Compliant across
every jurisdiction we operate in
We design our data handling to meet the requirements of every regulatory framework applicable to our partners.
Credentic is certified by the Ghana Data Protection Commission. We comply fully with the Data Protection Act, 2012 (Act 843), ensuring lawful processing, storage, and transfer of personal data originating from Ghanaian institutions and citizens.
Our data handling practices meet the requirements of the EU General Data Protection Regulation and UK GDPR. We act as a data processor — your institution remains the data controller. Data Processing Agreements are provided to every partner.
For US-based institutions, Credentic operates within the FERPA framework. Student education records are only accessed with explicit, logged consent. We never access records without a valid consent event, and all access is auditable.
Defence in depth,
at every layer
Every piece of data that enters Credentic is encrypted, access-controlled, and subject to strict retention policies.
How we handle
your data
No student record is ever queried without an active, logged consent event. Consent is a hard gate — if a student does not grant it, no query is sent. Period.
We only retrieve the specific data fields required for verification. No bulk extracts, no data hoarding, no secondary use. Your DPA defines the exact scope.
Your institution retains full control. You define what data is accessible, set rate limits, and can revoke API access instantly from your dashboard at any time.
All verification data is deleted from Credentic systems within 24 hours of completion. On partnership exit, all cached data is purged within 7 days with written confirmation.
Ready to review our
compliance documentation?
We provide full DPA, security documentation, and Ghana Data Protection Commission certification upon qualified enquiry.
Sign In