Skip to content
Just Dispute ITJUST DISPUTE IT
Just Dispute ITSECURITY & PRIVACY

A credit report is a financial fingerprint. We treat it that way.

Here is exactly how we protect what you upload — the engineering, the access controls, the deletion rules, and the honest limits.

Encryption

AES-256 at rest. TLS 1.3 in transit.

Every uploaded document — credit reports, ID files, USPS receipts, bureau responses — is encrypted before it reaches storage. Sensitive fields (SSN, DOB, full account numbers) get an additional cell-level cipher.

AES-256Vault encryption standard
Data ownership

Your data is yours. Always.

We do not sell, rent, or share your personal data. We never train AI models on the contents of your credit reports or vault documents. Zero third-party advertising pixels on authenticated pages.

0Third-party trackers on authenticated pages
Deletion

Delete everything, anytime.

One click in your dashboard purges every document, letter draft, and dispute record. We honor deletion requests within 24 hours and confirm by email. Backups roll off within 30 days.

24hrsDeletion SLA
Access control

Hardware-key MFA on production.

Engineers do not have routine access to user data. Production database access is logged, audited, and gated behind hardware-key MFA. No support agent can read your vault.

MFARequired for every prod query
Minimum data

We collect the minimum we need.

No full SSN required for the generator. No hard credit pull, ever. No bank account linking. The free tier works without an account at all.

0Hard credit pulls performed
Honesty

Honest about our limits.

We are not a law firm. We are not a CROA credit repair organization. We do not act on your behalf with bureaus. You sign and send every letter — this preserves your rights and keeps you in control.

YouConsumer of record on every dispute

Data handling, at a glance

Five plain-language rules, no fine print.

What we collect
Email, account info, uploaded documents, and dispute history.
What we do not collect
Full SSN, bank passwords, biometrics, social media handles.
Where it lives
US-based encrypted storage (Vercel + Supabase). EU residency available for enterprise.
How long we keep it
As long as your account is active, or up to 7 years for dispute records (FCRA reasonable retention). Delete sooner anytime.
Who can see it
You. No partners, no advertisers, no AI training pipelines.

Compliance frameworks

The statutes we cite. And the ones we live by.

FCRA

Fair Credit Reporting Act — every dispute path

FDCPA

Fair Debt Collection Practices Act — collector defenses

FACTA

Fair and Accurate Credit Transactions Act — ID theft workflow

CROA

Credit Repair Organizations Act — we are not one, by design

HIPAA

Medical-collection privacy override, aware and applied

GLBA

Gramm-Leach-Bliley Safeguards Rule alignment

Responsible disclosure

Security researchers are welcome. Email security@justdisputeit.com with a description of the issue and reproduction steps. We respond within 48 hours and credit researchers in our acknowledgements.

This page describes our commitments and engineering practices. It is not a substitute for our binding Privacy Policy and Terms of Service.