Privacy Policy — Default Agency

This Privacy Policy describes how Default Agency ("Company," "we," "us," or "our") collects, uses, stores, and protects your personal information when you use our credit restoration services and client portal. We are committed to protecting your privacy and complying with applicable federal and state privacy laws, including the Fair Credit Reporting Act (FCRA) and the Gramm-Leach-Bliley Act (GLBA).

1. Information We Collect

Personal Identification Information

Full name, date of birth, Social Security Number (last 4 digits for verification)
Email address, phone number, mailing address
Government-issued ID information (when required for bureau disputes)

Financial Information

Credit reports obtained from Equifax, Experian, and TransUnion
Credit scores and score history
Account information appearing on your credit file (creditors, balances, payment history)
Billing and payment information (processed securely via Stripe — we do not store full card numbers)

Usage Information

Portal login activity and session data
Pages viewed, features accessed, and actions taken within the portal
IP address, browser type, and device information
Communications with our AI credit coach (stored to maintain conversation context)

2. How We Use Your Information

We use your information exclusively to provide and improve our credit restoration services:

Dispute processing: Preparing and submitting FCRA dispute letters to credit bureaus on your behalf
Account management: Maintaining your client portal, tracking dispute progress, and communicating updates
Billing: Processing monthly service fees through our secure payment processor
AI features: Generating personalized score roadmaps, dispute strategies, and credit coaching responses
Legal compliance: Maintaining records required under CROA, FCRA, and applicable state credit services laws
Service improvement: Analyzing anonymized usage data to improve our platform

3. Credit Report Data

Your credit report data is highly sensitive. We handle it with the following safeguards:

Credit data is used solely for the purpose of providing credit restoration services you have contracted for
We do not sell, rent, or share your credit report data with any third party for marketing purposes
Credit data is encrypted at rest and in transit using AES-256 and TLS 1.2+ encryption
Access is restricted to authorized staff assigned to your case
We retain credit report data for the duration of your service agreement plus 5 years as required for compliance records

4. Information Sharing

We do not sell your personal information. We share your information only in the following limited circumstances:

Credit bureaus: We transmit your personal information to Equifax, Experian, and TransUnion solely to process dispute letters on your behalf
Payment processor: Stripe, Inc. processes payment information under their own privacy policy and PCI-DSS compliance program
AI processing: Dispute strategies and coaching responses are generated using AI services. Data shared is anonymized where possible
Legal requirements: We may disclose information if required by law, court order, or government authority
Business transfer: In the event of a merger or acquisition, client data may be transferred to the successor entity subject to the same privacy protections

5. Data Security

We implement comprehensive security measures to protect your information:

All data transmitted between your browser and our servers is encrypted via TLS/HTTPS
Sensitive data fields (SSN digits, credit data) are encrypted at the database level
Multi-factor authentication is available for all portal accounts
Access to client data is restricted to authorized staff on a need-to-know basis
Regular security audits and vulnerability assessments are performed
All staff handling client data are trained on data security and privacy procedures

6. Your Rights Under the FCRA

As a consumer, you have the following rights regarding your credit information:

The right to know what is in your credit file
The right to dispute inaccurate or incomplete information
The right to have inaccurate information corrected or deleted
The right to seek damages from violators under the FCRA

7. Your Privacy Rights

You may exercise the following rights regarding your personal data by contacting us at info@rebuildr.app:

Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate information
Deletion: Request deletion of your data (subject to legal retention requirements)
Portability: Request your data in a portable format
Opt-out: Opt out of non-essential communications at any time

8. Cookies and Tracking

Our client portal uses session cookies essential to its operation (authentication, CSRF protection). We do not use third-party advertising cookies or tracking pixels on authenticated portal pages. The public website may use analytics cookies to measure traffic — you can opt out via your browser settings.

9. Children's Privacy

Our services are intended for adults (18+) only. We do not knowingly collect personal information from individuals under 18 years of age.

10. Data Retention

We retain your personal information for as long as your account is active and for a period of five (5) years following termination of services, as required for legal and compliance purposes under CROA and applicable state law. You may request earlier deletion of non-essential data subject to legal retention requirements.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or portal notification at least 30 days before they take effect. Continued use of our services after the effective date constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions, data requests, or concerns, please contact our Privacy Officer at info@rebuildr.app.