Privacy Policy

Last updated: February 28, 2026

Privacy Priority: We are committed to protecting your privacy. This policy explains exactly what data we collect, why we collect it, how we protect it, and your rights over your information. We do not sell your personal data or share it with third parties for marketing purposes.

1. Overview and Commitment

DebtTrack is a personal debt and ledger tracking application designed for individuals to manage informal loans and financial obligations with contacts. We are committed to maintaining the highest standards of data privacy and security. Our privacy practices are built on these principles:

  • We collect only data necessary to operate the service
  • We never sell your personal data to third parties
  • We do not track you across websites or use your data for advertising
  • We provide you complete control over your information
  • We maintain industry-leading security standards

2. Information We Collect

We collect only the following categories of information necessary to provide DebtTrack:

  • Account Information:
    • Email address (required for login and account recovery)
    • Display name (optional user profile information)
    • Password hash (never stored in plain text)
    • Preferred currency selection
  • Transaction and Financial Data:
    • Transaction records (amounts, dates, currencies, descriptions, notes)
    • Contact names and identifiers for linked users
    • Debt and balance calculations (derived from transactions)
    • Settlement and payment records
  • Payment Information (Optional):
    • Payment method details (if you choose to share payment info with contacts)
    • Bank account references (if you choose to add them)
    • Payment provider details (if you provide mobile money or other payment methods)
    • Reference codes or payment notes
  • Analytics and Usage Data:
    • Device ID (stored locally and maintained for analytics)
    • Country or region (derived from IP geolocation)
    • IP hash (non-reversible hash for privacy)
    • Visited pages and timestamps
    • Feature usage patterns (aggregated, non-personal)
    • Error logs and performance metrics
  • Contact and Support Communication:
    • Contact form submissions (name, email, message content)
    • Email support correspondence
  • Cookies and Local Storage:
    • Session tokens (encrypted, for authentication)
    • Theme preference (light/dark mode)
    • Device identifiers (local storage only)
    • Analytics consent preferences

We explicitly DO NOT collect: credit scores, bank account numbers (unless voluntarily shared), biometric data, location data beyond geolocation, or browsing history outside of DebtTrack.

3. How We Use Information

We use the information we collect for specific, legitimate purposes:

  • Service Operation: Providing core application features (account management, transaction tracking, balance calculations, contact management, real-time synchronization across devices)
  • Security and Fraud Prevention: Authentication and login verification, detecting and preventing unauthorized access, monitoring for fraudulent activity, enforcing account security policies
  • Service Improvement: Analyzing aggregated usage patterns (never linked to individuals), identifying bugs and performance issues, developing new features based on usage insights, optimizing user experience
  • Communication and Support: Responding to support requests, sending important announcements (service updates, security alerts), billing inquiries
  • Legal Compliance: Responding to lawful legal requests (court orders, subpoenas), enforcing our Terms of Service, preventing illegal activity, protecting our legal rights
  • Payment Information Sharing: If you voluntarily add payment information to your profile, we store it to allow you to share it with linked contacts. Each contact can only view payment details you explicitly authorize.

We do NOT use your data for: marketing or advertising, selling to third parties, profiling or behavioral analysis, cross-site tracking, or any purpose other than those listed above.

4. Data Retention and Deletion

  • Active Accounts: Your personal data, transaction records, and ledger information are retained for as long as your account is active and needed to provide the service.
  • Account Deletion: When you delete your account, all personal and transaction data associated with your account is permanently deleted within 24 hours. Deleted data becomes unrecoverable.
  • Linked User Data: If you have linked accounts with other users, the financial records between you may be visible to linked users even after you delete your account, as they maintain their own records. We cannot delete their copy of shared records.
  • Aggregated Analytics: Aggregated, non-personal analytics data (country, feature usage patterns) may be retained indefinitely for service improvement, but this data cannot be linked to any individual.
  • Legal Retention: We may retain certain data as required by law, including records needed for fraud prevention, tax compliance, or legal disputes. Such data is retained only as long as legally required.
  • Backup Retention: Backup copies of deleted data may exist for up to 30 days for disaster recovery purposes before permanent deletion from all systems.

