Privacy Policy

Last updated: April 23, 2026

1. What We Collect

When you create an account we collect: name, email, hashed password, and (for paid plans) billing information processed by Stripe. When you use the dispute tool we receive your credit-bureau data only when you upload it; we never pull a hard inquiry on your behalf.

2. How We Use It

• To run the service (generate dispute letters, send reminders, store your dispute log).
• To send transactional email (account, billing, dispute reminders).
• With your consent, to send marketing email — you can unsubscribe with one click.
• To prevent fraud and abuse.

3. Who We Share With

Stripe (payments), Resend (email delivery), Cloudflare (hosting / DDoS protection), and our analytics provider only if you accepted analytics cookies. We never sell personal data.

4. Your Rights

EU and California residents may request access, correction, or deletion. See /data-deletion. You may also export your data via Account → Settings → Export.

5. Retention

Account data is kept for the life of the account plus 30 days after deletion. Billing records are kept 7 years per IRS retention. Mailed dispute letters are kept 5 years per FCRA evidentiary norms.

6. Security

Passwords are bcrypt-hashed. Data in transit uses TLS 1.3. PII at rest is encrypted with AES-256.

7. Children

Service is for adults 18+. We do not knowingly collect data from anyone under 18.

8. Changes

We will email registered users about material changes 30 days before they take effect.

9. Contact

Email support@restore.credit.