Workcred

Legal

Privacy Policy

Terms of Service

Last updated March 18, 2026

Workcred, Inc. (“Workcred,” “we,” “us,” or “our”) is committed to protecting the privacy of our users. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you use the Workcred platform.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, company name, and role when you register.
  • Employee Information: First name, last name, date of birth, phone number, mailing address, and last four digits of Social Security Number (SSN) — required for credit bureau matching and credit account setup.
  • Billing Information: Company billing email and payment method details (processed by our payment processor — we do not store full payment card numbers).

1.2 Information Collected Automatically

  • Device and browser information, IP address, and usage analytics.
  • Log data including pages visited, timestamps, and referring URLs.

1.3 Information from Third Parties

  • Employee data imported from connected HR/payroll platforms (Justworks, Rippling, Gusto, ADP, Paychex, BambooHR, Workday) with your company's authorization.
  • Credit reporting data from our credit reporting systems and vendors related to credit-building status and furnishment confirmations.

2. How We Use Your Information

  • Create and manage credit-builder accounts on behalf of employees
  • Report on-time payments to Equifax, Experian, and TransUnion through a Metro 2® compliant data furnisher
  • Process per-enrolled employee payments and generate invoices
  • Send transactional emails (enrollment confirmations, payment receipts, credit bureau reporting notifications)
  • Provide customer support and respond to inquiries
  • Comply with legal obligations, including the Fair Credit Reporting Act (FCRA)
  • Improve and optimize our platform

3. Sensitive Information

We collect the last four digits of Social Security Numbers solely for the purpose of credit bureau identity matching as required for accurate credit reporting. This data is:

  • Encrypted at rest using AES-256 encryption
  • Encrypted in transit using TLS 1.3
  • Accessible only to authorized systems that require it for credit bureau operations
  • Never sold, shared for marketing purposes, or used for any purpose other than credit reporting

4. How We Share Your Information

We share personal information only in the following circumstances:

  • Credit Bureaus: Payment history and credit-building account data are reported to Equifax, Experian, and TransUnion through a Metro 2® compliant data furnisher.
  • Your Employer: Company administrators can view enrollment status, payment status, and aggregate credit improvement data. They cannot access your SSN or personal credit details.
  • Service Providers: We share information with vendors who assist in operating our platform (hosting, email delivery, payment processing) under strict data processing agreements.
  • Legal Requirements: When required by law, subpoena, or legal process, or to protect our rights and safety.

5. Data Retention

We retain personal information for as long as your account is active or as needed to provide services. Credit reporting data is retained for the duration required by the FCRA (typically 7 years for account history). When an employee cancels enrollment, we close the credit-builder account but retain historical data as required by law.

6. Your Rights

You have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Request deletion of your account and personal data (subject to legal retention requirements)
  • Opt out of non-essential communications
  • Dispute information reported to credit bureaus (in accordance with FCRA requirements)

To exercise these rights, contact us at privacy@workcred.co.

7. Security

We implement industry-standard security measures including encryption at rest and in transit, role-based access controls, regular security audits, and SOC 2 compliant infrastructure. Our database is hosted on Supabase with row-level security policies enforced at the database level.

8. Children's Privacy

Workcred is not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our platform. Continued use of Workcred after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy, contact us at: