Privacy Policy

Last updated: May 10, 2026

CredX (operated by The Malloy Group Financial, "we", "us", "our") is committed to protecting the privacy of the personal and financial information you share with us. This policy describes what we collect, how we use it, and the choices you have. It is meant to satisfy the disclosure requirements of the Gramm-Leach-Bliley Act (GLBA), the California Consumer Privacy Act (CCPA/CPRA), and similar state privacy laws.

1. Information We Collect

• Identifiers: name, email, phone, postal address, IP address.
• Sensitive personal information: Social Security number, date of birth, credit-report content, and credit monitoring credentials when you choose to provide them.
• Account & usage data: portal activity, course progress, dispute history, files you upload (credit reports, ID, proof of address), signed agreements.
• Payment data: we use a PCI-compliant third-party processor (Payment Cloud or Stripe). Card numbers are never stored on CredX servers.

2. How We Use It

• Deliver the credit-improvement services described in your service agreement.
• Generate dispute letters, FTC and CFPB filings, and educational materials.
• Process payments and manage your subscription.
• Communicate with you about your account, schedule, and progress.
• Comply with applicable laws (CROA, FCRA, FDCPA, GLBA Safeguards Rule).

3. Who We Share It With

We share your information only with: (a) service providers under written contract (email delivery, AI processing, payment, hosting); (b) credit bureaus and creditors when you authorize a dispute on your behalf; (c) federal or state agencies when you submit an FTC or CFPB filing; (d) law enforcement when legally compelled. We do not sell your personal information.

4. How We Protect It

• HTTPS for all data in transit.
• AES-256 encryption at rest for Social Security numbers and dates of birth.
• Bcrypt password hashing.
• JWT-based session authentication with role-based access control.
• Rate limiting and audit logging on sensitive endpoints.
• Written Information Security Program (WISP) maintained internally per GLBA Safeguards Rule.

5. Data Retention

We retain your information for the longer of: (a) the duration of your active service plus 7 years (federal recordkeeping for credit-repair services), or (b) the period required by applicable tax, legal, or regulatory obligations. You may request deletion of your account at any time, subject to retention obligations described above.

6. Your Rights (CCPA/CPRA, and similar state laws)

• Right to Know: request a copy of the personal information we hold about you.
• Right to Delete: request deletion of your account and personal data.
• Right to Correct: request correction of inaccurate data.
• Right to Opt-Out of Sale/Sharing: we do not sell or share for cross-context advertising.
• Right to Non-Discrimination: we will not penalize you for exercising your rights.

To exercise any right, email privacy@credxme.com. We will respond within 45 days.

7. Cookies

We use essential cookies (session, security) and aggregate analytics cookies. We do not use cross-site advertising trackers. You can configure your browser to block cookies; doing so may break the client portal.

8. Children

CredX services are intended for adults 18+. We do not knowingly collect information from children under 13.

9. Changes

We will post material changes to this policy at this URL with an updated "Last updated" date.

10. Contact

The Malloy Group Financial — CredX
Email: contact@credxme.com
Phone: 866-CREDX-ME