Learn how KredPilot protects your data and maintains the highest security standards to keep your professional reputation safe.
Your data security is our top priority. We implement multiple layers of protection to ensure your information remains safe and confidential.
All data transmitted between your browser and our servers is encrypted using TLS 1.3 with 256-bit encryption. This ensures that your credentials, ratings, and personal information cannot be intercepted during transmission.
All sensitive data stored in our databases is encrypted using AES-256 encryption. This includes passwords (which are also hashed with bcrypt), payment information, and personal details.
Secure, signed tokens with 15-minute expiration stored in httpOnly cookies
Automatic refresh token rotation with reuse detection
Bcrypt with salt rounds for irreversible password storage
Tokens stored in secure, httpOnly cookies to prevent XSS attacks
PostgreSQL with row-level security policies, parameterized queries to prevent SQL injection, and automated backups with 30-day retention.
Rate limiting on API endpoints (1,000 req/hour for Pro users) and Cloudflare protection against distributed denial-of-service attacks.
All dependencies and frameworks are kept up-to-date with security patches applied within 24 hours of disclosure.
Our systems are monitored 24/7 for suspicious activity. We log all authentication attempts, API requests, and administrative actions for audit purposes. Anomalies trigger immediate alerts to our security team.
You have complete control over your data and who can see your professional information. KredPilot provides granular privacy settings to match your comfort level.
Your profile, ratings, and trust score are visible to everyone on the internet. This is recommended for maximum credibility.
Keep your email private on your public profile while remaining visible to potential clients through the platform.
Control whether your profile appears in Google and other search engines. Your profile remains fully transparent on KredPilot, but you decide on external discoverability.
Choose whether your email is visible on your public profile
Show or hide your city and country information
Toggle visibility of written feedback on individual ratings
Control whether your project list is publicly visible
Request a complete export of all your data at any time. We'll provide a JSON file with your profile, ratings, projects, and activity logs within 48 hours.
Update or correct any inaccurate information in your profile directly through your dashboard settings at any time.
Permanently delete your account and all associated data. This action is irreversible and removes all your ratings, projects, and profile information within 30 days.
We use essential cookies for authentication and security. We do not use tracking cookies or share data with third-party advertisers. Analytics are anonymized and used solely to improve platform performance.
KredPilot adheres to international data protection regulations and industry best practices to ensure your information is handled responsibly.
General Data Protection Regulation (EU)
California Consumer Privacy Act (US)
Payment Card Industry Data Security Standard
Service Organization Control 2 (In Progress)
We only collect data that's absolutely necessary to provide our services. No unnecessary tracking, profiling, or behavioral analytics. Your professional reputation data is the focus—nothing more.
Your data is used exclusively for the purposes you agreed to: managing your professional reputation, processing ratings, and providing platform features. We never sell or share your data with third parties for marketing.
Active accounts: Data retained indefinitely. Inactive accounts (no login for 2+ years): Automated notification before data archival. Deleted accounts: All personal data removed within 30 days, ratings anonymized for platform integrity.
We work with trusted service providers who meet our security standards:
In the unlikely event of a data breach:
Internal detection and containment
Affected user notification
Regulatory authority notification
For privacy concerns, data access requests, or compliance questions, contact our Data Protection Officer at privacy@kredpilot.com. We respond to all inquiries within 48 hours.