← Back to Home

Privacy Policy

Effective Date: April 10, 2026

Last Updated: April 10, 2026

ScoreIsUp (“we,” “us,” or “our”) helps you identify errors on your credit reports and generate dispute letters you mail yourself. This policy explains what data we collect, who we share it with, and what rights you have.

1. Data We Collect

Account Information

  • Email address and name (collected at sign-up via magic link)
  • Subscription status and billing history (managed by Stripe)
  • AI consent acknowledgment date and version

Credit Report Data

  • PDF files you upload (Equifax, Experian, TransUnion) — stored encrypted in Supabase Storage and automatically deleted after 30 days
  • Analysis results extracted from your PDFs — cached for 30 days to avoid redundant processing, then deleted
  • Dispute letter records — a minimal log of letters generated (bureau, round, mailed date) retained for up to 2 years to support FCRA deadline tracking. This log does not store full account numbers or creditor names.

Usage Data

  • Error and performance data collected by Sentry (see Section 3 — all credit-report content is scrubbed before transmission)
  • Upload history hashes used for duplicate-file detection (we store a hash, not the file content)

2. How We Use Your Data

  • Extracting account information from your credit reports to identify potential errors
  • Generating dispute letters citing applicable FCRA provisions
  • Tracking dispute deadlines so you know when bureaus must respond
  • Processing your subscription payments
  • Detecting and fixing application errors (via Sentry — no credit content transmitted)

We do not sell your data, use it for advertising, or share it with data brokers.

3. Third-Party Services

Running ScoreIsUp requires us to share certain data with trusted service providers. Here is exactly what each provider receives:

ProviderWhat They ReceivePurpose
Anthropic (Claude AI)Your credit report PDF content (text extracted from your upload)AI-powered extraction of account data and identification of potential errors. Anthropic processes this data under their Privacy Policy and Data Processing Agreement. Anthropic does not use API inputs to train models.
SupabaseAccount data, analysis cache, dispute records, uploaded PDF filesDatabase and file storage (US region)
StripeEmail address, billing detailsSubscription payment processing
VercelRequest logs (IP, headers) for running the applicationHosting and CDN
SentryError metadata only (error type, route, timestamp). All credit-report content, SSNs, and account numbers are scrubbed before transmission.Error monitoring and debugging
Resend (future)Email address, dispute deadline datesTransactional emails (dispute deadline reminders) — not yet active

All providers are contractually prohibited from using your data for any purpose other than providing their service to us.

4. Data Retention

  • Credit report PDFs: deleted from storage after 30 days
  • Analysis cache: deleted after 30 days
  • Dispute letter records: retained up to 2 years to support FCRA deadline tracking, then automatically purged
  • Account data: retained while your account is active; deleted upon account deletion request
  • Payment records:retained per Stripe’s legal obligations (typically 7 years)

5. Your Rights

  • Access: Request a copy of the data we hold about you
  • Deletion: Request deletion of your account and associated data. Contact us at support@scoreisup.com — we’ll process requests within 30 days.
  • Export: Request a copy of your analysis results and dispute letter records
  • Correction: Update your account information via your profile settings

California residents may have additional rights under the CCPA. EU/UK residents may have additional rights under GDPR/UK GDPR. Contact us to exercise any of these rights.

6. Security

  • All data in transit is encrypted via TLS
  • Credit report PDFs are stored with server-side encryption
  • Database access is restricted by row-level security — you can only access your own data
  • Error monitoring (Sentry) is configured to scrub all financial identifiers before transmission
  • We do not store full account numbers or SSNs in our database

7. Changes to This Policy

We will notify subscribers of material changes via email at least 14 days before they take effect. The “Last Updated” date at the top of this page reflects the most recent revision.

If we change how your credit report data is shared with AI providers, we will ask for your renewed consent before you can continue using the analysis features.

8. Contact

Privacy questions or data requests:

ScoreIsUp / Chery Solutions LLC
300 Peachtree St NE, Ste CS2 #3472
Atlanta, GA 30308
Email: support@scoreisup.com

We aim to respond to all privacy requests within 5 business days.

ScoreIsUp is a do-it-yourself credit repair tool. We are not a credit repair organization under CROA (15 U.S.C. § 1679 et seq.) and do not contact credit bureaus on your behalf.