DisputeFrogBack to site

Legal

Privacy Policy

Effective date: July 1, 2026 · Last updated: July 1, 2026

1. Who We Are

DisputeFrog ("DisputeFrog", "we", "us", or "our") operates the credit dispute assistance platform at disputefrog.com. Our mailing address is United States. Questions about this policy can be directed to privacy@disputefrog.com.

2. Information We Collect

We collect the following categories of personal information:

  • Account information: Your name, email address, phone number, and mailing address, collected when you register.
  • Credit report data: Tradeline information, account balances, payment histories, and credit bureau data that you voluntarily provide or import through your authorized credit monitoring accounts.
  • Payment information: Billing details processed by our payment processor, Stripe. We do not store full credit card numbers. Stripe's privacy policy governs payment data.
  • Usage data: Pages visited, features used, dispute letter activity, and session information.
  • Communications: Messages you send to our support team.
  • Device and technical data: IP address, browser type, and operating system, collected automatically.

3. How We Use Your Information

We use the information we collect to:

  • Create and manage your account and subscription.
  • Generate and deliver credit dispute letters on your behalf.
  • Provide AI-assisted analysis of your credit report data.
  • Process payments and send billing receipts.
  • Send transactional emails (dispute status, account updates).
  • Send lifecycle and coaching emails (you may opt out at any time).
  • Improve and maintain the platform.
  • Comply with legal obligations.
  • Detect and prevent fraud or misuse.

We do not sell your personal information or credit data to third parties.

4. How We Share Your Information

We share your information only in the following limited circumstances:

  • Service providers: We share data with vendors who help us operate the platform, including Stripe (payments), Resend (email delivery), Vercel (hosting), Click2Mail (physical letter delivery), Anthropic (AI processing), and Upstash (data storage). Each is contractually bound to protect your data.
  • Credit bureaus and creditors: Dispute letters are addressed to and delivered to credit bureaus and creditors as directed by you.
  • Legal requirements: We may disclose information if required by law, court order, or lawful government request.
  • Business transfers: In the event of a merger, acquisition, or sale, your data may be transferred. We will notify you before your data becomes subject to a different privacy policy.

5. Credit Report Data

Credit report data you import or enter is used solely to generate dispute letters and provide analysis within your account. We do not sell, license, or use this data for marketing, credit decisions, or any purpose unrelated to your direct dispute assistance. We treat credit data as sensitive personal information subject to the highest protection standard.

6. Data Retention

We retain your account information and credit report data for as long as your account is active, or as required by law. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law (e.g., billing records). Anonymized, aggregate usage data may be retained indefinitely.

7. Security

We use industry-standard security measures including HTTPS/TLS encryption, hashed password storage (PBKDF2-SHA512), httpOnly cookies, Content Security Policy headers, and access controls. Payment data is processed exclusively by Stripe, which is PCI-DSS certified. No security system is perfect; in the event of a breach, we will notify affected users as required by law.

8. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate information (you can also update most information directly in your account settings).
  • Deletion: Request deletion of your account and personal data. You can do this from your account settings or by emailing us.
  • Portability: Request a portable copy of your data.
  • Opt-out of marketing emails: Use the unsubscribe link in any marketing email or contact us.

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know, delete, and opt out of sale of personal information. We do not sell personal information.

To exercise any of these rights, email privacy@disputefrog.com.

9. Cookies and Tracking

We use session cookies to keep you logged in (httpOnly, not accessible to scripts). We do not use third-party advertising cookies or sell behavioral data. We may use analytics tools to understand aggregate platform usage.

10. Children's Privacy

Our platform is not directed to children under 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, contact us at privacy@disputefrog.com.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by email and by updating the "Last updated" date above. Continued use of the platform after changes constitutes acceptance.

12. Contact Us

For privacy questions or to exercise your rights, contact:

DisputeFrog Privacy Team
United States
privacy@disputefrog.com

Related: Terms of Service · Refund & Cancellation Policy · Contact Support