What happens at the end of year one?

We'll ask — no silent charges, ever. If you say yes, it's $29/yr to keep going. If you don't, the plan is for accounts to go read-only (your data stays put and stays exportable; nothing is deleted).

We do one thing — get you out of debt, fast — and charge what it costs to run, including the AI calls and paystub parsing that aren't free on our side.

Is my financial data sold or used to train AI?

No. Entry is manual — no bank credentials, no data resale, no ads. Your numbers never train AI models.

Privacy Policy — Debt Engine

Plain-English version: Debt Engine is manual entry only. We don’t connect to your bank, don’t sell your data, and don’t track you around the web. We store the numbers you type so the strategy can compute, and that’s about it.

This Privacy Policy explains what personal information Debt Engine (“we”, “us”) collects, how we use it, who we share it with, and the choices you have. It applies to the Debt Engine website and web application (the “Service”).

1. What we collect

Account information

When you sign up, we collect your email address and a password hash (via our authentication provider). If you sign in with Google, we additionally receive your name, email, and profile image from Google. We do not receive your Google password.

Financial data you enter

Debts, bills, income sources, accounts, payments, goals, categories, side hustles, and income events you add to the app are stored so the Service can show them back to you and run the strategy math. We do not ask for and do not store:

Social Security or taxpayer identification numbers;
Full credit-card numbers (optional last-four digits only);
Bank account or routing numbers;
Login credentials for other financial institutions.

We do not connect to your bank. We do not use Plaid, Finicity, MX, or any aggregator. There is no transaction sync.

Usage & diagnostic data

We record minimal server logs (timestamps, route, anonymized user id, error codes) for security, abuse prevention, and debugging. We do not use third-party analytics or advertising trackers. We do not set advertising cookies. The only browser storage we use is (a) a session cookie required for authentication and (b) local storage for your theme preference and which shared account you’re currently viewing.

2. How we use it

To provide the Service to you — rendering your dashboard, running the strategy math, and storing changes you make;
To authenticate you and keep your session secure;
To enforce rate limits (e.g. a daily cap on AI advisor calls) and prevent abuse;
To comply with legal obligations.

We do not sell your personal information. We do not share it for targeted advertising. We do not profile you for third parties.

3. The AI advisor (optional)

If you opt in to the AI advisor, here is exactly what happens when you ask a question:

Your question text is sent to our model provider (currently Anthropic).
A summary of your financial picture is sent with it. Before it leaves our servers, we redact the names you chose (e.g. “Chase Sapphire” becomes “Debt 1”, “Microsoft” becomes “Income Source 1”). The model sees types, APRs, balances, deadlines, and totals — enough to give advice, but not the names of your lenders, employers, or accounts.
When the model’s response comes back, our server swaps the generic labels for your real names before you see it.
Anthropic processes this data under its commercial API terms. We do not control Anthropic’s retention. Do not enter free-text questions that contain information you wouldn’t want logged by a third party.

You can disable the advisor and revoke consent at any time from Settings.

4. Who we share data with

We use a small number of subprocessors to run the Service:

Convex — hosts our database and backend functions. Your data is encrypted at rest and in transit.
Netlify — serves the static web app.
Google — only if you choose “Sign in with Google”; Google handles authentication.
Anthropic — only if you opt into the AI advisor; receives redacted summaries (see above).

We will disclose personal information to law enforcement only when required by a valid legal process, and will push back on overbroad requests where lawfully possible.

If Debt Engine is ever acquired or merges with another company, your data may transfer as part of that transaction; any successor is bound by commitments at least as protective as this Policy.

You can invite another user (spouse, accountant, partner) to view or edit your data. Once accepted, they can see everything you see in the scope of that grant. You control who has access and can revoke it at any time from Settings.

6. Retention & deletion

We keep your data as long as your account is active. If you delete your account (Settings → delete), we purge your authentication identity and all personal records (debts, bills, income, accounts, payments, goals, payment history, side hustles, income events, categories, preferences, uploaded photos, and any outgoing share grants) from the production database. Server logs are retained for up to 30 days for security and diagnostic purposes.

7. Security

We use HTTPS everywhere, encrypt data at rest, hash passwords (we never see them), and enforce per-user authorization on every query and mutation. We apply a strict Content Security Policy, rate-limit the AI advisor per user, and validate inputs on the server. No system is ever perfect; if you believe you’ve found a vulnerability, email security@debtengine.app before disclosing publicly.

8. Your rights

Depending on where you live, you may have rights under privacy laws such as the GDPR (EU/UK), CCPA/CPRA (California), or similar. These typically include the right to access, correct, export, or delete your personal information, and to object to certain processing. Because we hold almost nothing beyond what you voluntarily enter, most of these requests map directly to features already in the app:

Access / correct: view and edit anything from the app itself.
Delete: Settings → delete account.
Export: email privacy@debtengine.app and we will send you a JSON dump of your records.
Opt-out of AI processing: revoke consent in Settings (the advisor simply stops working).

9. Children

Debt Engine is not intended for anyone under 18. We do not knowingly collect information from children. If you believe a child has given us data, contact us and we will delete it.

10. International users

Our infrastructure is hosted in the United States. If you access the Service from outside the U.S., you acknowledge that your information will be processed in the U.S., which may have different data protection laws than your jurisdiction.

11. Changes to this Policy

If we make material changes, we will post the updated Policy with a new effective date and, for active users, make reasonable effort to notify you in-app or by email before the change takes effect.

12. Contact

Privacy questions or requests: privacy@debtengine.app.

1. What we collect

Account information

Financial data you enter

Usage & diagnostic data

2. How we use it

3. The AI advisor (optional)

4. Who we share data with

5. Sharing your account with another person

6. Retention & deletion

7. Security

8. Your rights

9. Children

10. International users

11. Changes to this Policy

12. Contact