DP
Debt Planner
Get Started

Data Security & Storage

Last Updated: January 2025

🔒 Your Security is Our Top Priority

We understand that you're trusting us with your most sensitive financial information. That's why we've built our security approach on trusted enterprise platforms and industry-standard practices.

🏛️

Enterprise Security

🔐

HTTPS Encryption

🗑️

No Permanent Storage

1. How We Handle Your Financial Data

1.1 Temporary Processing Model

⚡ Process → Analyze → Delete

Your bank statements and transaction data are processed in memory only. Once our AI completes the analysis and generates your debt plan, all raw financial data is immediately and permanently deleted from our systems.

1.2 What We Never Store

  • Raw Bank Statements: Uploaded files are processed in memory only, never saved
  • Account Numbers: May be temporarily processed but never permanently stored
  • Social Security Numbers: Not required for our service
  • Banking Credentials: Never collected or required
  • Personal Identifiers: Scrubbed from data before AI analysis when possible

1.3 What We Do Store

  • Account Preferences: Your chosen debt payoff strategy and goals
  • Calculated Results: Your personalized debt elimination timeline
  • Anonymized Analytics: Aggregated, non-identifiable usage patterns
  • User Profile: Email, name, and account settings (via Clerk)

2. Encryption and Data Protection

🔐 Data in Transit

  • HTTPS Encryption: All connections encrypted via Vercel
  • Security Headers: X-Frame-Options, X-XSS-Protection, etc.
  • Secure Transmission: API calls to OpenAI over encrypted channels
  • Modern Protocols: TLS encryption handled by Vercel infrastructure

🏗️ Data at Rest

  • No Persistent Storage: Raw financial data is not stored
  • User Preferences Only: Only debt strategies and results are saved
  • Clerk Security: User authentication data protected by Clerk's encryption
  • Vercel Infrastructure: Hosted on secure, encrypted infrastructure

2.1 Infrastructure Security

  • Cloud Security: Hosted on Vercel's enterprise-grade infrastructure
  • Network Security: Automatic HTTPS, security headers, and DDoS protection via Vercel
  • Access Controls: Multi-factor authentication via Clerk
  • Edge Network: Global CDN with built-in security features
  • Code Security: Dependency scanning and automated security updates

3. Third-Party Security Standards

3.1 Current Integrations

🔐 Clerk (Authentication)

  • • Enterprise-grade authentication service
  • • Privacy-focused user management
  • • Multi-factor authentication support
  • • Secure session management

🤖 OpenAI (External AI Processing)

⚠️ External Data Processing Notice

Your financial transaction data is sent to OpenAI's servers for AI analysis.

  • • Uses various GPT models (GPT-4o, GPT-4.1-mini, etc.) for transaction categorization
  • • Complete transaction data (amounts, descriptions, dates) sent to external AI service
  • • Data processed temporarily by OpenAI according to their data usage policies
  • • Encrypted API communication with OpenAI servers
  • • No permanent storage of transaction data on our systems

☁️ Vercel (Hosting)

  • • Enterprise-grade cloud platform
  • • Privacy-focused infrastructure
  • • Automatic HTTPS and security headers
  • • Edge network with DDoS protection

4. Compliance and Certifications

🌍 Privacy Approach

  • GDPR-Aligned - Minimal data collection and processing
  • CCPA-Aligned - No sale of personal information
  • Data Minimization - Process only what's necessary

🏛️ Security Standards

  • Enterprise Platforms - Using secure, trusted services
  • No Payment Processing - Simplified security model
  • Data Minimization - No permanent financial data storage

4.1 Security Practices

  • Dependency Scanning: Automated security vulnerability scanning
  • Code Reviews: All code changes are reviewed for security issues
  • Security Updates: Regular updates to dependencies and frameworks
  • Infrastructure Security: Leveraging Vercel and Clerk's security measures
  • Incident Response: Clear procedures for handling security concerns

5. Access Controls and Monitoring

5.1 Who Can Access Your Data

  • 🙋‍♂️ You: Full access to your account and any stored preferences/results
  • 🤖 Automated Systems: Temporary access during analysis (deleted immediately)
  • 👨‍💼 Support Team: Limited access only when you request help (with your permission)
  • ⚖️ Legal Requirements: Only as required by valid legal process
  • ❌ Marketing/Sales: No access to your financial data
  • ❌ Third Parties: No access without your explicit consent

5.2 Monitoring and Logging

  • Basic Application Logs: Console logging for debugging and error tracking
  • Platform Monitoring: Vercel provides infrastructure monitoring and alerts
  • Authentication: User activity tracked through Clerk's systems
  • Simple Processing Logs: Basic logging during data processing
  • Third-Party Monitoring: Relying on Vercel and Clerk monitoring capabilities

6. Incident Response and Recovery

6.1 Security Incident Approach

Our incident response relies on platform-level security measures and established procedures:

  • Vercel Platform Security: Infrastructure-level incident detection and response
  • Clerk Security Team: Authentication and user data incident handling
  • Minimal Data Exposure: No persistent financial data reduces incident impact
  • Transparent Communication: Users informed of any significant security events
  • Continuous Improvement: Regular updates based on security best practices

6.2 Service Reliability

  • Global Infrastructure: Vercel's global edge network for reliability
  • Automatic Scaling: Serverless functions scale with demand
  • Minimal Data Loss Risk: No persistent financial data means no data to lose
  • Service Status: Transparent communication about any service issues

7. Your Security Responsibilities

🤝 We're Partners in Security

While we handle the technical security, you play a crucial role in protecting your account:

  • Strong Passwords: Use unique, complex passwords
  • Two-Factor Authentication: Enable 2FA on your account
  • Secure Devices: Keep your devices updated and secure
  • Safe Networks: Avoid using public Wi-Fi for financial data
  • Regular Reviews: Monitor your account for unusual activity
  • Phishing Awareness: We'll never ask for passwords via email

8. Transparency and Communication

8.1 Security Updates

We believe in transparency. We will inform you about:

  • Security incidents that may affect your data
  • Changes to our security practices
  • Updates to our data handling procedures

8.2 Security Questions?

Have questions about our security practices? Contact us:

  • Security Concerns: Create an issue on our GitHub repository
  • General Support: Contact via our support channels
  • Responsible Disclosure: Please report security vulnerabilities privately
  • Privacy Questions: Review our Privacy Policy for detailed information