Privacy Policy

Last updated: March 9, 2026

1. Introduction

Credit 800 ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service at credit-800.com.

2. Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Password (hashed — never stored in plain text)
  • Full name, date of birth, mailing address, and phone number (required at signup for dispute letter generation)
  • Temporary two-factor authentication codes (stored in hashed form, auto-deleted after use or expiry)

Credit Report Data

When you upload a credit report, we process:

  • Account information (creditor names, account numbers, balances)
  • Payment history and derogatory marks
  • Public records and collections
  • Hard and soft inquiries
  • Personal identifying information contained in the report

Financial & Budget Data

If you use budget or debt payoff features, we store:

  • Budget entries (category, amount, date)
  • Debt accounts and balances you manually enter
  • Credit scores you log manually

Identity Monitoring Data

If you use identity monitoring, we:

  • Send your email address to Have I Been Pwned to check for known data breaches
  • Cache the breach check result (breach names, dates, data types exposed) in your account for display purposes

Payment Information

Payments are processed by Stripe. We do not store your full card number, CVV, or billing details. We receive only a tokenized reference and last-four digits from Stripe for display purposes.

Audit Log Data

For compliance purposes, we maintain an immutable audit log of all significant account actions including FCRA consent grants and revocations, credit pulls, dispute letter generation, USPS mailings, and two-factor authentication events. These records are retained as required by applicable law.

Usage Data

We automatically collect:

  • Browser type and version
  • Device information
  • IP address
  • Pages visited and features used
  • Date and time of access

3. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Analyze your credit report and identify potential disputes
  • Generate personalized dispute letters and action plans
  • Process payments for optional USPS mailing
  • Send transactional emails (analysis complete, dispute mailed, USPS mailing receipts, two-factor authentication codes, weekly progress summaries)
  • Maintain compliance audit trails as required by FCRA and applicable law
  • Improve and optimize the Service
  • Detect and prevent fraud or abuse

4. Automated Processing

We use automated document processing technology to analyze your credit report data, generate dispute letters, and parse bureau response documents. This processing occurs on secure servers. We do not use your credit report data to train models. Generated content is always presented for your review before any action is taken.

5. Data Storage and Security

Your data is stored using industry-standard security measures:

  • Credit report PDFs are stored in encrypted AWS S3 cloud storage
  • Account data and audit logs are stored in Google Firebase Firestore with access controls
  • Passwords and 2FA codes are hashed and never stored in plain text
  • SSNs are never stored or logged — used only transiently in-memory during credit pulls
  • All data transmission uses TLS encryption
  • Two-factor authentication is mandatory for all accounts and cannot be disabled
  • Access to data is restricted to authorized personnel only

6. Data Retention

We retain your account information and credit report data for as long as your account is active. FCRA consent records and audit logs are retained as required by applicable law and may be retained beyond account closure. You may request deletion of your account and associated data by contacting us via our support page. After account deletion, we may retain certain information as required by law or for legitimate business purposes for up to 90 days.

7. Information Sharing

We do not sell your personal information. We may share your information with:

  • Stripe: For payment processing of optional USPS mailing charges
  • PostGrid: For physical USPS mailing and mail tracking of dispute letters (name and mailing address only)
  • AWS: For cloud infrastructure, file storage, and email delivery (SES)
  • Google Firebase: For authentication and data storage
  • Document processing services: For credit report analysis and letter generation
  • Have I Been Pwned: For identity monitoring — your email address is sent to check against known breach databases
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

8. Your Rights

You have the right to:

  • Access your personal information
  • Correct inaccurate information via your profile page
  • Request deletion of your account and data
  • Export your disputes, scores, and budget data as CSV from within the app
  • Opt out of non-transactional email communications
  • Opt out of optional USPS mailing charges at any time

To exercise any of these rights, contact us here.

9. Cookies and Tracking

We use essential cookies to maintain your authentication session. We do not use third-party advertising or tracking cookies. You can configure your browser to reject cookies, but this will prevent you from staying logged in.

10. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If you believe a minor has created an account, contact us immediately via our support page.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your information, and the right to opt out of the sale of personal information. We do not sell personal information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting the updated policy on this page with a new "Last updated" date.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us here.