Clean My Past

Effective May 1, 2026

Privacy Policy

Clean My Past (a service of CYBRCOAST LLC, a Delaware limited liability company at 254 Chapman Rd, Newark, DE 19702) respects your privacy. This policy explains what we collect, why, how long we keep it, and the rights you have over your information.

1. What we collect

  • Account information — email, password (hashed), legal name, date of birth, and (optionally) the last four digits of your SSN for FCRA dispute matching.
  • Case information — the answers you provide in the eligibility quiz, court records you upload, and consumer reports (CRA reports) you upload for FCRA cleanup.
  • Compliance audit log — every UPL-relevant event: attestations, paywall passes, document generations. Indefinite retention; this is a legal-defensive record.
  • Server logs — IP address, user agent, request timing. 90-day retention.
  • Optional analytics and performance data — if you opt in, Vercel Web Analytics and Speed Insights collect public page paths, referrers, device/browser information, and Core Web Vitals. They do not collect quiz answers, court-record details, uploaded reports, admin pages, account pages, result pages, or API payloads.

2. How we use it

  • To assess eligibility under your state's expungement statute.
  • To generate court-ready forms pre-filled with your information.
  • To generate FCRA dispute letters and CFPB complaint drafts.
  • To send you reminders (court deadlines, FCRA 30-day windows, broker rechecks) by email — you can opt out at any time.
  • To process payments via Stripe.
  • If you opt in, to understand public-page traffic and performance so we can improve the site before and after Vercel deployment.

3. We never sell your data, and we never use your case data to train AI models.

4. Retention

  • Active account data: kept until you delete your account.
  • Soft-deleted accounts: 30-day grace period, then PII wiped.
  • Generated documents: 7 years.
  • Compliance audit log: indefinite (encrypted at rest).
  • Server logs: 90 days.
  • Analytics events: 18 months (PII stripped).

5. Your rights

Under the Texas Data Privacy and Security Act (TDPSA), the Nevada consumer-data law (SB 220), and federal privacy practices, you have the right to access, correct, delete, and port your data, and to opt out of marketing communications.

Submit a request via our DSAR endpoint at /account/dsar or by email at privacy@cleanmypast.com. We respond within 30 days (45 days for CA / CO / UT residents).

6. Cookies

We use strictly necessary cookies (session, CSRF, compliance attestations). Functional cookies, Vercel Web Analytics, and Vercel Speed Insights are off by default and only turn on if you accept all cookies in the banner. Analytics and performance scripts are not loaded on admin, dashboard, account, auth, result, or API routes. We honor Global Privacy Control (GPC) signals automatically.

7. Third parties

We share data only with the third parties needed to operate the platform: Vercel (hosting, optional Web Analytics, and optional Speed Insights), Stripe (payments), Supabase (database + auth), SendGrid (email), and DocuSign (e-signature). We do not mail certified-mail packets for you. We do not share your data with employers, law enforcement, or any other third party except as legally required.

8. Contact

Privacy questions: privacy@cleanmypast.com
General support: help@cleanmypast.com