How we handle
your data

A select subset of our employees have access to our products and customer data through controlled interfaces.

The purpose of granting access to a subgroup of employees is to provide efficient customer support, troubleshoot potential issues, detect and respond to security incidents, and implement data security measures.

Access to customer data is enabled through "just in time" access requests. All such requests are logged. Employees are granted access based on their roles, and reviews of high-risk privilege grants are initiated daily. Employee roles and access privileges are reviewed and revised at least once a year.

At Creditro, we believe in the importance of conducting thorough background checks as an essential part of our hiring process. This ensures that only the most reliable and qualified professionals join our team.

Our background checks are carried out in full compliance with applicable laws and regulations.

We also take great pride in maintaining a high level of ethics and integrity in our company culture. All of our employees are committed to adhering to our company's guidelines, which include strict requirements for confidentiality and protection of confidential information. This ensures that our clients can have complete trust in us and our ability to handle their financial matters in a professional and reliable manner.

We host our product infrastructure with multi-tenant, outsourced infrastructure suppliers.

The physical and environmental security protocols are reviewed for SOC 2 Type II and ISO 27001 compliance, among other certifications.

Kundedata lagres i lagersystemer med flere lejere, som kun er tilgængelige for kunder via applikationsbrugergrænseflader og applikationsprogrammeringsgrænseflader. 

Kunder får ikke direkte adgang til den underliggende applikationsinfrastruktur. Autorisationsmodellen i hvert af vores produkter er designet til at sikre, at kun de korrekt tildelte personer kan få adgang til relevante funktioner, visninger og tilpasningsmuligheder.

Autorisation til datasæt udføres ved at validere brugerens tilladelser mod de attributter, der er knyttet til hvert datasæt.

Network access control mechanisms have been designed to prevent network traffic using unauthorised protocols to reach the product infrastructure.

The implemented technical features are separated from the infrastructure suppliers and includes Virtual Private Cloud (VPC) implementations, security group settings and traditional firewall rules.

We utilise a Web Application Firewall-solution (WAF) to protect hosted client-websites and other online applications.

WAF is designed to identify and prevent attacks against publicly accessible network services.

In transit

Creditro enables HTTPS-encryption (also known as SSL or TLS) on all login sites and makes it freely available on all customer websites hosted on our Creditro products. Our HTTPS-implementation uses standard industry algorithms and certificates.

At rest

Creditro stores user passwords according to policies following standard industry security protocols. Creditro has implemented technologies to ensure that stored data is encrypted at rest.

Infrastructure availability

Infrastructure suppliers make a commercially fair effort to secure a minimum of 99,95 % uptime. The suppliers maintain a minimum of N+1 redundancy for power and network.

Fault tolerance

Backup- and replication strategies are designed to secure redundancy and failover protection during a critical system operation. Client data are backed up to multiple data storage facilities and are replicated across several availability points.

Online replicas and backups

Production databases are designed to replicate data between no less than a primary and secondary database wherever possible. All databases are backed up and maintained using industry-standard methods or better. 

Our products are designed to secure redundancy and problem-free failovers. The servers supporting our products have also been designed to prevent single points of failure. This design helps our services by maintaining and updating the product applications and backend while limiting possible downtime.