OwedLessBack to home

Privacy Policy

Last updated: April 2026

OwedLess ("we", "our", "us") operates the owedless.com website and application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Information We Collect

Information You Provide

  • Account information — Your name, email address, and password when you create an account.
  • Financial data you enter — Debt names, balances, interest rates, minimum payments, payment history, and related information you manually input into the application. We do not connect to your bank accounts or financial institutions.
  • Payment information — When you subscribe to OwedLess+, your payment is processed by Stripe. We do not store your credit card number, expiration date, or CVV. Stripe handles all payment data under their own privacy policy.
  • Communications — If you contact us for support, we retain the correspondence.

Information Collected Automatically

  • Usage data — Pages visited, features used, and general interaction patterns to improve the service.
  • Device information — Browser type, operating system, and screen size for ensuring compatibility.
  • Cookies — We use essential cookies only for authentication (keeping you logged in). We do not use advertising or tracking cookies.

How We Use Your Information

  • To provide, operate, and maintain the OwedLess application
  • To calculate your debt payoff projections and generate your payoff roadmap
  • To process your subscription payments through Stripe
  • To send you account-related emails (confirmation, password reset, subscription updates)
  • To send optional notification emails if you opt in (payment reminders, milestone celebrations)
  • To improve our service based on how features are used
  • To respond to your support requests

How We Protect Your Data

  • Encryption in transit — All data is transmitted over HTTPS/TLS.
  • Encryption at rest — Your data is stored in Supabase, which encrypts data at rest using AES-256.
  • Row-level security — Database policies ensure that each user can only access their own data. Even in the event of a database vulnerability, one user cannot access another user's information.
  • No bank connections — We never ask for or store your bank login credentials, account numbers, or routing numbers. All financial data in OwedLess is manually entered by you.
  • Password security — Passwords are hashed using bcrypt. We cannot see or recover your password.

Data Sharing

We do not sell, rent, or trade your personal information. We share data only with the following service providers who are necessary to operate OwedLess:

  • Supabase — Database hosting and authentication (SOC 2 compliant)
  • Stripe — Payment processing (PCI DSS Level 1 compliant)
  • Vercel — Application hosting (SOC 2 compliant)
  • Resend — Transactional email delivery (if you opt in to notifications)

Each provider processes data only as necessary to perform their service and under their own privacy policies.

Data Retention

We retain your data for as long as your account is active. If you delete your account (available in Settings), we permanently delete all your data including debts, payments, strategies, snapshots, and profile information. This action is irreversible.

If you simply stop using OwedLess without deleting your account, your data remains stored securely but inactive.

Your Rights

You have the right to:

  • Access — View all data associated with your account at any time within the application, or export it as CSV.
  • Correct — Edit any information you have entered.
  • Delete — Delete individual debts and payments, reset all data for a scenario, or permanently delete your entire account.
  • Export — Download your debts and payoff schedule as CSV files.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and California Privacy Rights Act:

  • Right to know — You can request a summary of the personal information we have collected about you.
  • Right to delete — You can request deletion of your personal information. Use the "Delete account" feature in Settings or contact us.
  • Right to opt out of sale — We do not sell your personal information to third parties. We have never sold user data and have no plans to do so.
  • Non-discrimination — We will not discriminate against you for exercising your privacy rights.

To exercise these rights, use the in-app features (export, delete) or contact us at the address below.

Children

OwedLess is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice in the application. Your continued use of OwedLess after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

Email: privacy@owedless.com