This Credly Contracts FAQ provides some background information on Credly’s products and services to give a better understanding of our offerings and to facilitate the review of our Credential Management Agreement. While the folks in the front office know what we do, often times, attorneys and contract professionals are sent contracts from Credly to review, without having an understanding of who we are, what is being purchased and how the data flows. To help with that, we’ve outlined below many of the common questions around Credly’s products and services. Our quoted pricing is premised upon Credly’s terms and any requested changes may impact the pricing. We hope you find it useful!
➢What are digital credentials?
Digital credentials (or “Badges” as they are often called) are a digital representation of an achievement issued to an individual by an authority (the authority can be an employer, a certifying body, a professional association, a school, a training organization, etc.). At Credly, the authority is called an “Issuer.” A digital credential is made up of metadata that describes the achievement and includes skill tags that further describes what someone who has earned the digital credential knows and can do. Digital credentials are designed by the Issuers and typically include their trademarks. Once an individual earns a digital credential from an Issuer, they manage that digital credential (along with others they’ve earned) through their Credly account which serves as a digital wallet for their credentials.
➢What does Credly Sell and What is being Purchased?
Credly’s platform helps the world speak a common language about people’s knowledge, skills, and abilities by offering an end-to-end solution for creating, issuing and managing digital credentials. Credly sells a cloud-based Software as a Service (“SaaS”) application provided over the Internet, in a multi-tenant hosted environment. All customers are on the same version of the Credly System.
Customers engage Credly for three primary goals:
➢ What is a Credential Management Agreement (“CMA”)?
Sales of Credly software require the use of Credly’s CMA and related Exhibits because of the nature of digital credentials and Credly’s unique role. A key issue is the relationship between personal data, customer data, and the individual user data. We have developed a tailored and customer-friendly set of agreements that has allowed us to work with many Fortune 500 companies, professional associations, and higher educational institutions via our agreement and forms. You can view Credly’s CMA at info.credly.com/credential-management-agreement.
➢ What kind of data is processed by the Credly Platform?
Credly manages a very limited set of data on behalf of its customers. Customers issuing digital credentials send Credly the first name, last name, email address and credential earned. That’s it. Credly acts as a processor of this data and uses it to notify the individual that they’ve earned a credential. The notification prompts the individual to either create an account on Credly or to add their new credential to their existing account. When they create that account, Credly becomes a data controller and responds directly to the direction of the data subject (see “Ensuring Data Privacy Compliance” slide below for reference). In addition, Credly collects aggregate data to measure performance of the Credly system and to identify trends not specific to any customer or user.
➢ How does Credly Protect Customer & User Data?
Credly operates an enterprise-class data privacy and security program. Credly holds several data security and privacy certifications including ISO 27001, APEC Privacy Framework, and Microsoft SSPA (more detail is available at info.credly.com/data-security-privacy).
All Credly agreements include a Data Processing Addendum (DPA), available at info.credly.com/data-processing-addendum. A list of sub-processors is also available at https://info.credly.com/credly-platform-subprocessors. Credly enters into DPAs with all subprocessors and requires they maintain valid ISO 27001 or SOC-2 Type II certifications ensure that privacy obligations remain stringent throughout the flow of the data lifecycle.
Individuals using Credly may exercise their rights as data subjects to requests access, rectiﬁcation, objection, restriction, portability, and deletion (right to be forgotten) both directly through the platform or via Credly’s support system.
Credly informs every employee of their data protection and conﬁdentiality obligations. Every employee participates in mandatory data protection and information security trainings and is formally obliged to data secrecy. Credly maintains a committee of key functional leaders across the company with primary responsibility for data protection and security.
Credly offers a multi-tenant Software-as-a-Service (SaaS) product hosted in a private virtual cloud (AWS). Customer data shares a physical environment with other Credly customers but is logically isolated to ensure security and confidentiality. This hosting environment ensures a high availability, redundant enterprise-grade installation with strong security. Credly maintains an ISO 27001 certification and our development practices include regular static and active scans of our codebase, including analyses for vulnerabilities during code review.
➢ Does Credly permit Customer Audits?
Credly has thousands of customers and cannot accommodate individual customer audits. As Credly offers a multi-tenant system, customer audits risk compromising conﬁdentiality of other customers sharing the environment. Credly works with reputable third-party vendors to audit our policies and procedures, and to perform penetration tests against our software. Credly will make available to customers the results of these audits and tests upon request.
➢ What happens to my Data on Termination or Expiration of the Agreement?
Credential Issuers may revoke credentials at any time during the term of their agreement. This typically happens in cases of error (e.g. there was an internal mixup at your organization and one set of people got the wrong set of credentials). Credly will delete all of the data you have sent us on request at any time, including upon the termination or expiration of the Agreement. Credly will NOT delete issued and accepted credentials held by individuals (Credly continues to host those credentials for credential earners free of charge). Accordingly, Credly requires that the license you grant to Credly to host credentials that bear your trademarks extends beyond the end of the Agreement. Credly’s rights to those trademarks are limited exclusively to the ability to host the Credentials, and Credly may not use your trademarks beyond continuing to host your issued credentials.
➢ What are the terms of Credly's Service Level Agreement (SLA)?
Credly’s SLA can be found at https://info.credly.com/support-maintenance. All customers of Credly are on the same version of the platform, and we offer all customers the same SLA. We cannot accommodate customer-specific SLAs as doing so harm Credly’s ability to scale our operations with uniformity across our entire customer base. You can check Credly’s uptime at https://credly.com/uptime.
➢ What are Credly’s Standard Payment Terms?
Credly invoices for annual and one-time fees upon execution of an order form. Payment terms are forty-five (45) days from the date of the invoice. As Credly’s costs are incurred up-front, Credly invoices customers at the beginning of each applicable period.
➢ Does Credly oﬀer Termination for Convenience?
Customers on annual contracts may terminate their agreements at any time. As Credly incurs its costs up front, Credly does not offer refunds to those terminating for convenience. Customers who enter into multi-year agreements are not offered termination for convenience as pricing reflects a discount for a longer commitment.
➢ Does Credly Indemnify Customers?
Yes. Credly indemnifies against third-party claims against our customers for the following:
We will NOT indemnify if the claims result from your modifications to, or improper use of, the Credly system.
➢ Does Credly Provide Unlimited Liability?
Credly manages a very limited set of data for its customers, but does so at great scale. Accordingly Credly’s risk-management strategy relies on limiting liability to actual damages (including those damages for which Credly has indemnified our customers). Accordingly Credly excludes consequential damages for both parties in all circumstances. Credly limits mutual limitation to three times the fees paid by a customer in the twelve (12) months prior to the event giving rise to the liability. Credly makes three exceptions to the limitation on direct damages: