Legal

Privacy Policy

Plain language. What we collect, what we do with it, what we don't do with it, and your rights.

Who we are

DispuPoint is a document preparation and case assessment service operated by GCW Digital LLC, a Delaware limited liability company. References to "DispuPoint," "we," "us," or "our" in this policy refer to GCW Digital LLC operating as DispuPoint.

Primary contact for privacy matters: hello@dispupoint.com

What we collect

Information you provide directly

When you submit a case, we collect the information you give us. This includes:

  • Your name and email address, submitted through the intake form
  • Your property address and the name of your HOA, condo association, or property management company
  • A description of your dispute and your desired outcome
  • Documents, emails, letters, ledgers, financial statements, photos, and any other files you upload to your case or forward to your case email address
  • Your responses to questions we ask as part of the assessment and letter preparation process
  • Payment information processed through Stripe. We do not store your card number, expiration date, or CVV. Stripe handles all payment data directly and is solely responsible for its security.
  • Any communications you send to hello@dispupoint.com or to your assigned case email address

Information collected automatically

We collect limited technical data to operate the service:

  • Basic server logs, including IP address, browser type, and pages visited. These are used for security and debugging, not for profiling.
  • Cloudflare analytics data, which is aggregated and does not identify individual users
  • Session tokens stored in your browser to keep you logged into your client portal. These expire and are not used for tracking.

What we do with your information

We use your information for one purpose: to provide the service you paid for. Specifically:

  • To review your case, apply applicable law to your facts, and prepare your documents
  • To communicate with you about your case status and deliver your outputs
  • To process your payment and issue refunds where applicable
  • To improve our service using anonymized, non-identifying case patterns. We never use your name, your property address, or the specific details of your dispute for this purpose.
  • To comply with applicable law

What we do not do

We do not sell your personal information. We do not use your information for advertising. We do not share your case details with any third party for marketing purposes. We do not build advertising profiles. We do not use your information in any way that is not directly related to delivering your case assessment and prepared documents.

The one narrow exception is the referral program: if you used a referral code when submitting your case, the person who referred you will receive a notification of your viability outcome only (VIABLE or POTENTIALLY VIABLE). No case details, documents, dispute description, or personal information of any kind are shared. By entering a referral code at checkout, you consent to this limited disclosure. See the Referral Program section below for full details.

How your case is processed

DispuPoint uses AI technology to read your documents, map your timeline, and identify applicable statutes and ordinances. Before any output reaches you, a human reviewer at DispuPoint reads the AI-generated analysis for accuracy and completeness. Both steps are necessary to deliver the service.

All data you upload, including documents, emails, photos, and any other files, is stored exclusively on US-based servers. It does not leave US infrastructure except for the specific API call to Anthropic described below, which is also processed under US-based terms.

Here is exactly what happens to your data during case processing:

  • Your documents and case details are stored in our secure case database (Airtable, US-based infrastructure)
  • Your uploaded files are stored in our secure file storage (Cloudflare R2, US-based)
  • To perform the AI analysis, your case documents and case details are transmitted to Anthropic's API. Anthropic processes this data on our behalf under a data processing agreement. Under Anthropic's terms, your data is not used to train their AI models. We transmit only what you submitted. No additional personal data is appended to the API call.
  • A human reviewer at DispuPoint reviews the output directly before anything is delivered to your portal
  • Completed outputs are delivered to your private client portal

At no point does your case information leave this controlled chain of processing for any purpose other than delivering your service.

Third parties we work with

We work with a small number of service providers to operate DispuPoint. Each is engaged for a specific function and is prohibited from using your data for any purpose other than that function.

Stripe

Payment processing. Stripe collects and stores your payment card information directly. We receive a transaction record and a payment identifier but never your card details. Stripe is PCI-DSS compliant.

stripe.com/privacy

Airtable

Case data storage. Your intake information, case notes, and assessment outputs are stored in Airtable's US-based infrastructure under our account. Airtable does not access your data for its own purposes.

airtable.com/company/privacy

Cloudflare

Website hosting, file storage (R2), security, and email routing. Your uploaded documents are stored in Cloudflare R2 in the US East region. Cloudflare's infrastructure also protects the site from DDoS attacks and handles your case email address routing.

cloudflare.com/privacypolicy

Anthropic

AI processing for case analysis. When your case is processed, your submitted documents and case details are sent to Anthropic's API. Anthropic acts as a data processor on our behalf under a data processing agreement. Under the terms of that agreement, your data is not used to train Anthropic's AI models. We do not send Anthropic any data beyond what you submitted for your case.

anthropic.com/privacy

Resend

Transactional email delivery. We use Resend to send you status updates, assessment notifications, and refund confirmations. Resend receives your email address and the content of those emails. Resend does not use your information for its own marketing purposes.

resend.com/legal/privacy-policy

No other third parties have access to your case data. We do not use advertising networks, marketing platforms, analytics trackers, or data brokers.

