Last updated: April 28, 2026

Questions? legal@fightthis.m8n1ac.com

Note: This is a draft policy pending attorney review before public launch. It reflects our current practices and commitments. A qualified privacy attorney will review it before we accept payments or process PHI at scale.

Privacy Policy

FightThis ("we," "us," "our") provides a letter-drafting service at fightthis.m8n1ac.com. This policy explains what data we collect, how we use it, and what rights you have over it.

What we collect

  • Documents you upload: PDFs, images, or text you submit for letter drafting. These may contain personal information (your name, address, account numbers) and potentially protected health information (PHI) if you upload insurance or medical documents.
  • Form inputs: Answers to the questions we ask during the draft flow (names, dates, amounts, context).
  • Email address: For account creation, letter delivery, and optional waitlist signup.
  • Payment information: Handled entirely by Stripe. We never see or store your card number.
  • Usage data: Page visits and goal events tracked by Plausible Analytics (self-hosted, no cookies, no cross-site tracking, GDPR-compliant by design). We do not use Google Analytics or advertising pixels.
  • IP address: Stored in hashed form for rate limiting and fraud prevention. Not linked to your identity.

How we use your data

  • To generate the letter you requested
  • To deliver your letter by email and make it available for download
  • To process payment via Stripe
  • To maintain your account and letter history (if you create an account)
  • To improve our service (aggregated, de-identified usage patterns only)

What we don't do

  • We never train AI models on your data. Your documents and inputs are used solely to generate your letter and are never used to fine-tune, train, or evaluate AI models.
  • We never sell your data to third parties, advertisers, or data brokers.
  • We never share your data except with the subprocessors listed below, solely to deliver the service.

Auto-deletion

Documents you upload are automatically deleted 30 days after upload unless you request longer retention. Generated letters are retained for 90 days post-payment, then deleted unless you request retention. You can request deletion of any specific document at any time.

Subprocessors

  • Stripe — payment processing. PCI-DSS compliant.
  • Postmark — transactional email delivery.
  • Cloudflare R2 — encrypted document storage.
  • Anthropic — AI letter generation. Documents are processed per Anthropic's data processing agreement; they are not used for model training.
  • Lob (when you choose mailing service) — physical mail fulfillment.

Security

  • All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Documents stored in Cloudflare R2 with per-object encryption
  • Access controls limit which employees can access uploaded documents
  • Annual security review planned

Your rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data (right to erasure)
  • Export your data in a portable format
  • Opt out of any sale of personal information (we don't sell data, but this right exists)

To exercise any of these rights: privacy@fightthis.m8n1ac.com

California residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act. We do not sell personal information. You have the right to know what personal information we have collected and to request deletion. Contact us at the email above.

Children

FightThis is not intended for users under 18. We do not knowingly collect data from children.

Changes to this policy

We'll notify registered users of material changes by email before they take effect.

Contact

privacy@fightthis.m8n1ac.com

FightThis is a drafting tool, not a law firm. Read our full disclaimer.