Dot & Cross
Sign inStart free

Legal

Privacy policy.

Last updated April 29, 2026

We collect what we need to handle your dispute and nothing else. This page explains what we collect, why, who sees it, and how to delete it.

What we collect.

  • Account data — name, email, password hash (or OAuth identifier), mailing address, phone (if you provide one).
  • Dispute data — the documents you upload, descriptions you write, deadlines, and outcomes.
  • Protected Health Information (PHI) — present in some medical bills and EOBs. PHI is isolated, redacted before model API calls (until our BAAs land), and stored encrypted.
  • Operational data — agent runs, tool calls, costs, timing. We log these for debugging and audit.
  • Payment data — processed by Stripe; we never store full card numbers.

What we do with it.

We use your data to run your dispute: read documents, draft letters, send mail, file complaints, track deadlines, and bill you for the work. We do not sell your data, ever. We do not use your dispute data to train models. Anonymized, aggregated metrics may be used internally to improve the Service.

Who sees what.

  • You — full visibility into your case file, audit log, and every action taken.
  • Our staff — engineers may access data to debug a specific issue or fulfill a support request, with audit logging.
  • Subprocessors — Anthropic and OpenAI (model inference, redacted), Postmark (email), Twilio (SMS, optional), Stripe (payments), Lob and PostGrid (mail), AWS Textract (document parsing), Cloudflare R2 (file storage), Neon (database), Upstash (Redis), Inngest (job queue).
  • Recipients of letters we send — the institution you’re disputing receives the letter content, your name, and your return address.

Where it lives.

Documents are stored in Cloudflare R2 with server-side encryption. Database (Neon) is encrypted at rest and in transit. PHI is segregated and access-controlled. We do not store data outside the United States by default.

How long we keep it.

Active dispute data: until you close the dispute, plus seven years for our records (statute of limitations on disputes). Account data: until you delete the account. Audit logs: seven years. You can request earlier deletion at any time, subject to legal-hold exceptions.

Your rights.

You can export, correct, or delete your data from /account/security or by emailing privacy@dotandcross.io. California residents have rights under CCPA/CPRA; EU/UK residents have rights under GDPR. We honor requests within 30 days.

Children.

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we learn that a user is under 18, we will delete their account and all associated data. Parents or guardians who believe a child has provided us with personal data should contact us at privacy@dotandcross.io.

Cookies and tracking.

We use a session cookie to keep you logged in and a small set of first-party analytics events (page views, sign-ups). We do not use third-party advertising trackers and we honor Global Privacy Control signals.

Changes.

We will email you at least thirty days before material changes. Older versions are archived and available on request.

Questions? Email privacy@dotandcross.io.