Privacy Policy

Last updated: April 30, 2026

At debt.express, we take your privacy seriously. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

1. Information We Collect

Account Information

When you register, we collect your email address, password (hashed), and organization details. We also store session cookies to keep you logged in.

Agreement Data

You provide loan/lease terms, party information, and payment records. This data is encrypted at rest and only accessible to authorized parties.

Usage Data

We collect basic analytics (page views, feature usage) to improve the service. This data is aggregated and anonymized where possible.

2. How We Use Your Information

To provide and maintain the service
To authenticate users and secure accounts
To send transactional emails (payment confirmations, invitations)
To improve our product and user experience
To comply with legal obligations

3. Cookies and Tracking

We use essential cookies for authentication and session management. We use analytics cookies to understand usage patterns. You can manage cookie preferences through our cookie consent banner.

4. Data Sharing

We do not sell your personal data. We share data only with:

Cloudflare (hosting and database)
Resend (transactional email delivery)
Other parties to an agreement (with your permission)

5. Data Security

We use industry-standard security measures: PBKDF2 password hashing, encrypted sessions, HTTPS everywhere, and parameterized database queries. All ledger entries have unique idempotency keys to prevent data corruption.

6. Your Rights

Depending on your jurisdiction, you may have rights to:

Access your personal data
Correct inaccurate data
Delete your account and data
Export your data
Object to certain processing

7. Data Retention

We retain your data while your account is active. When you delete your account, we remove personal data within 30 days, though anonymized analytics may be retained. Financial records may be retained longer where required by law.

8. Children's Privacy

debt.express is not intended for users under 18. We do not knowingly collect data from children.

9. Changes to This Policy

We may update this Privacy Policy. Significant changes will be notified via email or prominent notice on our website.

10. Contact Us

For privacy-related questions or data requests, contact us at privacy@debt.express.