Credensa
Start Free

Legal

Subprocessors and Service Providers

Credensa uses vetted service-provider categories to operate the platform while limiting public infrastructure detail.

Balanced transparency

This page explains provider categories, data types, processing purposes, and governance expectations without publishing sensitive architecture details.

Cross-border notice

Providers may process data outside India depending on deployment, user location, provider region, and configured integrations.

Configuration dependent

Specific providers can vary by deployment, region, plan, integration, and self-hosting configuration.

Hosting and infrastructure

Used to serve the application, route requests, store runtime assets, and operate production infrastructure.

  • Provider type: application hosting, CDN, edge routing, server/container, and deployment infrastructure
  • Data: IP-derived request metadata, account activity, public pages, application logs, uploaded/public assets where routed through hosting
  • Controls: HTTPS, access control, deployment protection, provider security controls, and data processing terms where available

Database and storage

Used to store account, resume, career record, workflow, consent, request, upload, and application data.

  • Provider type: managed database, object/file storage, backup, and application data services
  • Data: account records, resumes, notebook items, portfolios, consent logs, DPDP requests, uploaded files, generated exports
  • Controls: private-by-default storage, database authentication, access restrictions, backup and purge-cycle documentation

Authentication and identity

Used to authenticate users and support optional social sign-in.

  • Provider type: authentication framework, email/password identity, optional OAuth/social sign-in, and session management
  • Data: name, email, provider identifier, profile image where provided, session metadata
  • Controls: minimum OAuth scopes, HttpOnly cookies, session revocation, account deletion and consent records

AI providers

Used only when users run AI-powered workflows, generation, refinement, analysis, or portfolio drafting.

  • Provider type: hosted AI model providers, AI gateway services, and optional local/self-hosted model runtimes
  • Data: prompts, career record snippets, resume content, job descriptions, workflow instructions, generated text, provider metadata
  • Controls: explicit AI processing notice, provider fallback handling, prompt minimization, output review requirements, rate limiting

Email, monitoring, payments, and analytics

Used for transactional communication, error monitoring, billing, operational analytics, and optional product analytics.

  • Provider type: transactional email, error monitoring, billing/payment processing, operational analytics, and consent-gated product analytics
  • Data: email address, transactional email metadata, error traces, billing identifiers, consented analytics signals
  • Controls: DPAs where available, access restrictions, consent gating for optional analytics, no analytics loading before consent

Internal vendor governance

Credensa maintains a non-public vendor register with provider names, purpose, data categories, country/region, DPA status, security review, and deletion process.

  • Review subprocessor lists and provider changes periodically
  • Limit data sent to vendors to what is necessary for the feature being used
  • Revoke vendor access and request deletion/return of data when services are terminated
  • Monitor Government of India restrictions on cross-border transfers and adjust vendors if required

Provider details on request

Credensa may share additional processor details with users, customers, auditors, or legal/security reviewers where there is a legitimate privacy, security, contractual, or compliance need.

  • Public pages avoid account IDs, deployment topology, exact regions, internal tooling, keys, endpoints, and security-control specifics
  • Detailed vendor records may be provided under appropriate confidentiality, contractual, or verification requirements
  • Security researchers should use the vulnerability disclosure process rather than relying on public legal pages for system details

Need a vendor question answered?

Contact Credensa for privacy, processor, DPA, or security-review questions.

Contact PrivacyPrivacy Notice

Builder Command Palette

Type a command or search...