Privacy Policy

Effective date: 11-01-2025
Revision history: v1.0 — Initial publication on 11-01-2025

This Privacy Policy explains how Credit Enforcer (“Credit Enforcer,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information when you visit creditenforcer.com, engage with our courses, resources, or consulting services, or otherwise interact with us. We are committed to ethical, lawful, and transparent practices that meet or exceed global privacy standards, including the EU/UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and other applicable laws.

If you have questions or requests, contact us at privacy@creditenforcer.com or by mail:
Credit Enforcer c/o PS Boyce Co, 5868 Westheimer RD Ste 353, Houston, TX 77057, United States.

1) Scope

  • Applies to: Website visitors, account holders, course participants, 1‑on‑1 session clients, newsletter subscribers, and business contacts.
  • Channels: Website, email, SMS/MMS, social messaging, in‑app communications, customer support, and any future service channels.
  • Exclusions: Information about employees/contractors may be governed by separate notices.

2) Categories of Data We Collect

A) Information you provide directly

  • Account and profile: name, email, username, password, role/title, company, country/region, time zone, preferences.
  • Contact and communication: inquiries, support tickets, messages, call notes, meeting bookings.
  • Transactional: course enrollments, subscription status, purchase history, invoices, last 4 digits of card (if displayed to us), payment confirmations. We typically use third‑party payment processors and do not store full payment card numbers.
  • Content submissions: comments, reviews, survey responses, forms, uploaded files.
  • One‑on‑one sessions: scope, notes you share, scheduling details.

B) Information collected automatically

  • Device and usage: IP address, device identifiers, browser type/version, operating system, language, referring/exit pages, pages viewed, links clicked, session duration, approximate location (derived from IP), timestamps.
  • Cookies and similar technologies: session cookies, preference cookies, analytics cookies, and advertising/retargeting identifiers where applicable.
  • Email/SMS interaction data: open rates, click‑through, bounce, unsubscribe, deliverability diagnostics.

C) Information from third parties

  • Payment processors: transaction confirmations and limited billing metadata.
  • Marketing and analytics providers: audience insights and campaign performance data.
  • Social media or single sign‑on (SSO): if you connect or interact via a platform, we may receive your public profile info and contact details (subject to your settings).
  • Referral/partner programs: lead data with documented consent; we require partners to comply with applicable laws.

3) Purposes and Legal Bases for Processing

We process personal data only where lawful and necessary. Our purposes and applicable legal bases (GDPR Art. 6) include:

  • Provide services and operate the site: account creation, authentication, course delivery, bookings, customer support, troubleshooting. Legal basis: contract performance; legitimate interests.
  • Communications: service notices, transactional emails, security alerts. Legal basis: contract performance; legitimate interests.
  • Marketing with consent: newsletters, promotions, event/course updates. Legal basis: consent; you can withdraw at any time.
  • Marketing without consent where permitted by law (primarily B2B in limited jurisdictions): Legal basis: legitimate interests with opt‑out, subject to local law. We default to opt‑in for marketing.
  • Personalization and analytics: improving content, features, and user experience; measuring performance. Legal basis: consent where required for cookies; legitimate interests otherwise.
  • Security and fraud prevention: detecting abuse, protecting accounts, enforcing terms, preventing spam. Legal basis: legitimate interests; legal obligation.
  • Legal compliance: tax, accounting, regulatory responses, lawful requests. Legal basis: legal obligation; vital interests in emergencies.

Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

4) Cookies and Similar Technologies

  • Types:
    • Strictly necessary (authentication, security, core functionality).
    • Preferences (remember settings like language, login state).
    • Analytics (site usage, performance, error diagnostics).
    • Marketing/advertising (audience measurement, retargeting) — used only with consent where required.
  • Controls:
    • Cookie banner/manager where applicable to obtain and record consent and allow granular choices.
    • Browser settings to block or delete cookies; doing so may impact functionality.
  • Retention:
    • Session cookies expire when you close your browser; persistent cookies have set lifetimes disclosed in the cookie manager.

5) How We Share Information

We do not sell personal information in the traditional sense. We may share:

  • Service providers/processors: hosting, security, analytics, CRM, email/SMS platforms, scheduling, payment processing, and customer support tools that act under our instructions and are bound by confidentiality and data protection terms.
  • Professional advisors: legal, tax, insurance, and compliance advisors under confidentiality.
  • Partners and affiliates: with your consent or at your direction (e.g., referrals to a licensed commercial collection partner).
  • Legal and compliance: to comply with applicable law, enforce our agreements, protect rights, safety, and security, or respond to lawful requests.
  • Business transfers: in the event of a merger, acquisition, reorganization, or asset sale, subject to continuity of protections and notice where required.

We impose contractual obligations on processors to implement appropriate security, respect data subject rights, and assist with compliance.

6) International Data Transfers

  • We are based in the United States and may process data in the U.S. and other countries. Where GDPR/UK GDPR applies, we rely on:
    • Adequacy decisions where available; and/or
    • Standard Contractual Clauses (SCCs) and UK Addendum/IDTA with supplemental measures as needed.
  • For other jurisdictions requiring transfer mechanisms, we implement appropriate safeguards consistent with local law.
  • You may request a copy of relevant transfer safeguards (redacted) by contacting privacy@creditenforcer.com.

