Privacy · no cardboard edition

How we touch your data (and where we refuse to)

DebtEase needs real numbers to be useful—we don't need drama, resale side-hustles, or mystery third-party treasure hunts with your loan mix. Below is our full Privacy Policy: plain structure, indie operator (Mihir, India), reachable at mihir@debtease.app.

Effective date: 17 May 2026

Last updated: 17 May 2026


First: thanks for trusting a small tool with big numbers

Your money story is sensitive. DebtEase asks for digits and context so charts and simulations mean something—not so we can build a dossier for advertisers or whisper your EMI schedule to strangers.

This Privacy Policy is the boring-but-important map of what we collect, why we keep it, who might see it anyway (hint: infra + law, not shady data brokers), and what you can ask us to do about it.

If reading policies usually feels like chewing cardboard: skim the headings, linger where you’re curious, and email Mihir anytime at mihir@debtease.app. Legitimate indie shop—feedback actually arrives in one inbox.

By using DebtEase, you agree to the practices described here (alongside our Terms of Service).


1. Who we are

DebtEase is a financial wellness and debt-awareness product built by Mihir, an independent developer based in India.

Throughout this Policy, “DebtEase”, “we”, “our”, or “us” means the folks operating the service (which, practically, rounds to a small founder-sized team—even when we sound corporate in plural form).

DebtEase focuses on clarity: debt structure, cashflow sensitivity, hypothetical stress sketches, repayment visibility—not lending decisions, brokerage, or spooky default prophecies.


2. What this Policy covers

This document explains:

  • what information enters the system
  • how we use it to run calculators, dashboards, and simulations
  • how we secure and retain it
  • when we’d share it (rare-ish, enumerated)
  • how you can exercise access, correction, export, deletion, and questions

It doesn’t magically replace localized privacy laws—you may have additional rights depending on where you live. If there’s tension between this Policy and what the law says, the law wins (and please tell us if you think we drifted—we fix things).


3. Information you give us on purpose

Account basics

When you sign up or authenticate, we may collect things like:

  • name
  • email address
  • login identifiers tied to whichever auth mechanism we wired up
  • authentication artifacts (properly salted/hashed passwords or tokens—we’re not scribbling plaintext passwords on sticky notes)

Financial inputs & snapshots

You choose what to enter. That might include fields such as:

  • income (monthly/other)
  • fixed and discretionary expenses
  • debt balances
  • EMI amounts, tenure, interest hints you supply
  • rough repayment timelines or histories you log
  • savings / rainy-day funds
  • contextual tags (loan types, card vs personal loan, dependents count—you name it)

These pieces often assemble into structured snapshots, debt lists, onboarding answers, repayment notes—whatever the product needs so your view isn’t hallucinated fiction.

Simulations & “what-if” runs

Stress simulations and scenario calculators may store:

  • the inputs you chose for a run
  • derived outputs consistent with deterministic rules

Some flows may crunch numbers ephemerally and never park the full worksheet in durable storage—we’ll still say “may” because implementation evolves during alpha/beta.


4. Information we collect automatically

To keep the lights on (and crashes down), modest technical telemetry routinely exists:

  • device/browser/OS flavor
  • IP address
  • timestamps
  • coarse usage cues (clicked feature X, hit error Y—often aggregated)
  • diagnostic logs stripped or minimized wherever practical

Nobody loves IP logs—we use them sparingly for security/abuse arcs, not voyeur tours.


5. How we use everything (the actual purpose ledger)

Typical lawful purposes include:

  • creating and guarding your account
  • rendering analyses, dashboards, resilience cues, amortisation math
  • running deterministic policy engines powering “health-style” overlays that are informational —not credit underwriting
  • offering hypothetical shocks so you rehearse—not predict—the future
  • debugging reliability, patching bugs faster than folklore spreads
  • monitoring for abuse/scraping shenanigans
  • improving onboarding flows via anonymised or aggregated learnings

We aim to minimise surprise uses. Fancy AI training on your ledger line-items? Not the default plan—silence ≠ consent for unrelated experiments.


6. Automated processing ≠ judgment day

Engines may chew your voluntary numbers to spit out:

  • financial health-ish indicators tied to resilience framing
  • stress sensitivity thumbnails
  • debt fragmentation lenses
  • repayment visibility helpers

Reminder (because regulators like repetition):

  • these outputs aren’t canonical credit scores
  • they aren’t lending approvals/denials
  • they aren’t probability-of-default oracle cards

They’re consistent arithmetic costumes on your volunteered stage.


7. The “we don’t monetise your misery” aisle

DebtEase doesn’t pursue these business clichés:

  • selling raw financial profiles
  • vending contact lists for random ad brokers
  • packaging your debt mix as a lead-gen buffet for unnamed lenders
  • generating bureau-style underwriting scores meant for external creditor decisions

If we pivot later (honesty clause), we refresh this Policy conspicuously beforehand rather than ninja-editing paragraphs at 3 a.m.—that’s rude.


