Privacy Policy

Last updated: 9 April 2026

1. Overview

FightBack respects your privacy. This policy explains what personal data we collect when you use the service, why we collect it, who we share it with, and the rights you have under the UK GDPR and the EU GDPR.

2. Data controller

FightBack is the data controller for the personal data we collect through the service. You can reach us at privacy@fightback.help.

3. What we collect

  • Complaint details you type into the form: category, company name, free-text description, and any amount in dispute.
  • Email address— used to enforce the free tier, send your generated letter, and (optionally) ask whether you got your money back.
  • Payment metadata— if you upgrade, our payment provider Paddle handles the transaction. We never see your full card details; we only receive a confirmation that payment succeeded.
  • Basic technical data— standard server logs and anonymised analytics (page views, country, device class) so we can keep the service running.

4. Why we use it (legal bases)

  • To provide the service— generating your letter and (if requested) emailing it to you. Legal basis: performance of a contract.
  • To enforce free-tier limits and prevent abuse. Legal basis: legitimate interests.
  • To process payment. Legal basis: performance of a contract.
  • To improve the product via aggregated, anonymised analytics. Legal basis: legitimate interests.

5. Who we share it with

We do not sell your personal data. We share the minimum necessary data with the following processors:

  • Anthropic— runs the AI model that drafts your letter. The complaint text you submit is sent to Anthropic for generation.
  • Vercel— hosts the application and stores free-tier usage records in Vercel KV.
  • Paddle— processes payments and acts as merchant of record. Your payment details are handled by Paddle under their own privacy policy.
  • Resend— delivers your letter to your email address (if email delivery is enabled).

6. How long we keep it

We keep free-tier usage records keyed to your email so we can enforce the one-letter-per-email rule. Generated letters are retained only as long as needed to deliver them to you. You can ask us to delete your data at any time.

7. Your rights

Under UK and EU GDPR you have the right to:

  • Access the personal data we hold about you.
  • Have inaccurate data corrected.
  • Have your data deleted (the “right to be forgotten”).
  • Object to processing or ask us to restrict it.
  • Receive a copy of your data in a portable format.
  • Lodge a complaint with the UK Information Commissioner’s Office (ICO) or your local EU supervisory authority.

To exercise any of these rights, email privacy@fightback.help.

8. Cookies

FightBack uses only the minimum cookies needed to run the service and measure aggregate, anonymous usage. We do not use advertising or cross-site tracking cookies.

9. Changes to this policy

We will update this page if our practices change. The “last updated” date above shows the most recent revision. See also our Terms of Service and Refund Policy.