Short version: We collect the minimum information needed to analyze your credit report and generate dispute letters for you. We never sell your data. We keep your credit report data for up to 1 year after your last dispute resolves, then delete it. You can request deletion at any time.
When you create a Credit365 account, we collect:
When you upload a credit report PDF to the platform, we extract and store:
⚠ Important: Do NOT upload credit reports containing your full Social Security Number. Consumer credit reports from annualcreditreport.com, Experian.com, Equifax.com, and TransUnion.com redact the SSN to the last 4 digits. If you have a raw report with your full SSN visible, black it out before uploading. Credit365 does not need and should never store your full SSN.
We store the AI-generated dispute letters we create for you, any edits you make to those letters before mailing, and metadata about each dispute (creditor, bureau, mailing date, LetterStream batch ID, status, tracking number, delivery confirmation).
When you pay for a dispute:
| Purpose | What We Use |
|---|---|
| Account authentication and login | Email, password hash |
| AI credit report analysis | Credit report contents sent to Anthropic's Claude API for processing |
| Dispute letter generation | Your name, address, report data, dispute reason sent to Claude API |
| Certified mail delivery | Your name, return address, letter PDF sent to LetterStream |
| Payment processing | Email, dispute details, amount sent to PayPal (we never touch card data) |
| Dashboard, history, and receipts | All dispute and payment data stored in our secure database |
| Customer support | Any information relevant to the support ticket |
| Security and abuse prevention | IP, usage logs, rate limit tracking |
We share data only with the third-party processors essential to providing the service. We do not sell your data to advertisers, marketers, data brokers, or any other third party.
The entire point of the service is to transmit your dispute letters to TransUnion, Equifax, and/or Experian. You are the author and sender of each letter; we just mail them for you. The bureaus receive only what is in the printed letter.
We may disclose information if required by a valid subpoena, court order, or applicable law, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Credit365, our users, or the public.
We keep different categories of data for different lengths of time:
| Category | Retention |
|---|---|
| Account information (name, email, address) | Until you delete your account, then 30 days |
| Credit report uploads and AI analysis | 1 year after your last dispute on that report resolves |
| Generated dispute letters | 1 year after the dispute resolves (for legal recordkeeping) |
| Mailing receipts (LetterStream batch IDs, USPS tracking) | 7 years (for accounting and audit trail) |
| Payment records (PayPal transaction IDs, amounts) | 7 years (IRS and tax requirements) |
| Support tickets | 2 years after ticket closure |
| Server and security logs | 90 days |
After retention periods expire, data is permanently deleted from production systems. You may request deletion earlier by emailing us (see Section 6).
No system is perfectly secure. If we become aware of a data breach affecting your information, we will notify you by email within the timeframe required by applicable law.
Regardless of where you live, Credit365 honors the following rights for all users:
If you are a California resident, you have the specific rights granted by the California Consumer Privacy Act and the California Privacy Rights Act, including the right to know what personal information we collect, the right to delete that information, and the right to opt out of "sale" or "sharing" of personal information. Credit365 does not sell or share personal information as those terms are defined by the CCPA/CPRA.
If you are in the EU or UK, you have the rights granted by the General Data Protection Regulation, including the rights listed above plus the right to lodge a complaint with your national data protection authority. Our legal basis for processing is: (a) performance of a contract (the service you signed up for), (b) your consent (for optional features), and (c) legitimate interests (security, fraud prevention).
Credit365 is intended for users aged 18 and older. We do not knowingly collect information from children under 18. If you are under 18, please do not create an account. If you believe we have collected information from a minor, contact us and we will delete it.
Our site may link to third-party websites (annualcreditreport.com, identitytheft.gov, credit bureaus, our processors' policies). We are not responsible for the privacy practices of those sites. Review their privacy policies before providing information to them.
We may update this Privacy Policy as laws, our services, or our processors change. The current version always appears at credit365.io/privacy.html. Material changes will be communicated to active users by email and will require re-acceptance before you can continue using the service.
Questions, data requests, deletion requests, or privacy concerns: support@credit365.io
Please include "Privacy Request" in the subject line to ensure it reaches the right person quickly.