Privacy Policy

Last updated: January 26, 2026

1. Introduction

DisputeAI LLC ("DisputeAI," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our credit dispute letter generation service at disputeai.io (the "Service").

By using our Service, you consent to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

Personal Information You Provide

We collect information you voluntarily provide when using our Service:

  • Account Information: Name, email address, password (encrypted)
  • Contact Information: Mailing address, phone number
  • Payment Information: Credit/debit card details (processed securely by Stripe; we do not store full card numbers)
  • Identity Documents: Government-issued ID (driver's license, state ID, passport) and proof of address documents you choose to upload
  • Electronic Signature: Your digitally created signature for use on dispute letters

Credit Report Information

When you upload your credit report or enter account information for disputes:

  • Creditor/account names
  • Account numbers (partial or full as provided)
  • Account balances and status
  • Account types and dates
  • Dispute reasons and descriptions you provide

Automatically Collected Information

  • Device Information: Browser type, operating system, device type
  • Usage Data: Pages visited, features used, time spent on pages
  • IP Address: For security and fraud prevention
  • Cookies: Essential cookies for session management and preferences

Information from Third Parties

  • Payment Processor (Stripe): Transaction confirmations and payment status
  • Mailing Service (Docupost): Mail tracking information and delivery status

3. How We Use Your Information

We use your information for the following purposes:

Service Delivery

  • Generate personalized dispute letters for credit bureaus
  • Process payments and manage your account
  • Facilitate printing and mailing of dispute letters through Docupost
  • Track dispute outcomes and provide follow-up recommendations
  • Provide customer support

Communications

  • Send account-related notifications (registration, password resets, security alerts)
  • Send transactional emails (purchase confirmations, letter generation, mailing updates)
  • Send dispute deadline reminders and follow-up notifications
  • Provide educational content about credit repair and your rights
  • Respond to support tickets and inquiries
  • Send welcome emails and onboarding information

Service Improvement

  • Analyze usage patterns to improve our Service
  • Develop new features and functionality
  • Monitor and improve AI letter generation quality

Security and Compliance

  • Detect and prevent fraud and abuse
  • Comply with legal obligations
  • Protect our rights and the rights of our users

4. Data Storage and Security

We implement industry-standard security measures to protect your data:

  • Encryption: 256-bit TLS/SSL encryption for all data transmission
  • Cloud Storage: Secure cloud infrastructure provided by Supabase with encryption at rest
  • Payment Security: Payment processing handled by PCI DSS compliant Stripe (we never store full credit card numbers)
  • Access Controls: Strict access controls and authentication for all systems
  • Document Storage: Uploaded documents (ID, proof of address, signatures) are stored in private, encrypted storage buckets

Credit Report Processing

Important: When you upload a credit report PDF, it is processed temporarily by our AI system (Anthropic Claude) to extract account information. The PDF itself is processed in memory and is not permanently stored on our servers. Only the extracted account information relevant to your disputes is stored in our secure database.

Data Retention

  • Account information is retained while your account is active
  • Dispute history and generated letters are retained for your records and potential follow-up disputes
  • Uploaded documents (ID, proof of address, signature) are retained until you delete them or close your account
  • Payment records are retained as required for tax and legal compliance
  • Upon account deletion, we will delete your personal data within 30 days, except as required by law

5. Information Sharing and Disclosure

WE DO NOT SELL, RENT, OR TRADE YOUR PERSONAL INFORMATION TO THIRD PARTIES FOR MARKETING PURPOSES.

We may share your information with:

Service Providers

We work with trusted third-party service providers to operate our Service, including:

  • Payment processors: To securely process your payments (we never store full credit card numbers)
  • Cloud infrastructure providers: For secure data storage and authentication
  • AI service providers: For letter generation (your data is not used to train AI models)
  • Mailing service providers: For printing and mailing dispute letters (only information necessary for mailing is shared)
  • Email service providers: For sending transactional and service-related emails

Legal Requirements

We may disclose your information when required to:

  • Comply with applicable law, regulation, or legal process
  • Respond to lawful requests from public authorities
  • Protect our rights, privacy, safety, or property
  • Enforce our Terms of Service
  • Investigate potential violations or fraud

Business Transfers

If DisputeAI is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership and your choices regarding your information.

6. Your Privacy Rights

You have the following rights regarding your personal information:

All Users

  • Access: Request a copy of your personal information
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and personal data
  • Portability: Request your data in a portable format
  • Opt-Out: Unsubscribe from marketing emails at any time
  • Document Deletion: Delete uploaded documents (ID, proof of address, signature) from your profile at any time

California Residents (CCPA Rights)

Under the California Consumer Privacy Act (CCPA), California residents have additional rights:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we collect
  • Right to Delete: Request deletion of personal information (subject to certain exceptions)
  • Right to Opt-Out of Sale: We do not sell personal information, but you have the right to opt-out if we ever do
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise your CCPA rights, contact us at support@disputeai.io with the subject line "CCPA Request."

Nevada Residents

Nevada residents may opt out of the sale of certain personal information. We do not currently sell personal information, but you may submit a request to support@disputeai.io.

European Users (GDPR)

While our Service is primarily designed for U.S. residents, if you are located in the European Economic Area, you may have additional rights under GDPR, including the right to lodge a complaint with a supervisory authority.

7. Cookies and Tracking Technologies

We use cookies and similar technologies for the following purposes:

  • Essential Cookies: Required for the Service to function (authentication, session management, security)
  • Preference Cookies: Remember your settings and preferences
  • Analytics: Understand how users interact with our Service to improve it

We do not use advertising or tracking cookies for third-party marketing. You can manage cookie preferences through your browser settings, but disabling essential cookies may affect Service functionality.

8. Third-Party Links

Our Service may contain links to third-party websites (e.g., credit bureau websites, educational resources). We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

9. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe we have collected information from a child, please contact us at support@disputeai.io.

10. International Data Transfers

Our Service is operated in the United States. If you access our Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located. By using our Service, you consent to the transfer of your information to the United States.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of material changes by:

  • Posting a notice on our website
  • Updating the "Last updated" date at the top of this policy
  • Sending an email notification for significant changes

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions about this Privacy Policy or want to exercise your privacy rights, please contact us:

For privacy-specific inquiries, please include "Privacy Request" in your email subject line. We will respond to your request within 30 days.