Privacy Policy

Last updated: March 9, 2026

1. Introduction

Credit 800 ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service at credit-800.com.

2. Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Password (hashed — never stored in plain text)
  • Full name, date of birth, mailing address, and phone number (required at signup for dispute letter generation)
  • Temporary two-factor authentication codes (stored in hashed form, auto-deleted after use or expiry)

Credit Report Data

When you upload a credit report (Self Service) or authorize an automated pull (Autopilot), we process:

  • Account information (creditor names, account numbers, balances)
  • Payment history and derogatory marks
  • Public records and collections
  • Hard and soft inquiries
  • Personal identifying information contained in the report

Autopilot — Credit Bureau Data

If you subscribe to the Autopilot plan and provide written FCRA authorization, we collect:

  • Social Security Number (SSN) — used only in-memory during the credit pull API call to authenticate with the credit bureau; never stored, logged, or written to disk
  • Soft-pull credit report data from our bureau data provider (Array) including tradelines, balances, payment history, and VantageScore
  • FCRA consent records including timestamp, IP address, user agent, and consent version — stored permanently as an immutable compliance record

Financial & Budget Data

If you use budget or debt payoff features, we store:

  • Budget entries (category, amount, date)
  • Debt accounts and balances you manually enter
  • Credit scores you log manually

Identity Monitoring Data

If you use identity monitoring, we:

  • Send your email address to Have I Been Pwned to check for known data breaches
  • Cache the breach check result (breach names, dates, data types exposed) in your account for display purposes

Payment Information

Payments are processed by Stripe. We do not store your full card number, CVV, or billing details. We receive only a tokenized reference and last-four digits from Stripe for display purposes.

Audit Log Data

For compliance purposes, we maintain an immutable audit log of all significant account actions including FCRA consent grants and revocations, credit pulls, dispute letter generation, USPS mailings, subscription changes, and two-factor authentication events. These records are retained as required by applicable law.

Usage Data

We automatically collect:

  • Browser type and version
  • Device information
  • IP address
  • Pages visited and features used
  • Date and time of access

3. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Analyze your credit report and identify potential disputes using AI
  • Generate personalized dispute letters and action plans
  • Automatically pull your credit report and mail dispute letters on your behalf (Autopilot subscribers only, with FCRA authorization)
  • Process subscription payments and manage billing
  • Send transactional emails (analysis complete, dispute mailed, subscription receipts, two-factor authentication codes, weekly progress summaries)
  • Maintain compliance audit trails as required by FCRA and applicable law
  • Improve and optimize the Service
  • Detect and prevent fraud or abuse

4. AI Processing

We use artificial intelligence services (including Anthropic Claude, Google Gemini, and OpenAI) to analyze your credit report data, generate dispute letters, and parse bureau response documents. This processing occurs on secure servers. We do not use your credit report data to train AI models. Under the Self Service plan, AI-generated content is always presented for your review before any action is taken. Under the Autopilot plan, AI processing occurs automatically and is logged in your audit trail.

5. Data Storage and Security

Your data is stored using industry-standard security measures:

  • Credit report PDFs are stored in encrypted AWS S3 cloud storage
  • Account data and audit logs are stored in Google Firebase Firestore with access controls
  • Passwords and 2FA codes are hashed and never stored in plain text
  • SSNs are never stored or logged — used only transiently in-memory during credit pulls
  • All data transmission uses TLS encryption
  • Two-factor authentication is mandatory for all accounts and cannot be disabled
  • Access to data is restricted to authorized personnel only

6. Data Retention

We retain your account information and credit report data for as long as your account is active. FCRA consent records and audit logs are retained as required by applicable law and may be retained beyond account closure. You may request deletion of your account and associated data by contacting us at support@credit-800.com. After account deletion, we may retain certain information as required by law or for legitimate business purposes for up to 90 days.

7. Information Sharing

We do not sell your personal information. We may share your information with:

  • Stripe: For payment processing and subscription management
  • Array: For soft-pull credit bureau data access (Autopilot subscribers only, with FCRA authorization) — name, date of birth, SSN, and address are transmitted to Array solely to authenticate the credit pull request
  • PostGrid: For physical USPS mailing and mail tracking of dispute letters (name and mailing address only)
  • AWS: For cloud infrastructure, file storage, and email delivery (SES)
  • Google Firebase / Gemini / OpenAI / Anthropic: For authentication, data storage, and AI analysis
  • Have I Been Pwned: For identity monitoring — your email address is sent to check against known breach databases
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

8. Your Rights

You have the right to:

  • Access your personal information
  • Correct inaccurate information via your profile page
  • Request deletion of your account and data
  • Export your disputes, scores, and budget data as CSV from within the app
  • Opt out of non-transactional email communications
  • Cancel your subscription at any time
  • Revoke Autopilot FCRA authorization at any time via the Autopilot dashboard, stopping all future automated credit pulls and mailings
  • View your full compliance audit trail from the Autopilot dashboard

To exercise any of these rights, contact us at support@credit-800.com.

9. Cookies and Tracking

We use essential cookies to maintain your authentication session. We do not use third-party advertising or tracking cookies. You can configure your browser to reject cookies, but this will prevent you from staying logged in.

10. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If you believe a minor has created an account, contact us immediately at support@credit-800.com.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your information, and the right to opt out of the sale of personal information. We do not sell personal information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting the updated policy on this page with a new "Last updated" date.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us at support@credit-800.com.