Attorney-reviewed in all 50 states
Help Center

Privacy Policy

How we handle your information.

Effective January 15, 2026

Trust is the whole product here. You are sharing sensitive details — dispute facts, opposing party information, financial documents — and you deserve to know exactly how we handle them.

Short version: we collect what is needed to produce your letter or packet, we share it only with the attorney reviewing your case and the services that deliver it, we encrypt it at every step, and we never sell it. Long version below.

Section 01

Overview

This Privacy Policy explains how Sue.com LLC (“Sue.com,” “we,” “us,” or “our”) collects, uses, discloses, and protects information when you use our website, applications, and services (the “Services”).

Sue.com is offered exclusively to United States residents. All personal information is collected, processed, and stored within the United States. We do not knowingly serve users in the European Economic Area, the United Kingdom, or any other jurisdiction outside the United States, and this policy is not designed to satisfy non-U.S. data protection regimes such as GDPR.

We wrote this policy to be read, not skimmed. If you have questions after reading it, email privacy@sue.com.

Section 02

Information we collect

We collect the following categories of information:

  • Account information: name, email address, phone number, password (hashed).
  • Case information: dispute details, the identity and contact information of the opposing party, amounts in controversy, relevant dates, and facts you provide during intake.
  • Evidence files: documents, images, and files you upload as evidence (invoices, contracts, texts, photos).
  • Payment information: handled by our payment processor (Square). We never receive or store full card numbers.
  • Communications: emails, chat messages, and phone calls with our support team, which may be logged for quality.
  • Device and usage information: IP address, browser type, device identifiers, pages viewed, time spent, and referring URLs.
  • Cookies and similar technologies: session cookies for login, preference cookies, and limited analytics cookies (see “Cookies” below).

Section 03

How we use your information

We use your information to:

  • Provide, operate, and improve the Services (including drafting your demand letter or packet);
  • Route your case to a licensed attorney in your jurisdiction for review;
  • Communicate with you about your case, account, and support requests;
  • Process payments and issue invoices;
  • Detect and prevent fraud, abuse, and security incidents;
  • Comply with legal obligations and enforce our Terms of Use;
  • Analyze usage patterns to improve our platform (in aggregate, never individually).

We do not sell your personal information. We do not use your case information for advertising or marketing purposes.

Section 04

How we share your information

We share information only with:

  • The reviewing attorney in your state, solely for the purpose of reviewing your letter or packet.
  • USPS for the physical delivery of Certified Mail.
  • Square for payment processing.
  • Our email and SMS providers for transactional messages (login codes, case updates).
  • Hosting, storage, and security vendors bound by data-processing agreements that restrict use to providing services to Sue.com.
  • Law enforcement or regulators when required by law (e.g., subpoena) or to prevent fraud, harm, or a serious threat to safety.
  • In a corporate transaction, such as a merger or acquisition, in which case your information transfers under the same protections.

Section 05

Cookies and similar technologies

We use three categories of cookies:

  • Essential cookies: required for core functionality (login, session persistence, CSRF protection, intake-session continuity). These cannot be disabled without breaking the Services.
  • Preference cookies: remember your settings (e.g., state, language) to improve your experience.
  • Analytics cookies: help us understand aggregate usage patterns. We run two analytics layers: (1) our own first-party analytics, which writes anonymized page-view and intake-step events to our database for internal reporting; and (2) Google Analytics 4 via Google Tag Manager, which sets first-party Google cookies (typically _ga, _ga_*) to measure site usage and conversion. We have IP anonymization enabled on GA4 and do not use Google Signals or cross-device tracking.
  • Marketing / advertising cookies: not currently set. If we add Google Ads or social-media remarketing in the future, we will update this policy and disclose those tags here before they go live.

You can manage cookie preferences in your browser settings. Disabling essential cookies will break the Services. To opt out of Google Analytics specifically, install the official GA opt-out browser add-on.

Do Not Track.Most browsers transmit a Do Not Track (“DNT”) signal. Because the web industry has not settled on a uniform standard for honoring DNT, we do not respond differently to it. Our first-party analytics are aggregated regardless of DNT, and we configure Google Analytics with IP anonymization and without cross-site/cross-device tracking.

Section 06

Data retention

Retention varies by category:

  • Account information (name, email, hashed password): for the life of the account plus 90 days after closure.
  • Case information (intake facts, opposing-party details, claim amount): seven (7) years from the date your case closes, to comply with legal record-keeping obligations and to preserve your archive in case the dispute resurfaces.
  • Evidence files you upload: seven (7) years from case closure, alongside the corresponding case record. Earlier deletion on request, subject to active-case holds.
  • Payment records and invoices: seven (7) years for tax, accounting, and chargeback-defense purposes.
  • Transactional message logs (email + SMS delivery receipts): eighteen (18) months.
  • Server access and security logs: ninety (90) days for routine logs; up to two (2) years where flagged for security review.

