are encouraged to review the privacy policies of external providers separately.

Our services are intended for business and healthcare professionals and are not directed toward children under 13 years of age.

We do not knowingly collect personal information from children.

We may update this Privacy Policy periodically to reflect operational, legal, security, or regulatory changes.

Updated versions will be posted on this page with the revised effective date.

If you have questions about this Privacy Policy or our privacy practices, please contact us through our official website or the contacts given below.