Privacy Policy

1. Who This Policy Applies To

This Privacy Policy applies to:

Vendors

Credit repair professionals and businesses who register for and use the ScoreAutomation.com platform. When we say "you" in this policy we mean Vendors unless otherwise specified.

Clients

Consumers whose personal and financial data is entered into the platform by Vendors. If you are a client of a credit repair business that uses ScoreAutomation.com, this policy explains how we handle your data. However, your primary privacy relationship is with the credit repair business (Vendor) that serves you, not with us.

Visitors

Anyone who visits scoreautomation.com without registering for an account.

2. Information We Collect

2.1 Information Vendors Provide Directly

Account Information:

• Full name and business name
• Email address and phone number
• Business address
• Username and encrypted password
• Payment information (processed by Stripe — we never store raw card numbers)
• Company branding preferences (logo, colors, tagline)
• Plan selection and subscription history

Business Operations Data:

• Client names, email addresses, phone numbers, and mailing addresses
• Client credit scores (Equifax, Experian, TransUnion)
• Credit report data and negative item details
• Dispute records and correspondence
• Invoice and payment records
• Documents and uploaded files
• Team member information
• Notes and internal communications
• Workflow configurations and templates
• Survey and NPS responses

2.2 Information Collected Automatically

Usage Data:

• Pages and features accessed within the platform
• Actions taken (disputes filed, letters generated, clients added)
• Feature usage patterns (used to improve the Service)
• Error logs and diagnostic information

Technical Data:

• IP address
• Browser type and version
• Operating system
• Device type
• Session duration and timing
• Referring URLs

Cookies and Similar Technologies: We use session cookies to maintain your login state. We do not use tracking cookies for advertising purposes. We do not use third-party advertising trackers. We do not sell your browsing data. See Section 9 for full cookie details.

2.3 Information From Third Parties

We may receive limited information from:

• Stripe: Payment confirmation and subscription status (not card details)
• Email delivery services: Delivery and open status of transactional emails

We do not purchase data from data brokers.

3. How We Use Your Information

3.1 To Provide the Service

• Maintain your account and authenticate your identity
• Display your data back to you in the CRM
• Generate AI-assisted dispute letters and documents
• Send automated email notifications and reminders
• Process subscription payments
• Provide customer support
• Send your clients portal invites and notifications on your behalf
• Generate reports and analytics for your business

3.2 To Improve the Service

• Analyze anonymized usage patterns to improve features
• Identify and fix bugs and performance issues
• Develop new features based on usage data
• Generate anonymized industry benchmarks for win rates and dispute outcomes (see Section 3.4)

3.3 To Communicate With You

• Send service-related emails (receipts, invoices, security alerts, service updates)
• Send product update announcements
• Respond to support requests
• Send trial expiry and subscription notifications

We do not send marketing emails to your clients on our behalf. All client-facing emails are sent on behalf of your business using your company name.

3.4 Anonymized Platform Analytics

We generate anonymized, aggregated dispute outcome data to power the platform-wide win rate database. This database shows which dispute reasons, bureaus, and item types have the highest deletion rates. This data:

• Cannot identify you, your business, or your clients
• Contains no names, email addresses, or identifiers
• Is used only to help all Vendors understand what works best across the industry
• Is never sold to third parties

3.5 Legal and Compliance

• Comply with applicable laws and legal obligations
• Respond to lawful requests from law enforcement or regulatory authorities
• Enforce our Terms of Service
• Protect the rights, property, and safety of ScoreAutomation.com, Vendors, Clients, and others

4. How We Share Your Information

4.1 We Do Not Sell Your Data

4.2 Service Providers

We share data with trusted third-party service providers solely to operate the platform:

All service providers are contractually prohibited from using your data for their own purposes.

4.3 Legal Requirements

We may disclose your information if required by law, subpoena, court order, or valid legal process. We will make reasonable efforts to notify you before complying with legal requests unless prohibited from doing so by law or court order.

4.4 Business Transfers

If ScoreAutomation.com is acquired, merged with, or transfers substantially all of its assets, your data may be transferred to the acquiring entity. We will notify you by email before such a transfer occurs and you will have the option to export or delete your data.

4.5 Protection of Rights

We may disclose information to protect the rights, property, or safety of ScoreAutomation.com, our Vendors, clients, or others in connection with fraud prevention, security investigations, or enforcing our Terms of Service.

4.6 With Your Consent

We may share your information for purposes not covered in this policy with your explicit consent.

5. Client Data — Special Provisions

5.1 Vendor Is the Data Controller

When Vendors input their clients' personal data into the Service, the Vendor is the data controller responsible for that data. ScoreAutomation.com acts as a data processor on behalf of the Vendor.

This means:

• The Vendor is responsible for obtaining client consent to process their data
• The Vendor is responsible for complying with privacy laws applicable to their client relationships
• The Vendor is responsible for handling client requests regarding their data (access, deletion, correction)
• ScoreAutomation.com processes client data only as instructed by the Vendor through use of the Service

5.2 What We Do With Client Data

We use client data entered by Vendors solely to:

• Display it to the Vendor who entered it
• Generate AI letters and documents requested by the Vendor
• Send emails and notifications directed by the Vendor
• Provide analytics to the Vendor about their business

We do not:

• Share a Vendor's client data with any other Vendor
• Use client data to contact clients directly for our own purposes
• Use client data for advertising or marketing
• Sell client data to any party

5.3 Client Data Isolation

Every Vendor's data is completely isolated from every other Vendor's data. No Vendor can access another Vendor's clients, disputes, documents, or any other information. This isolation is enforced at the application and database level.

