Privacy & Data

Data transparency you can trust.

DebtTrack collects the minimum data needed to run your ledger, protect your account, and improve reliability. We never sell your information, never use it for advertising, and always give you control.

Core app data

  • Your Account: Email, display name, password (hashed), preferred currency and timezone
  • Your Ledger: All contacts, transactions, balance calculations, and notes you create
  • Session Info: Encrypted login tokens (only stored locally and on secure servers)
  • Payment Details: If you add them - bank info, mobile money, reference codes (only shared with your consent)

This data is encrypted both in transit and at rest using industry-standard encryption (HTTPS + AES-256).

Usage analytics

  • Anonymous Device ID: Unique identifier, not linked to your identity
  • Country/Region: Derived from IP, helps us understand geographic usage
  • IP Hash: Non-reversible, privacy-preserving traffic analysis
  • Feature Usage: Which buttons you click, pages you visit (aggregated across all users)

Analytics never identifies you personally and is never shared with third parties for marketing.

Data we never collect

  • Bank account numbers or card details (unless you voluntarily share)
  • Advertising identifiers or cross-site tracking cookies
  • Behavioral profiling or targeting data
  • Biometric data or location tracking (beyond country-level geolocation)
  • Keystroke logging or session recordings

Security practices

  • HTTPS Encryption: All data in transit protected with TLS 1.2+
  • Password Hashing: bcrypt with salts, passwords never stored in plain text
  • Session Tokens: Encrypted, time-limited, auto-expire after inactivity
  • Access Control: Only authorized staff access your data, and only when necessary
  • Breach Notification: You'll be notified within 30 days if your data is breached

Want the full legal details?

Privacy PolicyTerms of ServiceData Deletion