1. Who We Are
CredentialCore is operated by Blood Moon Tech ("we," "us," or "our"). We provide an online platform for designing and ordering custom PVC ID cards shipped directly to you. Our website is thecredentialcore.com.
If you have questions about this policy, contact us at our contact page.
2. Information We Collect
Account information: When you register, we collect your name and email address. You may optionally add a profile name.
Design data: Card designs you create — including text, colors, uploaded images, and layout — are stored on our servers so you can access them later.
Order information: When you place an order we collect your shipping name, address, and phone number. Payment is processed by PayPal; we receive a transaction confirmation ID but never see or store your full payment card details.
Uploaded images: Photos and logos you upload to the editor are stored in your private account storage and are only used to render your card designs.
Usage data: We log standard web server access logs (IP address, browser type, pages visited) for security and debugging purposes.
3. How We Use Your Information
- To create and manage your account.
- To store and retrieve your card designs.
- To fulfill and ship your orders.
- To send transactional emails (order confirmations, shipping notifications, password resets) via SendGrid.
- To respond to messages you send us through our contact form.
- To detect and prevent fraud or abuse.
We do not sell your personal information to third parties. We do not use your data for advertising profiling.
4. Third-Party Services
We share limited data with the following service providers solely to operate the platform:
- PayPal — processes payments. Governed by PayPal's Privacy Policy.
- SendGrid (Twilio) — delivers transactional email. Your email address is transmitted to SendGrid for this purpose.
- UPS / USPS — fulfills shipping. Your name and address are shared with the selected carrier to deliver your order.
- GitHub / server hosting — our application code is hosted on a private VPS. No personal data is stored on GitHub.
5. Data Retention
We retain your account and design data as long as your account is active. Order records are retained for a minimum of 7 years for tax and legal compliance. You may request deletion of your account by contacting us; we will remove your personal data within 30 days, except where we are required by law to retain it.
6. Security
Passwords are hashed using bcrypt. All traffic is encrypted in transit over HTTPS. Uploaded files and print renders are stored on a private server not directly accessible to the public without authentication. While we take reasonable precautions, no system is perfectly secure — please use a strong, unique password.
7. Cookies & Sessions
We use a single session cookie to keep you logged in. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. The session cookie is cleared when you sign out or your session expires.
8. Your Rights
Depending on your location, you may have the right to access, correct, export, or delete the personal data we hold about you. To exercise any of these rights, contact us and we will respond within 30 days.
9. Children
CredentialCore is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will post the revised policy on this page with an updated "last updated" date. Continued use of the platform after changes constitutes your acceptance of the revised policy.