7) Data Retention

  • We retain personal data only as long as necessary for the purposes described, including:
    • Accounts and service records: for the life of the account plus up to 3 years after last activity, unless longer retention is required (e.g., tax, regulatory) or requested by you.
    • Transactional and financial records: typically 7 years or as required by applicable law.
    • Marketing data: until you withdraw consent or opt out, plus a suppression record retained indefinitely to honor your opt‑out.
    • Security and logs: typically 12–24 months unless needed longer for investigations.
  • After retention periods, we securely delete or anonymize data.

8) Security Measures

We implement administrative, technical, and physical safeguards appropriate to the risk, including:

  • Transport and storage protection: HTTPS/TLS; encryption at rest where supported for key systems; restricted access on a need‑to‑know basis.
  • Authentication and access controls: strong passwords, least‑privilege roles, MFA for administrative systems where feasible, audit logging.
  • Secure development and operations: patch management, vulnerability scanning, change control, regular backups, and disaster recovery planning.
  • Vendor due diligence: security evaluations and contractual requirements for processors.
  • Training and policies: staff confidentiality, security and privacy awareness.

No method of transmission or storage is 100% secure; we strive to continuously improve our defenses.

9) Breach Detection and Notification

  • Detection and response: We maintain an incident response plan to detect, assess, contain, and remediate suspected personal data breaches.
  • Notification: Where a personal data breach is likely to result in a risk to the rights and freedoms of individuals, we will notify competent authorities and affected individuals without undue delay and in accordance with applicable laws (e.g., GDPR Arts. 33–34, U.S. state breach laws). Notifications will include the nature of the breach, likely consequences, measures taken, and recommended steps to protect yourself.

10) Your Privacy Rights

Your rights depend on your jurisdiction but may include:

A) EU/EEA/UK (GDPR/UK GDPR)

  • Access: obtain a copy of your personal data and related information.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion in certain circumstances.
  • Restriction: limit processing under specific conditions.
  • Portability: receive data in a structured, commonly used, machine‑readable format and transmit it to another controller.
  • Objection: object to processing based on legitimate interests or direct marketing at any time.
  • Consent withdrawal: withdraw consent at any time where processing is based on consent.
  • Complaint: lodge a complaint with a supervisory authority.

B) California (CCPA/CPRA)

  • Right to know: request details about categories and specific pieces of personal information collected, sources, purposes, and disclosures.
  • Right to delete: request deletion of personal information, subject to exceptions.
  • Right to correct: request correction of inaccurate information.
  • Right to opt out of “sale” or “sharing” for cross‑context behavioral advertising: we do not sell personal information; if we “share” for advertising, you can opt out via our cookie preferences.
  • Non‑discrimination: we will not discriminate for exercising your rights.

C) Other jurisdictions

  • You may have similar rights (access, correction, deletion, portability, objection) under local laws. We honor valid rights requests consistent with applicable requirements.

How to exercise your rights:

  • Email privacy@creditenforcer.com with your request and sufficient information to verify your identity and locate your data. We may ask for additional verification where appropriate. Authorized agents may act on your behalf where permitted by law.

11) Children’s Privacy

Our services are intended for business professionals. We do not knowingly collect personal data from children under the age of 16 (or lower age if permitted by local law with parental consent). If you believe a child provided us data, contact us to request deletion.

12) Do Not Track and Global Privacy Controls

  • Do Not Track: We do not respond to DNT signals due to lack of industry consensus.
  • Global Privacy Control (GPC): Where legally required (e.g., California), we treat a valid GPC signal as an opt‑out of “sharing” for cross‑context behavioral advertising.

13) Third-Party Links and Services

Our site may link to third‑party websites, social networks, or resources. We are not responsible for their privacy practices. Review their policies before providing personal data.

14) Marketing Communications and Opt‑Out

  • We send commercial messages only with appropriate legal basis (typically express opt‑in).
  • Unsubscribe instructions are included in each marketing email/SMS. You can also email privacy@creditenforcer.com.
  • We maintain a perpetual suppression list to honor your opt‑out.

15) Automated Decision-Making and Profiling

We do not make decisions with legal or similarly significant effects based solely on automated processing. We may use limited profiling for analytics or to tailor content, subject to your consent where required and your right to object.

16) Data Controller and Representative

  • Controller: Credit Enforcer, 5868 Westheimer RD Ste 353, Houston, TX 77057, United States; privacy@creditenforcer.com.
  • If GDPR requires an EU/UK representative, we will identify and publish those details here when appointed.

17) Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be noted in the revision history below and, where required, communicated to you. Your continued use after the effective date signifies acceptance of the updated Policy.

18) Severability

If any provision of this Policy is found invalid or unenforceable, the remaining provisions will continue in full force and effect.

19) Governing Law and Jurisdiction

This Policy is governed by the laws of the State of Texas, United States, without regard to conflicts of law. Courts located in Harris County, Texas shall have exclusive jurisdiction, unless mandatory consumer protection laws of your residence require otherwise.

20) Contact

  • Email: privacy@creditenforcer.com
  • Postal: Credit Enforcer c/o PS Boyce Co, 5868 Westheimer RD Ste 353, Houston, TX 77057, United States

Revision history

  • v1.0 — 11-01-2025: Initial publication and global alignment with GDPR and CCPA/CPRA.