How FightThis works.

We use AI, professional document tools, and USPS-grade mail infrastructure to turn your form input into a real, deliverable letter — usually in under 10 seconds.

Form → AI drafts your letter → You review & pay → We generate PDF & DOCX → Optionally we mail it → You get tracking.

From form to mailed letter, in one diagram

Every step a request takes from when you hit submit to when USPS delivers the envelope.

sequenceDiagram
    autonumber
    participant U as You
    participant F as FightThis
    participant C as Claude AI
    participant S as Stripe
    participant R as R2 Storage
    participant E as Postmark
    participant L as Lob
    participant P as USPS

    U->>F: Submit form + denial PDF
    F->>C: Generate response letter
    C-->>F: Drafted letter (~3-5s)
    F-->>U: Preview shown
    U->>S: Pay unlock fee
    S-->>F: Webhook: paid
    F->>F: Render PDF + DOCX
    F->>R: Upload artifacts
    F->>E: Send download links
    E-->>U: Email with letter

    opt You choose to mail it
        U->>S: Pay mail fee
        S-->>F: Webhook: mail purchased
        F->>L: Create letter
        L->>P: Print & dispatch
        P-->>L: Tracking events
        L-->>F: Webhook: status updates
        F->>E: Send status email
        E-->>U: Tracking notifications
    end

AI letter generation

We use Claude Sonnet, currently the best-in-class large language model for legal-style writing. It reads your form input and any uploaded denial letter, then drafts a professional response that cites relevant regulations (ERISA, FDCPA, FCRA, etc.).

View technical details
  • Model: Claude Sonnet 4.6 (Anthropic), via API
  • Average response: ~3–5 seconds for a 2,500-word letter
  • Vertical-specific system prompts include actual statutory citations relevant to each dispute type
  • Mistral OCR (mistral-ocr-2506-latest) extracts text from uploaded denial letter PDFs
  • We do not train on customer data — every API call is fresh inference

Document generation (PDF + DOCX)

We render your letter into both PDF (for printing and mailing) and DOCX (for editing in Word) using commercial-grade typography and layout.

View technical details
  • PDF: headless Chromium via Puppeteer, Inter typeface for body, Fraunces for headings
  • DOCX: docx.js library generating native Microsoft Word format
  • Both formats fit a single letter-size page with proper margins
  • PDFs are full-width and formatted for window envelopes
  • Each rendering is mutex-serialized to prevent concurrent Puppeteer crashes
  • Generation typically completes in 2–3 seconds

Storage (Cloudflare R2)

Your generated letters are stored in Cloudflare R2 (S3-compatible object storage) for fast access. We use signed URLs that expire after 90 days for security.

View technical details
  • Bucket: separate buckets for production letters and database backups
  • Pre-signed URLs with 24-hour TTL for downloads, 90-day default file retention
  • Egress is free (vs S3, which charges per byte) — keeps costs predictable
  • Backups: hourly DB snapshots pushed to R2 in addition to local backups
  • Server in AWS us-east-1; R2 globally distributed via Cloudflare's CDN

Payment processing (Stripe)

We use Stripe for all payments — the same infrastructure used by Apple, Amazon, Shopify, and most modern internet businesses. Your card data never touches our servers.

View technical details
  • Stripe Checkout (hosted page) for PCI compliance — we never see card numbers
  • Webhook verification with HMAC-SHA256 signature checking
  • Idempotent processing via stripe_events table — duplicate webhook deliveries safely ignored
  • Test mode currently active during soft launch; live mode for production
  • Mail-tier purchases use separate Stripe sessions distinguished by metadata.mail_purchase=true

Mail delivery (Lob.com + USPS)

When you choose to have us mail your letter, we use Lob.com — a printing-and-mailing API trusted by Microsoft, GitHub, and SaaS companies needing physical mail at scale. They print your letter on commercial-grade paper and dispatch it via USPS the next business day.

View technical details
  • Three tiers: First-Class Mail ($7.99), Certified Mail ($19.99), Certified + Return Receipt ($24.99)
  • Address verification via USPS database before charging — no money taken if address is undeliverable
  • HMAC-SHA256-signed webhooks from Lob update status (in transit, delivered, signed, returned)
  • Idempotent event processing via lob_events table
  • Manual retry script (scripts/retry-failed-mail.mjs) for ops in case of API failures

Email delivery (Postmark)

Letter delivery emails and mail status notifications use Postmark, an email service designed specifically for transactional messages (not marketing). High deliverability, no spam folder.

View technical details
  • Three email types: letter ready, mail submitted (with tracking), mail delivered
  • DKIM + Return-Path verified for fightthis.ai
  • DMARC policy in place
  • All emails are user-triggered (form submission, payment, status update) — no marketing, no broadcasts
  • Bounce handling via webhooks; suppression list managed by Postmark

Privacy-respecting analytics (Plausible)

We use Plausible Analytics — a privacy-first analytics service that respects you. No cookies, no cross-site tracking, no behavioral profiling. Just basic page-view counts so we know what's working.

View technical details
  • Self-hosted at analytics.fightthis.ai (we control all the data)
  • GDPR / CCPA / PECR compliant by default
  • No cookies set on your browser
  • No personal data collected — just aggregate page views and bounce rates
  • Open source: github.com/plausible/analytics

Hosting & infrastructure

Built with Astro (a modern static-first framework) and Node.js, hosted on AWS EC2 in the US East region. SSL certificates from Let's Encrypt, managed by Certbot for automatic renewal.

View technical details
  • Astro 6.x for the frontend (SSR + static)
  • Node.js runtime, systemd-managed service
  • SQLite database (single-file, hourly backups to local + R2)
  • nginx reverse proxy + TLS termination
  • Let's Encrypt cert auto-renewed every 90 days
  • Linux (Ubuntu 24.04 LTS) on EC2 t3.large

Security & data handling

Your data is your data. We don't sell it, share it, or train AI on it. We collect only what's needed to deliver your letter.

View technical details
  • All traffic over HTTPS (TLS 1.3)
  • Card data: never stored, never seen — handled entirely by Stripe
  • Letter content: stored in R2 for download / mail purposes; deleted on request
  • Email addresses: used only for transactional delivery, not marketing
  • Audit log: every state change recorded for accountability
  • No analytics cookies, no ad tracking, no third-party data sharing

How everything connects

A simplified view of which services talk to which.

flowchart LR
    Browser([Browser])
    Browser -->|HTTPS| Nginx[nginx + TLS]
    Nginx --> Astro[Astro / Node SSR]
    Astro --> SQLite[(SQLite)]
    Astro --> Claude[Claude API]
    Astro --> Mistral[Mistral OCR API]
    Astro --> Stripe[Stripe API + Webhooks]
    Astro --> Lob[Lob API + Webhooks]
    Astro --> Postmark[Postmark API]
    Astro --> R2[(Cloudflare R2)]

Built by people who care about doing this right.

If you have questions about how the technology works, what data we collect, or anything else, email hello@fightthis.ai.

Privacy Policy Terms of Service