Privacy Policy

We collect only what is necessary to help you generate credit dispute letters:

• Account information: Your email address, first and last name, and a hashed password. If you sign in with Google, we receive your name, email, and profile picture only.
• Dispute information: Your mailing address (current and optional previous), the last 4 digits of your SSN (encrypted at rest), and the accounts / items you choose to dispute.
• Credit report uploads: PDFs you upload from AnnualCreditReport.com or any bureau. We extract the text, analyze it for negative items, and then permanently delete the extracted text. The original file is not retained beyond analysis.
• Dispute activity: The letters you generate, the dates they are mailed, bureau responses you log, and follow-up actions.
• Optional content: Journal entries, testimonies, debt calculator inputs, and prayer/strategy preferences you create.
• Device and usage data: Limited analytics (page views, errors, performance) — no cross-app tracking, no advertising identifiers, no location tracking.

What we do NOT collect: your full Social Security number, your bank account numbers, your credit card numbers, your date of birth, or your credit score.

• To generate your FCRA Section 611 dispute letters and related PDFs.
• To track your 35-day response window and suggest next-step actions (e.g., MOV letters, CFPB complaints).
• To send essential account emails (welcome, password reset, dispute milestones) — you can disable non-essential emails in Settings.
• To display aggregate, anonymized progress in the optional Ministry Dashboard (no personal information is shared).
• To protect the service from fraud and abuse.

We never use your information for advertising. We do not show ads, and we do not sell or rent your information to third parties.

To identify negative items in your uploaded report, we send the extracted text to a third-party AI provider (currently OpenAI) using an automated, secure channel. The text is processed to return structured data (item name, issue type, balance, reporting bureau) and is not used to train any AI model. Selah Slate deletes the raw text from our servers immediately after analysis completes.

• Passwords are hashed using industry-standard bcrypt; we cannot see your password.
• The last 4 digits of your SSN are encrypted at rest.
• All data is transmitted over HTTPS / TLS.
• Uploaded PDF text is purged immediately after AI analysis.
• Access to production systems is restricted and logged.

We rely on a small number of trusted service providers, each bound by their own security terms:

• OpenAI — AI-powered credit report analysis. Text is sent under a no-training agreement.
• Resend — Transactional email delivery (welcome, password reset, dispute reminders).
• MongoDB — Encrypted database hosting.
• Google Sign-In (optional) — Authentication only; we never post to or read your Google data beyond basic profile.
• PostHog — Anonymous product analytics; no personally identifying data is sent.

You are in control of your data at all times.

• Access: View all of your account info from the Profile page.
• Correction: Update your name, address, or SSN digits at any time.
• Export: Email privacy@selahandstonelegacy.com and we will send you a machine-readable copy within 30 days.
• Deletion: Delete your account and all associated data instantly from Settings → Delete Account. Once you confirm, all disputes, letters, journal entries, and testimonies tied to your account are permanently erased.
• Marketing emails: Toggle welcome, reminder, and celebration emails in Settings. Transactional security emails (password reset) cannot be disabled.
• California (CCPA) / Virginia (VCDPA) / EU (GDPR) rights: You have the right to know, correct, delete, and — where applicable — port your data. Contact privacy@selahandstonelegacy.com to exercise any of these rights.
• Do Not Sell: We do not and will not sell your personal information, so nothing to opt out of.

We retain your account information while your account is active. Generated dispute letters are retained so you can re-download them (we recommend saving your own copies). Raw extracted PDF text is deleted within minutes of analysis. When you delete your account, all of the above is permanently removed from our production database within 30 days, except where we are required by law to retain limited records (e.g., fraud-prevention logs).

Selah Slate is intended for individuals 18 years of age or older. We do not knowingly collect personal information from children under 13. If you believe a child has provided information, please contact us and we will delete it.

Selah Slate does not display advertising, does not use cross-app tracking, and does not use the IDFA or Android Advertising ID. Our app's App Store and Google Play listings accurately reflect that no data is "linked to you for tracking purposes."

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date above and, for any material change, notify you by email or in-app banner at least 14 days before it takes effect.

privacy@selahandstonelegacy.com

Selah and Stone Legacy Holdings LLC — Attn: Privacy
Selah Slate™ is a financial wellness initiative. We respond to privacy requests within 30 days.