5. Data Security and Encryption

We implement comprehensive security measures to protect your data:

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using HTTPS (TLS 1.2 or higher). This prevents interception of your data.
  • Encryption at Rest: Sensitive data stored on our servers is encrypted using industry-standard AES-256 encryption and stored on secure, access-controlled servers.
  • Password Security: Passwords are never stored in plain text. We use strong cryptographic hashing algorithms (bcrypt) combined with salted hashes to ensure even we cannot see your password.
  • Session Management: Session tokens are encrypted, time-limited, and securely stored in local browser storage. Sessions automatically expire after a period of inactivity.
  • Access Control: Access to your data is restricted to authorized personnel only and requires authentication. Employees access data only when necessary for support or service operations.
  • Regular Security Audits: We conduct regular security reviews and testing to identify and address vulnerabilities. Third-party security assessments are performed periodically.
  • Data Breach Notification: In the event of a confirmed data breach affecting your personal information, we will notify you within 30 days or as required by applicable law, along with details of what was accessed and steps you should take.
  • No Payment Processing: We do not process actual financial transactions or store payment card data. Payment information you choose to share is stored as text only for reference purposes.

6. Your Privacy Rights and Control

You have the following rights over your personal information:

  • Right to Access: You can view, download, and export all your personal data and transaction records at any time through the DebtTrack app or by requesting an export.
  • Right to Correction: You can update, modify, or correct your profile information, transaction details, and other data you control within the app.
  • Right to Deletion: You can request permanent deletion of your account and all associated personal data. Deletion is processed within 24 hours. See our Data Deletion page for detailed instructions.
  • Right to Data Portability: You can request a copy of your data in a portable, machine-readable format (JSON, CSV) to transfer to another service.
  • Right to Object: You may object to certain uses of your data by contacting us. We will stop non-essential processing unless we have a compelling legal reason to continue.
  • Right to Restrict Processing: You can request that we limit how we use your data for certain purposes while we verify your requests or investigate disputes.
  • Right to Lodge a Complaint: If you believe we have violated your privacy rights, you have the right to file a complaint with your local data protection authority.
  • Right to Withdraw Consent: If you have provided consent for specific data uses, you can withdraw that consent at any time.
  • Right to Know What Linked Users See: You can view exactly what payment information and data is visible to linked contacts in your account settings.

To exercise any of these rights, please contact us at debttrackpro@gmail.com and we will respond within 30 days.

7. Third-Party Services and Integrations

DebtTrack integrates with limited third-party services for specific functions:

  • Google OAuth Authentication: If you sign up using Google, we receive your email address and basic profile information from Google. You may control what Google shares with us through your Google account settings.
  • Email Services: We use third-party email providers to send password reset emails, account notifications, and support responses. These emails are not routinely monitored and are subject to the email provider's privacy policies.
  • Currency Exchange Data: We use publicly available currency exchange rate APIs to provide accurate multi-currency conversion. No personal data is transmitted to these services.
  • Analytics Services: We may use analytics services to understand aggregated usage patterns. These services process data according to their privacy policies and cannot identify you personally.

We carefully select third-party partners and require them to maintain privacy and security standards equivalent to our own. We do not allow third parties to use your data for their own marketing purposes.

8. Children's Privacy

DebtTrack is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18 years old. If you are under 18, please do not use our service. If we become aware that we have collected personal data from someone under 18, we will take immediate action to delete that information and may terminate the account. If you believe a child under 18 has provided us with personal data, please contact us immediately at debttrackpro@gmail.com for prompt removal.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, and other factors. When we make material changes, we will notify you by updating the "Last updated" date at the top of this policy and, if necessary, by sending you a notification or requiring explicit consent for certain changes.

Your continued use of DebtTrack after any modifications to this Privacy Policy constitutes your acceptance of the updated policy. We encourage you to review this policy regularly to stay informed about how we protect your information.

10. Contact Us

For privacy questions, concerns, requests to exercise your rights, or to report a data breach, please contact us at:

Email: debttrackpro@gmail.com
Website: https://debttrack.onrender.com

We will respond to all privacy inquiries within 30 days. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.