Privacy Policy

DebtMirror ("we," "us," or "our") is an independent financial tools platform accessible at debtmirror.co. We provide debt tracking, subscription auditing, and AI-assisted financial analysis tools. We are not a bank, credit union, financial advisor, or registered investment advisor.

Contact: [email protected]

**Account information.** When you register, we collect your email address, a hashed password, and your optional display name.

**Financial data you enter.** Debt balances, interest rates, minimum payments, and subscription details that you voluntarily input into the platform. This data is stored securely associated with your account.

**Usage data.** Basic server logs including IP address, browser user-agent, pages visited, and timestamps. We use this data solely for debugging and service reliability.

**Payment information.** If you subscribe to a paid plan, payment is processed by Stripe, Inc. We never see or store your full card number. We store only the Stripe Customer ID and subscription status necessary to manage your account.

**AI conversation data.** Messages you send to the AI advisor are forwarded to Groq, Inc. (our AI inference provider) for processing. Messages are not permanently stored by us beyond server access logs.

- **Provide the service**: store and display your financial data as you expect - **Authentication**: verify your identity on login - **Transactional email**: send account verification links, password reset links, and billing confirmations to your email address - **Improve the platform**: understand aggregate usage patterns to fix bugs and add features - **Billing**: manage your subscription status via Stripe

We do not sell, rent, or share your personal information with third parties for marketing purposes.

| Service | Purpose | Privacy Policy | |---|---|---| | Stripe, Inc. | Payment processing | stripe.com/privacy | | Groq, Inc. | AI inference for chat advisor | groq.com/privacy | | Cloudflare, Inc. | CDN and DDoS protection | cloudflare.com/privacypolicy |

These providers may receive limited data necessary to perform their function. We require all sub-processors to maintain appropriate data security standards.

Your data is stored in a PostgreSQL database hosted on private servers that we control. All data in transit is encrypted using TLS 1.2 or higher. Passwords are never stored in plaintext: they are hashed using bcrypt with a cost factor of 12.

Access to production databases is restricted to authenticated administrators over encrypted SSH connections. No third-party analytics services (Google Analytics, Meta Pixel, etc.) are currently installed on this site.

DebtMirror uses only functional, session-based storage (localStorage and sessionStorage) required for maintaining your login session and storing your JWT access token. We do not use advertising cookies, tracking pixels, or third-party cookies.

We retain your account data for as long as your account is active. If you delete your account, all personal data (email, name, debts, subscriptions) is permanently deleted from our database within 30 days. Server access logs are retained for up to 90 days for security purposes.

You have the right to: - **Access**: request a copy of the data we hold about you - **Correction**: update inaccurate information via account settings - **Deletion**: request permanent deletion of your account and associated data - **Portability**: request your financial data in JSON format

To make any of these requests, email [email protected] with the subject "Data Request."

DebtMirror is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately.

We may update this Privacy Policy from time to time. When we do, we will update the "Effective" date at the top of this page. Material changes will be communicated via email to registered users.

Questions about this Privacy Policy? Email us at [email protected].