What exactly does Credia analyze in my term sheet?

We analyze over 40 key terms including interest margins, fees, covenants, collateral requirements, prepayment conditions, and more.

How accurate is the benchmark data?

Our benchmarks are based on 500+ actual Belgian financing transactions across various industries and deal sizes.

Is my financial data secure?

Absolutely. We use bank-grade encryption (AES-256) for all data. We're fully GDPR compliant and based in Brussels.

Your Data Security is Our Priority

Credia implements industry-leading security measures and maintains full GDPR compliance to protect your confidential loan information.

Data Protection & Encryption

TLS 1.2+ encryption in transit: All data transmitted between your device and Credia servers is encrypted using TLS 1.2 or higher, preventing interception.

AES-256 encryption at rest: All data stored on our servers is encrypted using AES-256, the military-grade standard.

HMAC-SHA256 hashing: Your IP address is hashed using HMAC-SHA256 with a server-side secret. We do not store your actual IP address.

Data Processing Agreements with Standard Contractual Clauses: All third-party processors have DPAs with SCCs approved by the European Commission.

Zero third-party sharing: We do not sell, rent, or share your data with marketers, advertisers, or other unauthorized parties.

GDPR Compliance

Credia is fully compliant with the General Data Protection Regulation (GDPR). We have Data Processing Agreements (Article 28 DPAs) with all seven data processors. We maintain a Record of Processing Activities (ROPA) and have established a Data Subject Access Request (DSAR) process. The Belgian Data Protection Authority (Gegevensbeschermingsautoriteit) is our supervisory authority. All data transfers to US-based processors are protected by Standard Contractual Clauses.

What We Never Do

Sell or rent your data: We never monetize your personal information or loan data by selling it to third parties.

Train AI models on your documents: Your term sheets and extracted data are not used to train Anthropic's Claude model or any other AI model. This restriction is contractually guaranteed in our Data Processing Agreement with Anthropic (Art. 28 GDPR). DPA available upon request.

Store your IP address: We only store a cryptographic hash of your IP address, not the actual address.

Share unencrypted data: All data shared with processors is transmitted via secure, encrypted channels and stored encrypted.

Pseudonymization & Privacy Enhancement

We apply advanced privacy-enhancing pseudonymization techniques to protect your identity in benchmarking datasets: K-anonymity (k≥5) ensures individual records cannot be singled out from at least 4 others in aggregated data. Bank names are hashed using HMAC-SHA256, and loan amounts are banded into ranges to reduce re-identification risk. Important: pseudonymized data remains subject to GDPR and your data subject rights. You may opt out of benchmarking at any time through your account settings or by contacting privacy@credia.pro.

Data Deletion

Free tier accounts: Your data is automatically deleted after 12 months of account inactivity.

With active account: You can delete your account and all associated data with one click. We apply a 30-day grace period before permanent purge in case of accidental deletion.

Anthropic (Claude API): Data is automatically deleted within 30 days of processing. We confirm in writing that your documents are not retained for model training.

Security & Privacy Contact

For security concerns or to report vulnerabilities: data@credia.pro. For data privacy questions or to exercise your rights: privacy@credia.pro. For legal inquiries: legal@credia.pro. We respond to all security inquiries within 24 business hours. For formal complaints, contact the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit), Drukpersstraat 35, 1000 Brussel, Belgium, www.gegevensbeschermingsautoriteit.be.

data@credia.pro