Privacy Policy

CreditShield (“we,” “our,” or “us”) operates the CreditShield web application (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting your privacy and handling your data with care, especially given the sensitive nature of credit report information.

Account Information: When you create an account, we collect your name, email address, and authentication credentials through our identity provider (Clerk). We do not store passwords directly.

Credit Report Data: When you upload a credit report, we temporarily process the PDF to extract tradeline data, account information, and derogatory items. Credit reports are processed in memory and are not stored permanently on our servers. Only the structured analysis results (item summaries, legal angles, dispute strategies) are saved to your account.

Consumer Information: To generate dispute letters, we collect your name, mailing address, and optionally the last four digits of your Social Security number and date of birth. This information is used solely for letter generation and is stored encrypted in your account.

Payment Information: Billing is processed through Stripe. We do not store credit card numbers, bank account details, or other payment credentials. Stripe handles all payment processing in accordance with PCI-DSS standards.

Usage Data: We collect anonymized usage data including pages visited, features used, and analysis counts to improve our Service.

We use the information we collect to:

• Provide, maintain, and improve the Service
• Analyze your credit reports and identify dispute opportunities
• Generate personalized dispute letters based on your specific situation
• Process your subscription payments through Stripe
• Send you service-related communications (account verification, billing, support)
• Maintain your analysis history so you can track your dispute progress
• Comply with legal obligations

Our Service uses artificial intelligence (powered by Anthropic's Claude) to analyze credit reports, classify bureau responses, and generate dispute letters. When you upload a credit report or response document:

• The extracted text is sent to the AI for analysis in a single request
• The AI does not retain your data between requests
• Your data is not used to train AI models
• AI-generated content (letters, analyses) is stored in your account for your reference

Credit Report PDFs: Uploaded PDF files are processed in memory and deleted immediately after analysis. We do not retain copies of your original credit reports.

Analysis Results: Structured analysis data, generated letters, and response classifications are stored in your account until you delete them or close your account.

Account Deletion: You may request deletion of your account and all associated data at any time by contacting us. Upon deletion, all analysis history, letters, and personal information will be permanently removed within 30 days.

We implement industry-standard security measures to protect your information:

• All data in transit is encrypted using TLS 1.2+
• Sensitive data at rest is encrypted using AES-256
• Authentication is handled by Clerk with enterprise-grade security
• Payment processing is handled by Stripe (PCI-DSS Level 1 certified)
• Our application enforces strict Content Security Policies, HSTS, and other security headers
• Access to production systems is restricted and audited

We use the following third-party services that may process your data:

• Clerk — Authentication and user management (Privacy Policy)
• Stripe — Payment processing (Privacy Policy)
• Anthropic (Claude) — AI analysis and letter generation (Privacy Policy)

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your personal data
• Portability: Request your data in a portable format
• Opt-out: Opt out of marketing communications at any time

To exercise any of these rights, please contact us at privacy@creditshield.ai.

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the “Last updated” date. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices, please contact us at:

privacy@creditshield.ai