Privacy Policy

1. Information We Collect

We collect several categories of information to provide our services:

2. How We Use Your Information

We use your information solely to provide, operate, and improve our credit repair services:

• Credit repair services: To analyze your credit reports, identify disputable items, and prepare personalized dispute letters on your behalf
• AI analysis: Your credit report data is processed through our AI system to detect inaccuracies, Metro 2 violations, and cross-bureau discrepancies
• Communication: To send you dispute updates, account notifications, and service-related emails
• Payment processing: To charge your payment method for monthly service fees
• Legal compliance: To comply with CROA, FCRA, CCPA, and other applicable laws
• Service improvement: Aggregated, anonymized data may be used to improve our AI models and dispute effectiveness

We do not use your personal information for advertising, profiling, or any purpose unrelated to your credit repair services.

3. How We Protect Your Information

We implement multiple layers of security to protect your sensitive financial data:

• 256-bit encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Secure infrastructure: Data is hosted on SOC 2 Type II certified cloud infrastructure
• Access controls: Strict role-based access controls limit employee access to customer data on a need-to-know basis
• No plain-text storage: Passwords are hashed using bcrypt; SSNs are encrypted and stored in isolated, access-restricted vaults
• Regular audits: We conduct regular security audits and vulnerability assessments
• Incident response: We have a documented incident response plan and will notify you within 72 hours of any data breach affecting your information

No data transmission over the internet can be guaranteed 100% secure. While we use commercially reasonable measures to protect your data, we cannot guarantee absolute security.

4. Third-Party Sharing

We never sell your personal information to third parties. We share your information only in the following limited circumstances:

• Credit bureaus: We submit dispute letters to Equifax, Experian, and TransUnion on your behalf. This necessarily involves sharing your identity information and dispute details with these bureaus.
• Payment processors: We use PCI-DSS compliant payment processors to handle billing. They receive your payment information but are prohibited from using it for any other purpose.
• Service providers: We may engage trusted technical service providers (cloud hosting, email delivery) who process data on our behalf under strict data processing agreements.
• Legal requirements: We may disclose information if required by law, court order, or government request, or to protect the rights and safety of our users or the public.

All third-party service providers are contractually required to maintain the confidentiality of your information and are prohibited from using it for any purpose other than providing services to CreditForge.

5. Your Privacy Rights

You have the following rights regarding your personal information:

• Access: You may request a copy of all personal information we hold about you
• Correction: You may request that we correct any inaccurate information in your account
• Deletion: You may request that we delete your personal information. Upon account closure, your data will be permanently deleted within 30 days (subject to legal retention requirements)
• Portability: You may request your data in a machine-readable format
• Opt-out: You may opt out of non-essential communications at any time

To exercise any of these rights, contact us at [email protected]. We will respond to all valid requests within 30 days.

6. Data Retention

We retain your personal information only as long as necessary to provide services and comply with legal obligations:

• Active account data is retained for the duration of your subscription
• Upon account closure, personal data is permanently deleted within 30 days
• Dispute letters and correspondence records may be retained for up to 7 years to comply with credit repair regulations
• Payment transaction records are retained for 7 years as required by tax and financial regulations
• Anonymized, aggregated data may be retained indefinitely for service improvement purposes

7. Cookies and Tracking

We use cookies and similar tracking technologies on our website for the following purposes:

• Essential cookies: Required for account authentication and core website functionality
• Analytics cookies: We use privacy-focused analytics to understand how users navigate our site and improve the experience. Analytics data is anonymized and aggregated.

We do not use advertising cookies, behavioral tracking cookies, or share cookie data with advertisers. You may disable non-essential cookies in your browser settings; this will not affect your ability to use our core services.

8. Children's Privacy

CreditForge is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we discover that we have collected personal information from a child under 18 without parental consent, we will delete that information immediately. If you believe we have inadvertently collected information from a minor, please contact us at [email protected].

9. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. We will notify you of material changes by email and by posting the updated policy with a new effective date. Your continued use of our services after the effective date of any changes constitutes your acceptance of the updated policy.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, contact our Privacy Team: