Privacy Policy
Effective date: [DATE]
Last updated: [DATE]
The Short Version
We built DisputeDesk to do the opposite of what most credit repair companies do. Here's what that means in plain English:
- Your data never leaves your browser. Everything you type — your name, address, Social Security number digits, credit account information — is stored only on your own device, in your browser's local storage.
- We have no servers that hold your data. We can't see your information, share it, sell it, lose it in a breach, or hand it over to anyone — because we don't have it.
- We don't make money by selling your data. We don't make money at all (yet) — the Service is free.
- You control everything. You can export your data at any time, import it on another device, or wipe it completely.
The rest of this policy explains the details.
1. Who We Are
DisputeDesk is operated by [YOUR LEGAL ENTITY NAME] ("we," "us," "our"). Contact: [YOUR SUPPORT EMAIL]
2. Information You Provide
The Service is designed for you to enter information about yourself and items on your credit report, including:
- Your name, mailing address, date of birth, last 4 digits of Social Security number
- Your email and phone number (optional)
- Details of accounts you wish to dispute (creditor name, account number, balance, dates, etc.)
- Notes about disputed items
- Mailing dates and tracking numbers you log
All of this information is stored exclusively in your browser using localStorage. It does not transmit to us or to anyone else.
3. Information Collected Automatically
When you visit the page hosting DisputeDesk, your browser will, like any web visit, send standard information to the hosting server (e.g., IP address, browser type, page requested, timestamp). This is normal web traffic data that any website receives.
We do not currently use this information for analytics or tracking. If we add analytics in the future (for example, Google Analytics or Plausible), we will update this policy and indicate clearly what is being measured. We will not add any analytics that share data with advertising networks.
4. We Do Not Use Cookies
DisputeDesk does not set cookies. It uses your browser's localStorage feature — a different mechanism that simply lets the application save your data so it's there when you come back. localStorage data is not sent with web requests and is not accessible to other websites.
5. Email Signup (If You Provide It)
We may invite you to provide your email address to receive updates about the Service (for example, when new features launch). Email signup is completely optional.
If you sign up:
- We use a third-party email service provider [SPECIFY: e.g., Mailchimp, ConvertKit, Buttondown] to manage the list
- Your email is stored by that provider under their privacy policy
- We will not sell, rent, or share your email with any other party
- Every email we send includes an unsubscribe link
- You can request deletion of your email at any time by contacting us
6. We Do Not Sell Your Data
We have never sold user data and never will. There is no business model in which we sell your information. If our practices ever change, we will provide notice and updated terms before any change takes effect.
7. We Do Not Have Access to Your Credit Information
Because all of your dispute data is stored in your browser, we cannot see it, recover it, or share it. If you contact us asking what's in your account, we genuinely won't know. If you lose your data by clearing your browser or switching devices without exporting a backup, we cannot retrieve it.
This is a feature, not a bug. We deliberately built the Service this way to protect your privacy.
8. Third-Party Services
The Service itself runs entirely in your browser. However, the page hosting it may use third-party services for hosting (e.g., Netlify, Vercel, GitHub Pages). These providers receive standard web traffic information when you visit, governed by their own privacy policies.
The Service includes outbound links to external websites (the credit bureaus, the CFPB, FTC, NACA, etc.). Once you click those links, you are subject to the privacy practices of those sites, not ours.
9. Children's Privacy
The Service is not directed at children under 18. We do not knowingly collect information from children. If you believe a child has used the Service, contact us and we will respond appropriately.
10. California Residents
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information is collected, the right to delete it, and the right to opt out of sale.
Because we do not collect or store your personal information on our servers, there is nothing for us to disclose, delete, or sell on your behalf. Your data is in your browser and is yours to manage.
If you have provided us an email address via signup, you may contact us at [YOUR SUPPORT EMAIL] to request information about, or deletion of, that email record.
11. European Residents (GDPR)
The Service is intended for U.S. residents. If you access it from outside the U.S., you do so at your own discretion. We do not currently provide GDPR-compliant data subject request processes because we do not collect personal data on our servers. If you have provided your email via signup and you are a European resident, contact us to exercise your GDPR rights.
12. Data Security
We have implemented the strongest security control possible: we do not store your information on any server. There is no central database for an attacker to breach.
However, your browser is part of the security perimeter. To protect your data:
- Use a trusted, up-to-date browser
- Do not use DisputeDesk on a shared or public computer without clearing the browser when you finish
- Be cautious about browser extensions that may read page data
- Export a backup of your data periodically in case of browser issues
- Store backups somewhere secure (encrypted, password-protected)
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be reflected in the "Last updated" date at the top. We encourage you to review this policy periodically.
14. Contact
Questions about this Privacy Policy? Contact us at:
[YOUR LEGAL ENTITY NAME]
[YOUR BUSINESS ADDRESS]
Email: [YOUR SUPPORT EMAIL]
This document is a starting draft and must be reviewed and customized by a licensed attorney before commercial use. It does not constitute legal advice and is provided for informational purposes only. If you add features that collect data on a server (user accounts, payment processing, certified mailing, etc.), this policy must be substantially rewritten before launch.