8. Sharing (narrow hallways only)

Processors who actually help operate

Hosting, databases, auth vendors, transactional email pipes, uptime monitors—they process data strictly to deliver DebtEase-shaped functionality, ideally under sane confidentiality guardrails modern platforms expect.

Legal backbone moments

Courts, regulators, subpoenas—not Pokémon cards. If lawful, narrowly tailored requests arrive, we respond responsibly and proportionally—not performative leaks.

Business transfers

If DebtEase merges, reorganises, sells assets, successor entities may steward data consistent with successor privacy promises (we’ll trumpet material changes plainly).

Outside those lanes: no promiscuous financial data yard sales.


9. Storage & security (honest-human edition)

Measures we reach for commonly include HTTPS, password hashing hygiene, partitioned access concepts, infra vendors with reputations brighter than floppy disks—but perfect security exists only in marketing fairy tales.

Do your side: unique passwords, don’t authenticate on shady café Wi‑Fi heroes without VPN common sense.


10. Retention: not hoarding glitter

We keep data:

  • while your account thrives and revisits dashboards
  • as long needed for auditing, lawful duties, unresolved disputes
  • in truncated backup/log forms for finite windows—even after deletion choreography finishes

Stale experiments may vanish sooner—retention evolves as product exits alpha awkwardness.


11. Your rights & dignity controls

Depending on geography and practicality, you can often request:

  • access / export of structured personal data packs
  • correcting obvious typos harming your dashboards
  • account closure + substantive deletion arcs
  • human explanation if something refuses to delete instantly (sometimes logs obey physics more than vibes)

Ping Mihir at mihir@debtease.app with plain-language requests—we’re not burying tickets behind enterprise portals.

Identity checks may precede nuking accounts so random strangers cannot grief-delete you.


12. Account deletion (what disappears vs echoes)

Deleting doesn’t teleport every neutron immediately:

  • live profile + primary financial artefacts usually go bye-bye on successful pipeline
  • security/fraud footprints, taxed logs, invoicing breadcrumbs may persist briefly—or longer if law demands
  • aggregates scrubbed free of identifiable glitter may linger in analytics oblivion

We’ll articulate blockers plainly if deletion hits a snag so you aren’t existential-pinging in suspense.


13. Analytics & product anthropology

Understanding funnels beats guessing. We analyse:

  • which screens confuse mortals
  • crash fingerprints
  • load-time tantrums
  • macro engagement heatmaps devoid of microscopic bank balance gossip where feasible

Prefer pseudo-anonymous tallies whenever engineering allows.


14. Cookies, tokens, offline-ish storage

DebtEase-ish surfaces may stash:

  • authentication/session tokens
  • preference crumbs
  • security sentinels
  • intermittent local browser storage for snappy UX

You can sabotage cookies—some features politely protest and stop cooperating.


15. Children

DebtEase expects users 18+. We aren’t knowingly building playground debt simulators—if minors slip through inadvertently, revoke access and yell at mihir@debtease.app so we rectify.


16. International processing reality

Infrastructure vendors host bits across regions; cross-border hops may occur. Continuing to use DebtEase signifies awareness that processing may transcend your apartment’s postal radius when legally permissible.

India remains operational home base for us—outside transfers still deserve sensible safeguards—not duct tape diplomacy.


17. When this Policy mutates

We edit when features, stacks, laws, paranoia tiers shift. Revised versions post here; materially spicy changes merit clearer signalling (banner, email for registered users—we’ll act proportionately to the churn).

Continuing after updates implies reading responsibility on you—we’ll still aspire to humane diff summaries when chaos isn’t mid-outage panic.


18. Contact (yes, reachable)

Name: Mihir

Email: mihir@debtease.app

Role: Independent developer / operator

Location: India

Security disclosures, privacy meltdowns, philosophical debates about amortisation UX—welcome.


19. Straightforward consent recap

Choosing DebtEase means you understand we:

  • ingest voluntary personal + financial fields you supply
  • run deterministic computations + hypothetical simulations on them
  • store snapshots / logs as outlined
  • rely on tooling vendors under operational necessity

You can revoke participation by deleting and walking away—even if echoes persist briefly as described.


20. Financial privacy mic-drop

DebtEase illuminates structural storytelling about money pressure—it never becomes:

  • authoritative creditworthiness scoring for external lenders
  • automated yes/no lending verdicts wrapped in teal gradients
  • guarantee certificates about future repayment
  • probability engines claiming clairvoyance

Treat outputs as scaffolding for thought, spiced with scepticism and accountants when stakes skyrocket.


Thanks for staying curious—not complacent—with your privacy. If we mess up transparency, flag it—we’d rather iterate Policy tone than prestige-laundering silence.