← Back to Home

Privacy Policy

Effective Date: April 10, 2026

Last Updated: April 20, 2026

ScoreIsUp (“we,” “us,” or “our”) helps you identify errors on your credit reports and generate dispute letters you mail yourself. This policy explains what data we collect, who we share it with, and what rights you have.

1. Data We Collect

Account Information

  • Email address and name (collected at sign-up via magic link)
  • Subscription status and billing history (managed by Stripe)
  • AI consent acknowledgment date and version

Intake Form Data

When you submit our intake form at /start (before creating an account), we collect:

  • Full legal name, email address, phone number (if you consent to SMS), and U.S. state of residence
  • Your credit goal (e.g., buy a home, buy a car) as selected from a menu
  • SMS and electronic-signature consent records with timestamps
  • Your IP address and browser user-agent string at the time of submission — retained as part of the TCPA consent audit trail
  • Attribution parameters from the link you followed (e.g., ?src=, UTM tags), if present

We keep intake form submissions for at least 5 years to protect you and us — it's the industry standard for texting consent records. You can request deletion at any time (see Section 5).

Categories of Personal Information (CCPA)

For California residents, the categories of personal information we collect are:

  • Identifiers — name, email address, phone number
  • Geolocation data — U.S. state of residence
  • Technical info — your IP address and how you found our site
  • Financial information — billing details (processed by Stripe)
  • Inferences — derived from your credit report data during analysis

Credit Report Data

  • PDF files you upload (Equifax, Experian, TransUnion) — stored encrypted in Supabase Storage and automatically deleted after 30 days
  • Analysis results extracted from your PDFs — cached for 30 days to avoid redundant processing, then deleted
  • Dispute letter records — a minimal log of letters generated (bureau, round, mailed date) retained for up to 2 years to support FCRA deadline tracking. This log does not store full account numbers or creditor names.

Usage Data

  • Error and performance data collected by Sentry (see Section 3 — all credit-report content is scrubbed before transmission)
  • Upload history hashes used for duplicate-file detection (we store a hash, not the file content)

2. How We Use Your Data

  • Extracting account information from your credit reports to identify potential errors
  • Generating dispute letters citing applicable FCRA provisions
  • Tracking dispute deadlines so you know when bureaus must respond
  • Processing your subscription payments
  • Detecting and fixing application errors (via Sentry — no credit content transmitted)
  • Notifying you of next steps via SMS (only if you consented on the intake form) and routing your intake submission to our team for review

We do not sell your data, use it for advertising, or share it with data brokers.

3. Third-Party Services

Running ScoreIsUp requires us to share certain data with trusted service providers. Here is exactly what each provider receives:

ProviderWhat They ReceivePurpose
Anthropic (Claude AI)Your credit report PDF content (text extracted from your upload)AI-powered extraction of account data and identification of potential errors. Anthropic processes this data under their Privacy Policy and Data Processing Agreement. Anthropic does not use API inputs to train models.
SupabaseAccount data, analysis cache, dispute records, uploaded PDF filesDatabase and file storage (US region)
StripeEmail address, billing detailsSubscription payment processing
VercelRequest logs (IP, headers) for running the applicationHosting and CDN
SentryError metadata only (error type, route, timestamp). All credit-report content, SSNs, and account numbers are scrubbed before transmission.Error monitoring and debugging
TwilioPhone number (E.164 format) and the SMS message content. Delivery metadata (message SID, error codes) is returned to us.Sending you the SMS next-step message after intake submission. Only sent if you consent to SMS on the intake form. Opt-out requests (STOP reply) are honored immediately and the opt-out is recorded permanently.
ResendYour email address when you submit the intake form (internal notifications only). In the future, dispute deadline reminder emails.Transactional email delivery — internal notifications to our team when a new intake arrives.

All providers are contractually prohibited from using your data for any purpose other than providing their service to us.

4. Data Retention

  • Credit report PDFs: deleted from storage after 30 days
  • Analysis cache: deleted after 30 days
  • Dispute letter records: retained up to 2 years to support FCRA deadline tracking, then automatically purged
  • Account data: retained while your account is active; deleted upon account deletion request
  • Payment records:retained per Stripe’s legal obligations (typically 7 years)
  • Intake form submissions & text consent records: we keep these for at least 5 years to protect you and us — it's the industry standard for texting consent records; deleted if you ask us to

5. Your Rights

  • Access: Request a copy of the data we hold about you
  • Deletion: Request deletion of your account and associated data. Contact us at support@scoreisup.com — we’ll process requests within 30 days.
  • Export: Request a copy of your analysis results and dispute letter records
  • Correction: Update your account information via your profile settings

California residents may have additional rights under the CCPA. EU/UK residents may have additional rights under GDPR/UK GDPR. Contact us to exercise any of these rights.

6. Security

  • All data in transit is encrypted via TLS
  • Credit report PDFs are stored with server-side encryption
  • Your data is locked to your account — no one else can see it
  • Error monitoring (Sentry) is configured to scrub all financial identifiers before transmission
  • We do not store full account numbers or SSNs in our database

7. Changes to This Policy

We will notify subscribers of material changes via email at least 14 days before they take effect. The “Last Updated” date at the top of this page reflects the most recent revision.

If we change how your credit report data is shared with AI providers, we will ask for your renewed consent before you can continue using the analysis features.

8. Contact

Privacy questions or data requests:

ScoreIsUp / Chery Solutions LLC
300 Peachtree St NE, Ste CS2 #3472
Atlanta, GA 30308
Email: support@scoreisup.com

We aim to respond to all privacy requests within 5 business days.

ScoreIsUp gives you the tools to fix your own credit. We are not a credit repair company — we don't contact the credit bureaus for you. You take the steps; we give you the tools.