Privacy Policy

Last updated: March 2026

1. Information We Collect

We collect information you provide directly to us, including:

  • Account information: Name, email address, phone number, mailing address, and password when you create an account.
  • Credit monitoring credentials: Your IDIQ username, password, and last four digits, used solely to fetch your credit report on your behalf.
  • Credit report data: Credit scores, trade lines, inquiries, public records, and personal information as reported by Experian, Equifax, and TransUnion.
  • Dispute history: Records of dispute letters you create, reasons selected, bureau responses, and outcomes.
  • Usage data: Pages visited, features used, timestamps, device type, browser, and IP address collected automatically through standard web analytics.

2. How We Use Your Information

We use the information we collect to:

  • Fetch and analyze your credit report from IDIQ on your behalf.
  • Identify negative items, inaccuracies, and disputable entries on your credit report.
  • Generate personalized dispute letters based on your credit data and selected dispute reasons.
  • Track dispute progress and notify you of status changes or bureau responses.
  • Provide credit score history and trend analysis.
  • Send transactional emails (account confirmations, dispute updates, score alerts).
  • Improve our AI models for dispute letter generation and credit analysis.

We do not sell, rent, or share your personal data with third parties for their marketing purposes.

3. Data Security

We take the security of your data seriously and implement the following measures:

  • Encryption in transit: All data is transmitted over TLS 1.2+ (HTTPS).
  • Encryption at rest: Credit monitoring credentials are encrypted using AES-256 before storage and are never stored in plain text.
  • Row-level security: Database access is scoped per user — you can only access your own data.
  • Access controls: Internal access to production data is restricted to essential personnel with audit logging.
  • Infrastructure: Our application runs on Vercel and Supabase, both of which maintain SOC 2 compliance.

4. Data Retention

We retain your data according to the following schedule:

  • Account data: Retained for the duration of your active account. Deleted within 30 days of account closure upon request.
  • Credit report data: Retained for up to 24 months to enable score tracking and trend analysis. Older reports are automatically purged.
  • Dispute records: Retained for 7 years to comply with FCRA record-keeping guidance.
  • Usage analytics: Aggregated and anonymized after 12 months. Raw logs are deleted after 90 days.
  • Credit monitoring credentials: Deleted immediately upon account closure or credential removal.

5. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct inaccurate or incomplete personal data.
  • Deletion: Request that we delete your personal data, subject to legal retention requirements.
  • Portability: Request your data in a structured, machine-readable format.
  • Opt-out of sale: We do not sell personal data. If this changes, we will provide an opt-out mechanism.

California residents (CCPA/CPRA): You have the right to know what personal information is collected, disclosed, or sold; the right to delete; the right to opt-out of sale; and the right to non-discrimination for exercising your rights. To submit a verifiable consumer request, contact us at privacy@creditrenew.com. We will respond within 45 days.

6. Third-Party Services

We use the following third-party services to operate Credit Renew:

  • Supabase: Database hosting and authentication.
  • Vercel: Application hosting and CDN.
  • IDIQ: Credit report data source (accessed using your credentials on your behalf).
  • Stripe: Payment processing for subscription billing. We do not store your credit card details — they are handled entirely by Stripe.

Each third-party service processes data in accordance with their own privacy policies. We only share the minimum data required for each service to function.

7. Children's Privacy

Credit Renew is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If we learn that we have collected data from a child under 18, we will delete that information promptly. If you believe a minor has provided us with personal data, please contact us at privacy@creditrenew.com.

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email or by posting a prominent notice on our website at least 30 days before the changes take effect. Your continued use of Credit Renew after the effective date constitutes acceptance of the updated policy.

9. Contact

For questions about this policy or to exercise your privacy rights, email privacy@creditrenew.com.