Your credit data, locked down.
Disputing credit reports means handling sensitive financial data. Here's exactly how we protect it — and how you can pull the plug whenever you want.
Encryption in transit and at rest
All traffic is served over TLS 1.2+. Your reports, letters, and personal data are encrypted at rest with AES-256 on managed Postgres and object storage.
Row-level data isolation
Every table enforces row-level security so a user can only ever read or write their own rows — verified by automated security scans on every deploy.
No password storage
We never see or store your password. Authentication runs on Supabase Auth with industry-standard hashing and rotating session tokens.
Least-privilege access
Only a small, audited set of staff can access production systems, and only with multi-factor authentication. Customer data is never used for marketing or model training.
PII minimization
We collect only what's needed to dispute items on your behalf. We don't store your full SSN — only the last 4 digits when required for letter accuracy.
Audited infrastructure
Built on SOC 2 Type II compliant cloud providers (Supabase + Cloudflare). All third-party processors are listed in our privacy policy.
Email security
Outbound email is SPF + DKIM + DMARC aligned. Bounces and complaints are automatically suppressed.
One-click data deletion
Delete your account and every byte of associated data from inside the app at any time — no email, no waiting, no dark patterns.
Delete everything, instantly.
Letters, score history, analyses, and your account — gone in one click. No forms, no support email.
Found a security issue? Email security@credfixai.com. We respond within one business day.
See also our Privacy Policy and Terms.