Privacy & Data Handling

What this application is

This is a private, single-user personal-finance tool used by its owner to plan the payoff of their own debts. It is not a commercial product and has no other users. Access is restricted to a single authorized account.

Data we collect

With the owner's explicit consent through Plaid Link, the app retrieves the owner's own financial-account data — account balances, transactions, and liability details (APR, minimum payment, due date) — plus debt information the owner enters manually. No data about any other person is collected.

How we use it

Data is used solely to compute the owner's debt-payoff plan and budget within the app. It is never sold, shared, used for advertising, or processed for any purpose other than providing the app's functionality to its single user.

How we protect it

• All data is encrypted in transit using TLS 1.2 or better.
• Data is encrypted at rest (AES-256). Bank access tokens are additionally encrypted with AES-256-GCM before storage.
• The database enforces row-level security so records are accessible only to their owner.
• Access requires Google sign-in, a single-user allowlist (fails closed), and an app PIN lock; multi-factor authentication is enabled on all administrative systems.

Service providers

The app relies on Plaid (bank connectivity), Supabase (database & authentication), and Vercel (hosting). Each is a managed provider with its own security and privacy practices.

Data retention & deletion

Data is retained only while the owner's account is active. The owner can export all data (CSV/JSON) at any time and can delete their data from within the app; disconnecting a bank removes the stored access token immediately. This policy is reviewed periodically.

Consent

The single user consents to the collection, processing, and storage of their own data by using the app, and grants bank-connection consent explicitly through Plaid Link.

Contact

Questions: loweryster@gmail.com