Credas: Safe as Houses

Here at Credas, we know that you wouldn’t purchase a property unless you were satisfied with its foundations, and so we understand that you wouldn’t use a new service that captures your sensitive, personal data unless you were satisfied the service had appropriate privacy and security measures in place.

Our app

Your first experience of Credas is likely to be by way of providing information via our app; so how secure is it?

Our app requires its users to do everything ‘live’ and in the moment.

It doesn’t enable you to upload your favourite selfie from your photo reel, or that photo of your passport you took when heading overseas (in the event you lost the original).

You must capture your selfie and your document(s) in real-time.

The benefit of this means that the images are sent, encrypted, directly from the app to secure UK-based enterprise-grade secure servers. This means an outsider cannot intercept the transfer and obtain your data. Additionally, it means that no data is stored within the app or on your device – so even if you lose your phone, whoever finds it isn’t going to be able to find that photo of your passport that you took when using our app.

We are proud that our mobile app consistently places higher than any other identity service provider in the App Store (Apple).

The servers

As mentioned, all captured data is held, encrypted, on enterprise-grade secure servers based in the UK. These servers are owned and operated by a global leader in computing.


Any company’s biggest threat is unauthorised access to its data.

At Credas, we operate on the principle of “least privilege”; meaning our staff are provided with the minimum permissions needed to fulfil their function.

In practice, this means that the likes of those in our Human Resources department have zero access to the databases containing your data – because there is no need for them too.

Of course, threats aren’t only internal, so we apply robust solutions to prevent access to our systems from external parties. Obviously, we don’t want to give any potential adversaries hints or tips, so we won’t disclose anything other than that.

At Credas we’re all about being able to walk the walk; not just talk the talk.


To demonstrate this, we submit to audits by assessment bodies accredited by the United Kingdom Accreditation Service (UKAS); the UK’s only government-recognised accreditation body. Accreditations held include:

  • ISO 27001 – this is an internationally recognised standard of adherence to information security management and security techniques
  • Cyber Essentials Plus – this is a scheme backed by the UK Government’s National Cyber Security Centre and demonstrates an organisation’s defences against cyber-attacks

Data protection

As both a controller and processor of personal data, we are required to be registered with the Information Commissioner’s Office, appoint a Data Protection Officer, and adhere to the UK GDPR and Data Protection Act 2018. Further details of this can be found in our Privacy Notices.

We hope the above reassures you that we take the privacy and security of your personal data as seriously as you do and that you will agree; Credas: safe as houses.

Photo by @fredinjapan on Unsplash