Credric
Legal

Privacy Policy

Your trust is the foundation of our business. This policy explains how Credric collects, uses, and safeguards your information.

Last updated: April 2026

Information We Collect

Credric collects information necessary to provide our PointClickCare user account provisioning service. The categories of information we collect include:

  • Account information: Name, email address, job title, and organization name provided when you create a Credric account or request a demo.
  • Identity source data: User directory information from connected identity providers (such as Microsoft Entra ID) that your organization authorizes Credric to access for provisioning purposes.
  • PointClickCare provisioning data: User account details submitted to PointClickCare on your behalf, including names, roles, departments, facility assignments, and other fields defined in your provisioning templates.
  • Usage and audit data: Actions performed within the platform, including login events, provisioning operations, configuration changes, and approval workflow activity. This data is retained for security, compliance, and troubleshooting purposes.
  • Technical data: IP addresses, browser type, and device information collected automatically when you access the platform.

How We Use Your Information

We use the information we collect for the following purposes:

  • Service delivery: To provision, update, and manage user accounts in PointClickCare as directed by your organization.
  • Platform operation: To authenticate users, enforce role-based access controls, and maintain the security and integrity of our platform.
  • Audit and compliance:To maintain comprehensive audit trails that support your organization's HIPAA compliance obligations.
  • Communication: To send service-related notifications such as provisioning status updates, error alerts, and account security notices.
  • Improvement: To analyze aggregate usage patterns and improve the reliability, performance, and features of our platform.

Data Sharing

Credric does not sell your data. We share information only in the following circumstances:

  • PointClickCare:User account data is transmitted to PointClickCare's UAP web services as required to perform provisioning operations your organization has initiated.
  • Service providers: We use trusted infrastructure and service providers to operate our platform. These providers process data on our behalf under strict contractual obligations and are not permitted to use your data for their own purposes.
  • Legal requirements: We may disclose information when required by law, regulation, legal process, or enforceable governmental request.

Data Security

We implement robust technical and organizational measures to protect your data:

  • Encryption at rest: Sensitive credentials (PointClickCare service account passwords, API keys, SCIM tokens) are encrypted using AES-256-GCM before storage.
  • Encryption in transit: All data transmitted between your browser, our API, and third-party services is protected by TLS 1.2 or higher.
  • Access controls: Role-based access control, multi-factor authentication, and session management protect all user accounts.
  • Password security: User passwords are securely hashed with unique salts. Credric staff cannot view or recover passwords.

For more details, see our Security & Compliance page.

Data Retention

We retain your data for as long as your organization maintains an active Credric account, plus a reasonable period afterward to fulfill our legal and compliance obligations:

  • Account and provisioning data: Retained for the duration of your subscription and deleted upon request after account termination.
  • Audit logs: Retained for up to six years to support HIPAA compliance requirements, even after account termination.
  • Error and diagnostic logs: Retained for a limited period for troubleshooting and platform reliability purposes.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct inaccurate or incomplete personal data.
  • Deletion: Request that we delete your personal data, subject to legal retention requirements.
  • Data portability: Request an export of your data in a structured, machine-readable format.
  • Objection: Object to certain types of processing of your personal data.

To exercise any of these rights, contact us through the Credric platform or via our website. We will respond within 30 days.

HIPAA Compliance

Credric is designed to support healthcare organizations' HIPAA compliance obligations. While Credric does not directly access, store, or transmit electronic Protected Health Information (ePHI) as part of its provisioning service, we recognize that user account data in healthcare systems can be sensitive.

Our platform's security architecture — including AES-256 encryption, multi-tenant data isolation, comprehensive audit trails, role-based access controls, and multi-factor authentication — is built to meet or exceed the technical safeguard requirements outlined in the HIPAA Security Rule.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify active account holders by email and update the "Last updated" date at the top of this page.

We encourage you to review this policy periodically. Your continued use of Credric after any changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, please reach out through the demo request form on our website or contact us directly through the Credric platform.

Get Started

Ready to automate
PointClickCare provisioning?

See how Credric can give your IT team back the hours they spend on manual account management — regardless of your infrastructure.

By submitting, you agree to our Privacy Policy. We'll never share your information.