credentialdapp
Menu
Get Started

Privacy Policy

Last updated: March 2, 2026

Overview

credentialdapp (“we,” “us,” or “our”) is operated by LEC Group Inc. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the credentialdapp platform and related services (collectively, the “Service”). By using the Service, you consent to the practices described in this policy.

Data We Collect

We collect the following categories of information:

Account Information

  • Name, email address, and profile information (provided via registration or social login)
  • Authentication credentials managed by our identity provider (Supabase Auth)

Identity Verification Data

  • Identity documents (passport, driver's license) and liveness check images, processed by our KYC partner (Sumsub)
  • Verification status and results (passed, failed, pending)
  • XRPL wallet addresses associated with your credential applications

Financial Information

  • XRPL payment transaction hashes and amounts for credential fees
  • Credential issuance and acceptance transaction records on the XRP Ledger

Usage Information

  • Device type, browser, operating system, and IP address
  • Pages visited and features used
  • Application and credential status history

How We Use Your Data

We use your information to:

  • Create and manage your credentialdapp account
  • Process identity verification through our KYC partner
  • Issue, manage, and verify XRPL on-ledger credentials
  • Process credential fee payments on the XRP Ledger
  • Send transactional notifications (credential issued, credential active, expiry reminders)
  • Comply with legal and regulatory obligations, including KYC/AML requirements
  • Detect and prevent fraud, abuse, and unauthorized access
  • Improve the Service through aggregated, anonymized analytics

Data Sharing

We do not sell your personal data. We may share information with the following parties only as necessary to provide the Service:

  • Sumsub: Our identity verification partner. Sumsub processes document checks, liveness verification, and PEP/sanctions screening under their own privacy policy.
  • XRP Ledger: Credential records (credential type, issuer address, subject address, expiry) are stored on the public XRP Ledger. On-ledger data is immutable and publicly accessible. No personally identifiable information is stored on-ledger.
  • Supabase: Our infrastructure provider for authentication, database hosting, and file storage.
  • Resend: Our email delivery provider for transactional messages.
  • Vercel: Our hosting provider for the application and API services.
  • XRPL Operators: Third-party operators on the XRPL (exchanges, DeFi protocols, tokenization platforms) may verify the existence and status of your on-ledger credential. They cannot access your personal identity data through the credential alone.
  • Law Enforcement: If required by valid legal process, court order, or applicable law.

Data Security

We implement industry-standard security measures to protect your data, including:

  • 256-bit TLS encryption for all data in transit
  • Encrypted database storage at rest
  • Row-level security policies ensuring users can only access authorized data
  • Client-side XRPL transaction signing — your private keys never leave your browser
  • Rate limiting on all API endpoints to prevent abuse

While we take reasonable precautions, no method of electronic transmission or storage is 100% secure. You are responsible for maintaining the confidentiality of your login credentials and XRPL private keys.

Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Credential-related records and audit logs are retained for a minimum of 5 years to comply with KYC/AML regulatory requirements. If you delete your account, we will remove your personal information within 30 days, except where retention is required by law.

On-ledger credential data on the XRP Ledger is immutable and cannot be deleted. However, credentials can be revoked by the issuer, which updates their on-ledger status.

Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your personal data (subject to legal retention requirements)
  • Port your data to another service in a machine-readable format
  • Withdraw consent for optional data processing at any time
  • Object to processing based on legitimate interests

To exercise any of these rights, please contact us at privacy@lecgroup.io.

Cookies & Tracking

We use essential cookies and local storage to maintain your session, remember your preferences (such as theme), and ensure the Service functions correctly. We do not use third-party advertising trackers or sell cookie data.

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of the Service.

Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete such information promptly.

International Transfers

Your data may be processed in countries other than your own, including the United States. We ensure that appropriate safeguards are in place to protect your data in accordance with applicable privacy laws, including GDPR standard contractual clauses where applicable. Additionally, credential data stored on the XRP Ledger is distributed across a global network of validators.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

LEC Group Inc.

Email: privacy@lecgroup.io