Skip to content
Just Dispute ITJUST DISPUTE IT
Log inStart free
Just Dispute IT

Security & Privacy

Your credit data is sensitive. We treat it that way.

A credit report is a financial fingerprint. The wrong company holding it can cause real damage. Here's exactly how we protect what you trust us with.

256-bit encryption in transit and at rest

Every byte you upload — credit reports, ID documents, bureau responses — travels over TLS 1.3 and is stored with AES-256 encryption. We use the same cryptographic standards as your bank.

Your data is yours. Always.

We do not sell, rent, or share your personal data with third parties for marketing. We never train AI models on the contents of your credit reports or vault documents.

You can delete everything, anytime.

One click in your dashboard purges every document, letter draft, and dispute record from our systems. We honor deletion requests within 24 hours and confirm by email.

Strict access controls

Engineers do not have routine access to user data. Production database access is logged, audited, and gated behind hardware-key MFA. No customer-support agent can read your vault.

We collect the minimum we need

We don't ask for your SSN to generate a letter. We don't pull your credit (no hard inquiry, ever). We don't require linking a bank account. The free generator works with zero account.

Honest about our limits

We are not a law firm. We are not a CROA-registered credit repair organization. We do not act on your behalf with bureaus. You sign and send every letter. This protects your rights and keeps you in control.

Data handling, at a glance.

What we collectEmail, account info, the documents you upload, dispute history.
What we don't collectYour full SSN, bank passwords, social media accounts, biometrics.
Where it livesEncrypted storage on US-based infrastructure (Vercel, Supabase post-launch). EU data residency available on request.
How long we keep itAs long as your account is active, or up to 7 years for dispute records (FCRA reasonable retention). You can delete sooner.
Who can see itYou. Period. No partners, no advertisers, no AI training pipelines.

Found a vulnerability?

We take responsible disclosure seriously. Email security@justdisputeit.com with a description of the issue and reproduction steps. We respond within 48 hours and credit researchers in our security acknowledgements.

Read full Privacy Policy →Terms of Service →Legal disclaimer →

This page describes our commitments and engineering practices. It is not a substitute for our binding Privacy Policy and Terms of Service.