Datenschutzerklärung (Privacy Policy)
Last Updated: August 19, 2025
1. Introduction
Welcome to DebtPath. Your privacy is of the utmost importance to us. This Privacy Policy outlines the nature, scope, and purpose of our data processing activities. Our service is designed with the principle of "privacy by design", aiming to collect the absolute minimum information necessary to provide our debt payoff planning tool.
2. Data Controller
The party responsible for the processing of data ("the controller") in accordance with the General Data Protection Regulation (GDPR) is:
Cagatay Ünlü c/o PURE4U GbR
Amtstraße 22
44575 Castrop-Rauxel
Germany
Email: cagatay@cagatay.io
For legal information about the operator of this website, please see our Impressum.
3. Overview of Data Processing Activities
The following is a summary of the data we process, the purpose, and the legal basis for doing so.
| Type of Data | Purpose of Processing | Legal Basis (Art. 6 GDPR) |
|---|---|---|
| Debt & Plan Data (Debt names, balances, interest rates, strategy) | To create, calculate, and save your debt payoff plan at your request. | Art. 6(1)(b) GDPR - Performance of a contract. |
| Anonymous Usage Data (e.g., page visits, feature usage) | To analyze and improve the functionality and user experience of our service. | Art. 6(1)(a) GDPR - Your consent. |
We do not collect any Personally Identifiable Information (PII). We do not ask for, store, or track your real name, email address, physical address, or phone number.
4. Detailed Data Processing Information
a) Creating a Debt Payoff Plan
When you provide your debt information (unstructured text), it is processed by our in-house parsing engine on our server to create a structured plan. The initial text is discarded immediately after processing. Your structured debt and plan data is never sent to any third-party AI service like OpenAI. Our hosting provider is Vercel, with data processing occurring within the EU.
b) Saving a Debt Payoff Plan
If you choose to save your plan, the anonymous, structured data is stored in our Supabase database (hosted in the EU). This data is associated only with a randomly generated, non-guessable "magic link" ID (UUID). We have no way of linking a saved plan back to an individual person.
c) Data Retention
Saved plans are stored indefinitely in our database unless you manually delete them using the "Delete" button on your plan page. If you lose your "magic link", we have no way to identify or recover your data, and it will remain stored anonymously on our servers.
5. Third-Party Services (Data Processors)
We use specialized third-party services to operate and improve our application. These data processors are bound by data processing agreements.
- Supabase: Used for database hosting. All plan data is stored anonymously within Supabase's EU data centers. For more information, please see the Supabase Privacy Policy.
- PostHog: Used for product analytics, but only if you provide explicit consent. All data is aggregated and anonymized, and we do not send any specific financial details you enter. For more information, please see the PostHog Privacy Policy.
6. Use of Cookies
Our application's core functionality does not require cookies. If you consent to analytics, PostHog will set first-party cookies to anonymously analyze user sessions. You can withdraw your consent at any time.
7. Your Rights as a Data Subject (GDPR)
As a user, you have the following rights under the GDPR. However, please note that since we do not store any personal data, the practical application of some of these rights is limited.
- Right to Access (Art. 15 GDPR): You can access your data at any time using your unique "magic link." We have no other way to provide you with your data.
- Right to Rectification (Art. 16 GDPR): You can modify your plan data at any time by visiting your "magic link".
- Right to Erasure (Art. 17 GDPR): You can permanently delete your plan at any time from your plan page. This is the only method for data erasure. If you lose your unique link, we have no technical means to find or recover your data. This is a deliberate privacy feature: because your data is not tied to your identity in any way, we cannot locate it for you, which ensures no one else can either.
- Right to Restriction of Processing (Art. 18 GDPR): As processing is minimal and required for functionality, this right is primarily exercised by deleting your plan.
- Right to Data Portability (Art. 20 GDPR): You can copy your data from the plan page at any time.
- Right to Object (Art. 21 GDPR): You can object to analytics processing by not providing consent or withdrawing it.
- Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe our processing of data infringes on GDPR.
8. Legal Disclaimer
This tool is for informational and educational purposes only and does not constitute financial advice. Please consult with a qualified professional for personalized advice.
9. Contact Us
If you have any questions about this Privacy Policy, please contact us at the email address listed in Section 2.