Privacy Policy

Last Updated: October 19, 2025

Your Data is Encrypted

Bank-grade 256-bit encryption

You Own Your Data

Export or delete anytime

FCRA Compliant

Credit reporting regulations followed

1. Introduction

DisputeJet ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Compliance-as-a-Service platform (the "Service").

As a platform serving credit repair professionals and their clients, we adhere to the Fair Credit Reporting Act (FCRA), General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, phone number, company name, business address
  • Client Information: Client names, contact information, credit report data (for Partners only)
  • Payment Information: Billing details processed through our payment processor (we do not store full credit card numbers)
  • Communications: Messages, support requests, and correspondence with our team

2.2 Automatically Collected Information

  • Usage Data: IP address, browser type, device information, pages visited, time spent
  • Cookies & Tracking: Session cookies, analytics cookies, authentication tokens
  • Audit Logs: System events, user actions, compliance-required activity logs

2.3 Sensitive Information (Credit Reports)

Partners may upload client credit reports for analysis. This information is:

  • Encrypted at rest and in transit (AES-256 encryption)
  • Stored on secure, SOC 2-compliant infrastructure
  • Accessible only to the partner who uploaded it and their authorized clients
  • Subject to PII redaction when enabled by the partner
  • Retained according to FCRA requirements and partner settings

3. How We Use Your Information

We use collected information to:

  • Provide and maintain the Service
  • Process credit report analysis and generate dispute letters
  • Send dispute letters via Click2Mail on behalf of Partners
  • Communicate with you about your account, updates, and support
  • Process payments and manage subscriptions
  • Improve our Service through analytics and usage patterns
  • Comply with legal obligations and maintain audit trails
  • Detect and prevent fraud, abuse, and security incidents
  • Send marketing communications (opt-out available)

4. Information Sharing & Disclosure

We do NOT sell your personal information. We may share information with:

4.1 Service Providers

  • SendGrid: Email delivery service
  • Twilio: SMS notification service
  • Click2Mail: Physical mail delivery for dispute letters
  • Google Cloud Platform: Document storage and AI processing
  • Chargebee: Payment and subscription management
  • Railway & Vercel: Infrastructure and hosting providers

4.2 Legal Requirements

We may disclose information when required by law, subpoena, court order, or regulatory investigation, or to protect our rights, property, or safety.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: AES-256 encryption at rest, TLS 1.2+ in transit
  • Access Controls: Role-based access control (RBAC) and multi-factor authentication
  • Monitoring: 24/7 security monitoring and intrusion detection
  • Backups: Daily encrypted backups with 30-day retention
  • Audits: Regular security audits and penetration testing
  • Compliance: SOC 2 Type II controls (in progress)

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Your Rights & Choices

6.1 Access & Correction

You have the right to access, correct, update, or delete your personal information at any time through your account settings or by contacting us at privacy@disputejet.com.

6.2 Data Portability

You can export your data in machine-readable format (JSON/CSV) from your account dashboard.

6.3 Marketing Communications

You can opt out of marketing emails by clicking "Unsubscribe" in any marketing email or updating your preferences in account settings. Note: We will still send transactional emails (account notifications, dispute status updates, etc.).

6.4 California Residents (CCPA)

California residents have additional rights including the right to know what personal information we collect, the right to delete personal information, and the right to opt-out of sale (note: we do not sell personal information).

6.5 European Residents (GDPR)

EEA residents have rights including access, rectification, erasure, data portability, objection to processing, and lodging complaints with supervisory authorities.

7. Data Retention

We retain your information for as long as necessary to provide the Service and comply with legal obligations:

  • Active Accounts: Retained while account is active
  • Dispute Records: Retained for 7 years (FCRA requirement)
  • Audit Logs: Retained for 3 years (compliance requirement)
  • Financial Records: Retained for 7 years (tax/legal requirement)
  • Deleted Accounts: Personal information deleted within 30 days, audit logs retained as required

8. Cookies & Tracking Technologies

We use cookies and similar technologies to:

  • Essential Cookies: Required for authentication and security (cannot be disabled)
  • Analytics Cookies: Help us understand how you use the Service (can be disabled)
  • Performance Cookies: Improve load times and user experience

You can control cookies through your browser settings. However, disabling essential cookies may affect Service functionality.

9. Third-Party Services

Our Service integrates with third-party providers who have their own privacy policies:

10. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Email notification to your registered email address
  • Prominent notice on our website
  • In-app notification upon next login

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

For questions about this Privacy Policy or to exercise your rights, contact us:

DisputeJet Privacy Team

Email: privacy@disputejet.com

Mail: DisputeJet, Inc., Privacy Department

We will respond to all requests within 30 days.

13. FCRA-Specific Disclosures

As a platform used for credit repair services, we comply with the Fair Credit Reporting Act:

  • All dispute letters generated meet FCRA Section 611 requirements
  • Client consent is obtained before submitting disputes
  • Complete audit trails are maintained for all credit-related activities
  • Partners are required to follow FCRA compliance guidelines
  • We do not provide legal advice—Partners are responsible for their own compliance

Your Privacy is Our Priority

Questions about how we protect your data? Our team is here to help.

Contact Privacy Team