You may request earlier deletion of your personal information at any time, subject to limited exceptions where retention is required by law (tax, audit, anti-fraud) or where deletion would compromise an active case (see “Your rights”).

Aggregated and de-identified data. We may retain aggregated, de-identified, or anonymized statistics indefinitely (e.g., total demand letters mailed per state, average time-to-resolution). Such data does not identify you and is not subject to the categories above.

Section 07

Your rights

Depending on your state or country of residence, you may have rights including:

  • Access: request a copy of the personal information we hold about you.
  • Correction: request that we correct inaccurate information.
  • Deletion: request deletion of your personal information, subject to legal record-keeping requirements.
  • Portability: request your information in a machine-readable format.
  • Opt-out of sale or sharing: we do not sell your information, but if this changes, we will offer a clear opt-out.
  • Non-discrimination: we will not penalize you for exercising these rights.

To exercise any of these rights, email privacy@sue.com. We respond within 30 days. We may need to verify your identity before acting on a request.

Section 08

California privacy (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively the “CCPA”), gives you specific rights regarding your personal information.

Categories of personal information we collect, and the sources, purposes, and retention for each.The categories below use the terminology of CCPA § 1798.140.

  • Identifiers(name, email, phone, IP address): collected directly from you and from your device. Used to provide and secure the Services. Retained per the “Data retention” schedule above.
  • Customer records (mailing address, payment-handling info via Square): collected from you. Used to deliver Certified Mail and to process payment. Retained 7 years for tax.
  • Commercial information (orders, invoices, products purchased): generated by your transactions. Used for billing, support, and accounting. Retained 7 years.
  • Internet activity (pages viewed, time on site, referring URL, basic device info): collected automatically. Used for security and aggregate analytics. Retained 90 days for raw logs, longer for de-identified rollups.
  • Geolocation (state and approximate city, derived from IP): collected automatically. Used to route to the correct in-state attorney and to surface state-specific content. Retained with the case record.
  • Inferences drawn from the above (e.g., dispute category preference): used solely to operate the Services; never sold or used for cross-context behavioral advertising.
  • Sensitive personal information: account password (hashed) and the contents of your case (which may include financial details, photos, contracts). We use this only to provide the Services. You have the right to limit our use of sensitive personal information to the purposes specified in CCPA § 1798.121, and we already comply by default.

Sale and sharing. We do not sell or share personal information as those terms are defined under California law, and we have not done so in the preceding twelve (12) months. We do not engage in cross-context behavioral advertising.

Your rights. California residents have the right to: (a) know what personal information we collect and how we use it; (b) access or receive a copy of that information; (c) correct inaccurate information; (d) request deletion (subject to exceptions for legal record-keeping); (e) limit our use of sensitive personal information; (f) opt out of any future sale or sharing; and (g) be free from retaliation for exercising any of these rights.

How to make a request. Email privacy@sue.comwith the subject line “California Privacy Request” and the type of request you are making. We respond within forty-five (45) days; if we need an extension, we will tell you within that period and complete the request within ninety (90) days. We may need to verify your identity before acting on a request.

Authorized agents. You may designate an authorized agent to make a request on your behalf. The agent must provide written permission signed by you and we may require you to verify your identity directly with us before acting.

Financial incentives. Sue.com does not offer any financial incentive (loyalty program, price discount, etc.) in exchange for the collection, sale, or retention of your personal information.

Section 09

Security

We protect your information with industry-standard security controls: encryption in transit (TLS 1.3), encryption at rest (AES-256), role-based access control, audit logs, and regular security reviews. Our payment processor (Square) is PCI-DSS compliant.

No system is perfectly secure. If we become aware of a security incident affecting your personal information, we will notify you and relevant authorities as required by law.

Section 10

Children's privacy

The Services are not directed to children under 18. We do not knowingly collect personal information from children. If we learn we have collected information from a child under 18, we will delete it. If you believe a child has provided us information, email privacy@sue.com.

Section 11

United States only

Sue.com is offered to United States residents only and is not intended for use outside the United States. We do not actively market the Services to, target advertising at, or knowingly collect personal information from individuals located outside the United States. If you access the Services from outside the U.S., we ask that you stop using them; if we discover that an account is operated from outside the U.S., we may close it. Because we do not serve users outside the U.S., this Privacy Policy is not designed to satisfy non-U.S. data protection regimes (including the EU and UK General Data Protection Regulation), and we make no representations of compliance with them.

Section 12

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced by email or prominent notice at least fourteen (14) days before taking effect. The effective date at the top of this page indicates when it was last revised.

Section 13

Contact

To exercise your rights, ask a question, or report a privacy concern:

Sue.com LLC
Attn: Privacy Team
363 N Sam Houston Pkwy E, Suite 125
Houston, TX 77060
Email: privacy@sue.com
Phone: +1 (877) 778-3266