Frequently asked
questions

Credentic is an AI-powered academic credential and transcript verification platform. We connect directly to institutional sources to verify student records — eliminating the need for uploaded documents and the fraud risk that comes with them.

Credentic serves three audiences: students who need their credentials verified for visa or employment purposes, institutions that want to provide verified records through a secure API, and organisations (employers, immigration agents, universities) that need to verify someone's academic background.

Traditional services rely on students uploading documents, which can be forged. Credentic retrieves records directly from the issuing institution's system with the student's consent — meaning the data is authentic by design, not by inspection.

No. Credentic retrieves your academic records directly from your institution. You simply provide consent and basic identifiers. No scanning, no uploading, no risk of rejection due to poor document quality.

Yes. Your data is encrypted at rest (AES-256) and in transit (TLS 1.3). We only access the specific records needed for your verification, and all data is deleted from our systems within 24 hours of verification completion.

We are actively expanding our institutional network. If your institution is not yet connected, we will reach out to them on your behalf (with your permission) or offer alternative verification paths where available.

Most verifications complete within minutes once your institution responds to the API query. End-to-end, the typical process takes less than 24 hours from consent to verified result.

Nothing. Credentic partnerships are free for institutions. We do not charge you to connect, maintain, or operate the integration. Our revenue comes from the verification requesters, not from you.

Only the fields defined in your Data Processing Agreement — typically degree title, award date, GPA or classification, enrolment status, and a hashed student ID. You control the exact scope and can adjust it at any time.

Yes. The API scope is defined in your DPA and can be restricted to specific record types, degree levels, or graduation year ranges. You retain full control over the exact data fields made available.

Consent is a hard gate. If a student does not grant consent, no query is sent to your institution — full stop. Your systems are never queried without an active, logged consent event.

Verification requests are individual, event-driven queries — not bulk data pulls. Rate limiting defaults ensure no more than 1,000 requests per day, and this can be set lower by your IT team.

You can exit with 60 days written notice. API credentials are revoked on exit date, all cached data is deleted within 7 days with written confirmation. No penalties, no fees.

Credentic is certified by the Ghana Data Protection Commission under the Data Protection Act, 2012 (Act 843). We also comply with GDPR, UK GDPR, and FERPA. All data is encrypted with AES-256 at rest and TLS 1.3 in transit.

Yes. We undergo annual third-party penetration testing with a remediation SLA. API credentials are rotated on a 90-day cycle and can be revoked instantly by partner institutions.

Retrieved records are deleted from Credentic systems within 24 hours of verification completion. Audit logs (without personal data) are retained for 7 years for compliance purposes.

Yes. We provide our full DPA, security architecture documentation, and Ghana Data Protection Commission certification upon qualified enquiry. Contact our team to request access.