5.4 Credit Report Data

Credit scores, credit report details, dispute histories, and related financial data are treated as the most sensitive category of data on the platform. This data:

• Is stored encrypted at rest
• Is accessible only by the authenticated Vendor who owns the account
• Is never shared across Vendor accounts
• Is never used for advertising
• Is deleted upon account closure after the 30-day export period

5.5 If You Are a Client

If you are a consumer whose data has been entered into ScoreAutomation.com by your credit repair professional, please contact your credit repair company directly with questions about your data. If you cannot reach them or believe your data has been misused, you may contact us at privacy@scoreautomation.com and we will assist where possible within our role as data processor.

6. Data Security

We implement technical and organizational security measures designed to protect your data including:

Technical Measures

• HTTPS/TLS encryption for all data in transit
• Encrypted storage for sensitive data at rest
• Session-based authentication with secure cookies
• HTTP-only and SameSite cookie flags
• Rate limiting on all authentication endpoints
• Input validation and sanitization
• Protection against common web vulnerabilities (XSS, injection, CSRF)
• Regular automated database backups
• Access logging and anomaly detection
• Vendor data isolation enforced at the database level

Organizational Measures

• Access to production data limited to essential personnel only
• Security review of all code changes
• Incident response procedures
• Regular security assessments

If you become aware of any security vulnerability or breach, please notify us immediately at security@scoreautomation.com.

7. Data Retention

• Account Data: Retained while your subscription is active. Deleted 30 days after account closure upon request.
• Client Data: Retained as long as you maintain an active account and for 30 days after account closure.
• Payment Records: Retained for 7 years as required by tax and financial record-keeping laws.
• Server Logs: Retained for 90 days for security and debugging purposes.
• Security Logs: Retained for 12 months.
• Anonymized Analytics: May be retained indefinitely as they cannot identify individuals.
• Backup Data: Rolling 30-day backup retention.

You may request deletion of your account and data at any time by emailing privacy@scoreautomation.com. We will process deletion requests within 30 days except where retention is required by law.

8. Your Privacy Rights

8.1 All Vendors

Regardless of your location, you have the right to:

To exercise these rights, email privacy@scoreautomation.com. We will respond within 30 days.

8.2 California Residents (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act:

• Right to Know: You may request details about what personal information we collect, use, disclose, and sell. (We do not sell personal information.)
• Right to Delete: You may request deletion of your personal information subject to certain exceptions.
• Right to Opt-Out of Sale: We do not sell personal information. There is nothing to opt out of.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Limit Use of Sensitive Personal Information: We only use sensitive personal information (financial data, credit information) to provide the Service.

To submit a CCPA request contact privacy@scoreautomation.com with the subject line "CCPA Privacy Request."

8.3 European and UK Users (GDPR/UK GDPR)

If you are located in the European Economic Area or United Kingdom, your personal data is processed on the following legal bases:

• Contract performance: To provide the Service you have subscribed to
• Legitimate interests: For security, fraud prevention, and service improvement
• Legal obligation: To comply with applicable laws
• Consent: For optional communications where consent is obtained

You have the right to: access your personal data, rectify inaccurate data, erase your data ("right to be forgotten"), restrict processing, data portability, object to processing based on legitimate interests, and lodge a complaint with your supervisory authority.

For GDPR inquiries contact privacy@scoreautomation.com with subject "GDPR Privacy Request."

9. Cookies

9.1 What We Use

9.2 What We Do Not Use

• Third-party advertising cookies
• Social media tracking pixels
• Analytics cookies from Google, Facebook, or any other third party
• Behavioral profiling cookies
• Device fingerprinting

9.3 Browser Controls

You can control cookies through your browser settings. Disabling the session cookie will prevent you from staying logged in.

10. Children's Privacy

The Service is designed for use by business professionals and is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13.

If you believe we have inadvertently collected information from a child under 13, please contact us immediately at privacy@scoreautomation.com and we will delete it promptly.

11. Data Transfers

ScoreAutomation.com is operated in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States where privacy laws may differ from those in your country.

By using the Service you consent to the transfer of your data to the United States. If you are an EU or UK user, we will implement appropriate safeguards for international transfers including Standard Contractual Clauses where required.

12. Third-Party Links

The Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party services you use in connection with ScoreAutomation.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes we will:

• Update the "Last Updated" date at the top of this page
• Send an email notification to all active Vendors
• Post a notice in the platform dashboard

For non-material changes we will update the policy without separate notification. Your continued use of the Service after changes are posted constitutes acceptance of the updated Privacy Policy.

14. Data Breach Notification

In the event of a data breach that affects your personal data or your clients' personal data, we will:

1. Investigate the breach promptly
2. Notify affected Vendors within 72 hours of discovery where feasible
3. Provide details about what data was affected, what actions we have taken, and what you should do
4. Notify relevant authorities as required by law
5. Provide reasonable assistance to affected Vendors in meeting their own notification obligations to their clients

15. Contact and Complaints

For privacy questions, requests, or complaints:

For security vulnerabilities: security@scoreautomation.com — We appreciate responsible disclosure.

For general support: support@scoreautomation.com  ·  scoreautomation.com/support

If you believe we have not adequately addressed your privacy concern, you have the right to lodge a complaint with:

• Your local data protection authority (EU/UK users)
• The California Attorney General (California users)
• The Federal Trade Commission (US users)
• The Consumer Financial Protection Bureau (CFPB) for issues related to financial data handling