Referral program

If you submit a case using a referral code provided by an existing DispuPoint client, the following applies to your data.

When your case receives a viability determination, the client who referred you will be notified of that outcome, specifically, whether your case was assessed as VIABLE or POTENTIALLY VIABLE. This is the only information shared with the referring client. No case details, no documents, no dispute description, no personal information, and no contact details are shared. The referring client has no access to your portal or any case content.

By entering a referral code at checkout, you consent to this limited disclosure. This consent is specific to the viability outcome only. It does not extend to any other information about your case.

If a NOT VIABLE determination is issued and a refund is processed, no notification is sent to the referring client and no referral credit is earned. The outcome of a NOT VIABLE case is not disclosed to any party other than you.

Your case email address

When you submit a case, you are assigned a personal email address unique to your case. Emails you forward to this address are ingested into your case file and processed as part of your submission. These emails are stored in our case database and in Cloudflare infrastructure, and are subject to the same handling and retention rules as all other case data.

Data retention

We retain your case data for a period of 24 months following case closure. After that period, case data is deleted or anonymized. Payment records are retained for as long as required by applicable tax and financial regulations, which is typically 7 years.

If you delete your account through the client portal before your case has been processed, your case data and uploaded files are deleted from our systems and a refund is issued automatically if no processing has occurred.

How to delete your account and data

You can delete your account and all associated case data at any time. No form to fill out. No email to send. There is a Delete Account button at the bottom of your client portal. Clicking it removes your case data and uploaded files from our systems immediately. If no processing has occurred, a full refund is issued automatically to your original payment method.

Payment records are excluded from portal deletion and are retained as required by applicable financial regulations. If you have questions about what has been retained, contact us at hello@dispupoint.com.

Your rights

Regardless of where you are located, you have the following rights regarding your personal data:

  • The right to access the personal data we hold about you
  • The right to request correction of inaccurate data
  • The right to delete your account and case data, available directly through the Delete Account button at the bottom of your client portal, no form or email required
  • The right to withdraw consent for any processing based on consent
  • The right to lodge a complaint with a supervisory authority

If you are located in the European Economic Area or United Kingdom, additional rights apply under the GDPR and UK GDPR respectively, including the right to data portability and the right to object to processing on grounds of legitimate interest. To exercise these rights, contact us at hello@dispupoint.com.

We will respond to all rights requests within 30 days. Where a request requires verification of identity, we may ask you to confirm information associated with your account before proceeding.

Data security

We implement industry-standard security measures to protect your data: encrypted storage, HTTPS transmission, access controls limiting who can view case data, and infrastructure-level security through Cloudflare. Your client portal access is session-based and expires automatically.

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you as required by applicable law and take all reasonable steps to mitigate harm.

Cookies and analytics

We use the following cookies and analytics tools on this site:

  • Session cookies: Essential cookies that keep you logged into your client portal during your session. These expire when you log out or the session times out and are not used for tracking.
  • Cloudflare security cookies: Set automatically by Cloudflare as part of DDoS protection and bot detection. These are infrastructure-level cookies not used for profiling or advertising.
  • Google Analytics: We use Google Analytics to understand how visitors use the site, which pages are visited, how long sessions last, and where traffic comes from. This data is aggregated and anonymous. Google Analytics uses cookies to collect this information. You can opt out via Google's opt-out tool.

We do not use advertising cookies or build targeting profiles. The analytics data we collect is used only to improve the site.

Children

DispuPoint is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a minor, contact us at hello@dispupoint.com and we will delete it promptly.

Changes to this policy

We may update this policy from time to time. When we do, we will update the effective date at the bottom of this page. Material changes will be communicated by email to clients with active cases at the time of the change.

Contact

For privacy-related questions, rights requests, or concerns: hello@dispupoint.com

GCW Digital LLC, operating as DispuPoint
Delaware, United States

Effective date: April 2026. GCW Digital LLC, operating as DispuPoint, Delaware, United States.