Privacy Policy

Effective February 23, 2026

1. Introduction

Debt Chisel ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and related services (collectively, the "Service"). By using the Service, you agree to the practices described in this policy.

2. Information We Collect

Account Information

When you create an account, we collect your email address and a password. Authentication is handled by AWS Cognito — we never store your password directly.

Waitlist Information

If you join our waitlist, we collect your email address via ConvertKit, a third-party email marketing platform. ConvertKit's privacy policy governs how they process your email.

Financial Information You Provide

You manually enter debt information such as creditor names, balances, interest rates, and minimum payments. We never ask for bank logins, account numbers, Social Security numbers, or credentials to any financial institution. You control exactly what data you share.

Payment Information

Pro tier subscriptions are processed by Stripe. We do not store your credit card number. Stripe handles all payment processing and is PCI DSS compliant. We receive only a Stripe customer ID, subscription status, and billing period from Stripe.

Usage Data

We may collect basic usage analytics such as pages visited, feature usage, and session duration to improve the Service. We do not use third-party advertising trackers.

3. How We Use Your Information

  • To create and manage your account
  • To generate and maintain your personalized debt payoff plan
  • To process Pro tier subscription payments via Stripe
  • To send transactional emails (account confirmation, password resets, monthly check-in reminders)
  • To improve the Service based on aggregate usage patterns
  • To provide AI-powered hybrid debt optimization for Pro users (your debt portfolio data is sent to the Anthropic Claude API for one-time analysis — no conversation history is retained)

4. What We Never Do

  • We never sell your data. Not to advertisers, data brokers, or anyone else.
  • We never access your bank accounts. No Plaid, no screen scraping, no third-party account linking.
  • We never share your individual financial data with other users or third parties for marketing purposes.

5. Data Storage and Security

Your data is stored in a PostgreSQL database hosted on Amazon Web Services (AWS) in the United States. Data is encrypted at rest and in transit (TLS). Access to production systems is restricted to authorized personnel only. While no system is 100% secure, we employ industry-standard security practices to protect your information.

6. Third-Party Services

We use the following third-party services to operate Debt Chisel:

  • AWS (Cognito, RDS, Lambda, SES, EventBridge) — authentication, database hosting, compute, email, and scheduling
  • Stripe — payment processing for Pro subscriptions
  • Anthropic Claude API — one-time AI analysis for hybrid debt optimization (Pro tier only)
  • ConvertKit — waitlist email collection

Each service processes data in accordance with their own privacy policies. We only share the minimum data necessary for each service to function.

7. Cookies

We use essential cookies for authentication and session management. We do not use advertising cookies or cross-site tracking cookies. You can disable cookies in your browser settings, but this may affect the functionality of the Service.

8. Data Retention and Deletion

We retain your account data for as long as your account is active. If you delete your account, we will permanently delete your personal data and debt information within 30 days. Some anonymized, aggregated data may be retained for analytics purposes. Stripe may retain payment records as required by law.

9. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Export your data in a machine-readable format
  • Withdraw consent for marketing communications at any time

To exercise any of these rights, contact us at privacy@debtchisel.com.

10. Children's Privacy

Debt Chisel is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, contact us at privacy@debtchisel.com.