Privacy Policy
1. Introduction
CreditLab and its affiliates ("CreditLab," "we," "our," or "us") help U.S. businesses identify, calculate, and document federal and state research & development (R&D) tax credits. We are committed to privacy and security and to being clear about our practices. This policy explains what information we collect through creditlab.io and its subdomains, including portal.creditlab.io (the "Site"), our client portal, and our business outreach; how we use it; and the choices and rights you have. By using the Site you consent to the practices described here. This policy is incorporated into our Terms and Conditions.
2. Information We Collect
Information you provide
When you request an estimate, complete an intake form, book a meeting, correspond with us, or engage our services, we collect the details you choose to share — such as your name, email address, phone number, job title, company name, and business information relevant to evaluating potential credits (for example headcount, payroll figures, and descriptions of development activities).
Business contact information
For our business-to-business outreach we obtain professional contact details (name, role, business email, company website) from publicly available sources and licensed business-data providers. We contact people only in their professional capacity, about services relevant to their business, and always with a way to opt out.
Information collected automatically
Like most websites, our hosting and infrastructure providers keep standard server logs (IP address, browser type, referring pages, pages visited, timestamps) used for security, debugging, and site operation. See our Cookie Policy for details on cookies — in short, we use only the cookies needed to run the Site, and we do not run advertising trackers.
Client engagement information
If you become a client, we collect the financial and technical records needed to prepare your credit study (payroll data, project documentation, and similar). Engagement information is confidential under the terms of your engagement letter and is used only to perform the engagement.
3. How We Use Information
- To respond to your inquiries and provide the estimates and information you request.
- To deliver our services under an engagement, including preparing credit calculations and supporting documentation.
- To send relevant business outreach; every such email identifies us and includes a way to opt out.
- To operate, secure, maintain, and improve the Site and our services.
- To comply with legal, regulatory, and professional obligations, and to establish or defend legal claims.
We do not sell personal information, and we do not share it with third parties for their own marketing. We do not use your information for automated decision-making that produces legal or similarly significant effects.
4. Cookies and Similar Technologies
Our use of cookies and similar technologies is described in our Cookie Policy. The Site works without marketing or advertising cookies because we don't use any.
5. How We Share Information
We share information only:
- With service providers who help us operate — website and database hosting, email delivery, scheduling, e-signature, and document handling — under terms that limit their use of your information to providing services to us.
- For legal reasons, where disclosure is required by law, regulation, legal process, or to protect the rights, safety, or property of CreditLab or others.
- In a business transfer, if CreditLab is involved in a merger, acquisition, or sale of assets, in which case this policy will continue to apply to your information.
6. Email Choices
If you'd rather not hear from us, click the opt-out link in any outreach email or simply reply and tell us. We honor every request and maintain a suppression list so you aren't contacted again. We will still send you messages necessary to an active engagement (for example document requests) even if you opt out of marketing.
7. Data Retention
We keep personal information only as long as needed for the purposes above. Engagement records are retained as required by tax-documentation and professional obligations; outreach contact data is removed or suppressed when no longer needed or upon request.
8. Security
We use reasonable administrative and technical safeguards to protect information — encryption in transit, access controls, and least-privilege access to client data. No method of transmission or storage is completely secure, so we cannot guarantee absolute security; if a breach affecting your information occurs, we will notify you as required by law.
9. Your Privacy Rights
Depending on where you live, you may have rights over your personal information, including the rights to:
- Know and access — request a copy of the personal information we hold about you and how it is used and shared.
- Correct — ask us to fix inaccurate information.
- Delete — ask us to delete your information, subject to legal retention requirements.
- Opt out — of marketing communications at any time.
California residents (CCPA/CPRA)
In the last 12 months we have collected these categories of personal information: identifiers (name, email, phone), professional information (employer, role), commercial/business information you provide for estimates or engagements, and internet activity (server logs). We collect them from you, from public sources, and from licensed data providers, for the purposes in Section 3. We do not sell or "share" (for cross-context behavioral advertising) personal information, and we do not use sensitive personal information beyond what is necessary to provide our services. California residents may exercise the rights above — including through an authorized agent — by contacting us as described below. We will verify your request, respond within the legally required timeframe, and never discriminate against you for exercising your rights.
10. Do Not Track
Because we don't track visitors across third-party websites, we treat all visitors the same regardless of browser "Do Not Track" signals — there is no cross-site tracking to disable.
11. Children
The Site and our services are directed to businesses and are not intended for anyone under 16. We do not knowingly collect information from children; if you believe a child has provided us information, contact us and we will delete it.
12. Third-Party Websites
The Site may link to third-party websites and services (for example scheduling tools). Their privacy practices are their own; we encourage you to review their policies.
13. Changes to This Policy
If we make material changes we will update this page and revise the date above. Your continued use of the Site after changes are posted means you accept them.
14. Contact Us
To ask a question or exercise any privacy right:
CreditLab · info@creditlab.io · (838) 288-4775