Privacy Policy

Information We Collect

Personal Information

• • Name and email address when you create an account
• • Payment information when you subscribe to our services
• • Profile information you choose to provide
• • Device information and IP addresses for security purposes

Financial Information

• • Credit card names and last four digits (we never store full card numbers)
• • Card balances, APRs, and minimum payment amounts you enter
• • Payment history and strategies you create
• • Debt payoff goals and milestones

Usage Information

• • Features you use and actions you take in the app
• • Performance data to improve our services
• • Error reports and debugging information
• • Analytics data (anonymized)

How We Use Your Information

To Provide Our Services

• • Calculate optimal debt payoff strategies
• • Track your progress toward becoming debt-free
• • Send payment reminders and notifications
• • Generate financial reports and insights
• • Sync data across your devices

To Improve Our Services

• • Analyze usage patterns to enhance features
• • Fix bugs and improve performance
• • Develop new features based on user needs
• • Conduct research to improve debt payoff algorithms

To Communicate With You

• • Send important account and security updates
• • Provide customer support
• • Share optional tips and educational content
• • Notify you about new features (with your consent)

Data Security

We implement industry-standard security measures to protect your information:

• • Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256
• • Access Controls: Strict authentication and authorization protocols
• • Regular Audits: Security assessments and penetration testing
• • Secure Infrastructure: Hosted on SOC 2 compliant cloud providers
• • Two-Factor Authentication: Optional 2FA for enhanced account security
• • PCI Compliance: Payment processing meets PCI DSS standards

Your Rights

You have the following rights regarding your personal information:

Access and Portability

You can access and export all your data at any time through your account settings. We provide data in standard formats (CSV, JSON) for easy portability.

Correction

You can update or correct your information directly in the app or by contacting our support team.

Deletion

You can request deletion of your account and all associated data. We will process deletion requests within 30 days, except where we're required to retain data for legal purposes.

Opt-Out

You can opt out of marketing communications at any time. Essential service communications cannot be opted out of while you maintain an active account.

Data Minimization

We only collect data necessary to provide our services. You can choose not to provide optional information without affecting core functionality.

Data Storage and Retention

Where We Store Data

Your data is stored on secure servers located in the United States. We use industry-leading cloud infrastructure providers with SOC 2 Type II certification.

How Long We Keep Data

• • Active Accounts: Data is retained as long as your account is active
• • Inactive Accounts: Data is retained for 2 years of inactivity, then automatically deleted
• • After Deletion: Most data is deleted within 30 days, backups within 90 days
• • Legal Requirements: Some data may be retained longer if required by law

Backups

We maintain encrypted backups for disaster recovery. Backups are retained for up to 90 days and are subject to the same security measures as primary data.

Third-Party Services

We work with trusted third-party services to provide and improve our application:

Payment Processing

We use Stripe for payment processing. We never see or store your full payment card details. Stripe's privacy policy applies to payment information.

Analytics

We use privacy-focused analytics tools to understand usage patterns. Analytics data is anonymized and cannot be traced back to individual users.

Cloud Infrastructure

We use Vercel and MongoDB Atlas for hosting and data storage. These providers are selected for their strong security and privacy practices.

Email Services

We use email service providers for transactional emails and optional newsletters. You can unsubscribe from marketing emails at any time.

Children's Privacy

DebtFlow is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.

International Users

If you access DebtFlow from outside the United States, please be aware that your information may be transferred to and processed in the United States. By using our services, you consent to this transfer.

California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete personal information, and the right to opt-out of the sale of personal information (which we do not do).

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through the app. Continued use of DebtFlow after changes constitutes acceptance of the updated policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: