Last updated July 13, 2026
Privacy policy
DIY Credit is designed to minimize the information it collects and to keep customers in control of their credit-report data.
Current account experience
DIY Credit uses a third-party account provider for secure account creation and sign-in. That provider processes authentication information such as your email address, account identifier, session information, and any sign-in method you choose.
Credit-profile details, manually entered or locally extracted report items, selections, and dispute reasons are saved to a database record tied to the signed-in account. DIY Credit uses the account identifier supplied by the authentication provider to enforce that boundary. Do not enter Social Security numbers, full account numbers, SmartCredit passwords, or original identity documents.
Information the service may use
To provide the saved workspace, DIY Credit processes:
- Account information such as name, email address, and authentication identifier.
- Mailing details used to prepare customer-reviewed dispute letters.
- Masked credit-report account summaries extracted from a customer-selected report file, received through an approved provider connection, or entered by the customer.
- Dispute selections, customer explanations, generated letters, and mailing-status records.
- Consent, security, and operational records needed to protect the service.
SmartCredit report import and connection
When a customer selects a saved SmartCredit HTML report, DIY Credit parses that file inside the customer’s browser. The raw report file is not uploaded or stored; only the extracted masked account summary can be saved to the customer’s workspace. A future live connection will use only SmartCredit’s approved partner API or tokenized connection method. DIY Credit does not ask for or store a customer’s SmartCredit username or password. SmartCredit maintains its own privacy practices, service agreement, pricing, and cancellation process.
How information is used
Customer information is used to provide the requested workspace, display report data, prepare customer-reviewed letters, maintain security, respond to support requests, and comply with applicable law. DIY Credit does not sell customer credit-report data.
Security and retention
Account authentication uses encrypted transport and provider-managed sessions. Saved-workspace requests require a signed-in account, and the server derives the owner identifier from that authenticated session rather than accepting it from the browser. Customers can download a copy of their workspace or delete the saved workspace from Letter Details. Additional production security review, monitoring, and retention procedures are still required before live report imports are enabled.
Policy changes and contact
This policy will be updated as the service changes and before live report imports are enabled. A production privacy contact and any applicable state-specific notices will be published before the full production launch.
