Comprehensive Legal Policy

Legal Policy & Security Overview

Complete transparency about how DebtFlow handles your data, ensures security, and complies with regulations

Feature-Specific Policies

Detailed policies for each DebtFlow feature and how we protect your data

Debt Management Features

How we handle your financial data and debt management tools

Analytics & Insights

Data collection and usage for financial insights

Account & Security

Authentication, authorization, and account protection

Subscription & Billing

Payment processing and subscription management

Enterprise-Grade Security

Multiple layers of security to protect your financial data

Data Encryption

  • AES-256 encryption for all data at rest
  • TLS 1.3 for all data in transit
  • Encrypted backups with key rotation
  • Client-side encryption for sensitive calculations

Access Control

  • Role-based access control (RBAC)
  • Multi-factor authentication (2FA)
  • API rate limiting and throttling
  • Secure password requirements

Infrastructure

  • SOC 2 Type II compliant hosting
  • Geographic data redundancy
  • Automatic security patching
  • DDoS protection and WAF

Monitoring

  • 24/7 security monitoring
  • Intrusion detection systems
  • Audit logging for all data access
  • Incident response procedures

Compliance Standards

Meeting and exceeding industry compliance requirements

Compliant

GDPR

General Data Protection Regulation

Full compliance with EU data protection laws

Compliant

CCPA

California Consumer Privacy Act

Respecting California residents' privacy rights

Level 1 (via Stripe)

PCI DSS

Payment Card Industry Data Security Standard

Highest level of payment security compliance

Type II

SOC 2

Service Organization Control 2

Audited security, availability, and confidentiality

Your Data Rights

You have complete control over your personal data

Right to Access

Request a copy of all your personal data

How to exercise this right:

Dashboard → Settings → Privacy → Download My Data

Right to Rectification

Correct any inaccurate personal data

How to exercise this right:

Dashboard → Settings → Profile → Edit Information

Right to Erasure

Request deletion of your account and data

How to exercise this right:

Dashboard → Settings → Account → Delete Account

Right to Portability

Export your data in machine-readable format

How to exercise this right:

Dashboard → Settings → Privacy → Export Data (CSV/JSON)

Right to Object

Opt-out of certain data processing

How to exercise this right:

Dashboard → Settings → Privacy → Data Preferences

Right to Restrict

Limit how we process your data

How to exercise this right:

Contact privacy@debtflow.app

Third-Party Services

Trusted partners that help us deliver secure services

Payment Processing - Stripe

PCI DSS Level 1 compliant payment processing

  • • We never see or store your full payment card details
  • • All payment data is tokenized and encrypted by Stripe
  • • Stripe's privacy policy applies to payment information
  • View Stripe Privacy Policy

Infrastructure - Vercel & MongoDB Atlas

Enterprise-grade hosting and database services

  • • SOC 2 Type II certified infrastructure providers
  • • Data encrypted at rest and in transit
  • • Geographic redundancy for high availability
  • • Automatic security patching and monitoring

Analytics - Privacy-Focused

Understanding usage without compromising privacy

  • • No personally identifiable information in analytics
  • • Aggregated data only for service improvement
  • • No tracking across other websites
  • • Full compliance with privacy regulations

Security Incident Response

Our commitment to transparency and swift action

In Case of a Security Incident:

  1. 1.
    Immediate Containment: We'll immediately contain the incident to prevent further impact
  2. 2.
    Assessment: Determine the scope and impact of the incident
  3. 3.
    Notification: Notify affected users within 72 hours as required by GDPR
  4. 4.
    Remediation: Fix vulnerabilities and strengthen security measures
  5. 5.
    Review: Conduct post-incident review and implement improvements

Contact Our Legal & Privacy Team

We're here to answer your questions and address your concerns

Data Protection Officer

privacy@debtflow.app

For privacy and GDPR inquiries

Legal Department

legal@debtflow.app

For legal and compliance matters

Security Team

security@debtflow.app

For security concerns and vulnerabilities

Response Times

General Inquiries

3-5 business days

Data Rights Requests

Within 30 days

Security Issues

Within 24 hours

Legal Matters

5-7 business days