Privacy Policy
Last updated: 21 April 2026
Effective date: 21 April 2026
This Privacy Policy explains how DebtZen ("DebtZen", "we", "us", "our") collects, uses, stores, shares, and protects your personal data when you use our mobile application and website at www.debtzen.in (together, the "Service"). By using the Service, you consent to the practices described here. If you do not agree, please do not use the Service.
Who we are. DebtZen is a personal finance planner built for Indian users. The Service is operated from India. All user data is stored in servers located in the asia-south1 (Mumbai, India) region operated by Google Cloud.
1. Eligibility
The Service is intended for individuals 18 years of age and older. We do not knowingly collect information from anyone under 18. If you believe a minor has used the Service, please contact us at debtzen.app@gmail.com and we will delete the data promptly.
2. What data we collect
2.1 Information you provide
- Account information: your mobile phone number (India, +91) and display name, collected during sign-up via one-time-password (OTP) verification.
- Financial profile: monthly income, monthly and annual expenses, loans (principal, EMI, lender name, tenure), bank balances, investments, insurance policies, physical assets, and retirement goals. All values are user-entered. We do not access bank accounts, credit bureaus, or government identity databases.
- Support correspondence: any email or message you send us.
2.2 Information collected automatically
- Device identifiers: Firebase Installation ID, Firebase Cloud Messaging (FCM) registration token, and device Advertising ID (AD_ID), used strictly to deliver push notifications and anonymous analytics.
- Diagnostic data: crash reports (stack traces, device model, OS version, memory state at crash time) via Firebase Crashlytics. You can opt out in the OS's data-sharing settings.
- Usage analytics: anonymous screen views and tap events via Firebase Analytics, used to understand which features are used.
2.3 Payment data (Pro subscription)
If you upgrade to DebtZen Pro, payment is processed securely by Google Play Billing. All payment transactions are subject to the Google Play Terms of Service. DebtZen never sees, receives, or stores your card number, CVV, UPI PIN, or banking credentials. We receive only a confirmation of purchase status and a subscription ID to unlock your Pro features. Read Google's privacy policy at policies.google.com/privacy.
2.4 What we do NOT collect
- We do not collect your bank passwords, OTPs sent by your bank, card CVVs, or UPI PINs.
- We do not access your contacts, SMS messages, call logs, photos, location, or microphone.
- We do not request a credit score or pull any credit bureau report.
- We do not collect your government IDs (Aadhaar, PAN, passport, driving licence).
3. How we use your data
- Provide the Service: authenticate you, save your financial profile, compute dashboards, debt-free projections, and net-worth summaries.
- Backup and cross-device sync: your profile is saved to Google Firebase Firestore (asia-south1, Mumbai) so you can restore data on a new device.
- Push notifications: only if you grant permission; used for reminders you have configured.
- Customer support: respond to your queries.
- Billing: process and record Pro subscription payments.
- Diagnostics: detect and fix crashes and bugs. Crash reports do not contain your financial values.
- Legal compliance and abuse prevention: comply with lawful requests; detect fraud.
We do not sell your personal data. We do not share your data with advertisers. We do not use your data to train artificial-intelligence models.
4. Third-party services we use
| Service | Provider | Purpose | Data shared |
|---|
| Firebase Authentication | Google LLC | Phone-OTP sign-in | Phone number, User ID |
| Cloud Firestore | Google LLC | Primary database (asia-south1, Mumbai) | All profile data you enter |
| Cloud Functions (asia-south1) | Google LLC | Server-side payment order creation, webhook handling, subscription expiry | User ID, plan, order status |
| Firebase Cloud Messaging | Google LLC | Push notifications | FCM registration token |
| Firebase Crashlytics | Google LLC | Crash diagnostics | Stack traces, device model, OS version |
| Firebase Analytics | Google LLC | Anonymous usage metrics | Screen views, event names (no PII) |
| Google Play Billing | Google LLC | Pro subscription payment processing | Subscription status, Order ID |
| Policybazaar (affiliate link) | PB Fintech Limited | Optional outbound link for insurance products | None — you only leave our app if you tap the link; we do not share your data with Policybazaar |
Google's use of your data under Firebase services is governed by the Firebase Privacy and Security page and Google's Privacy Policy.
5. Data storage, location, and security
- Location: All user data is stored in Google Firestore and Cloud Functions in the asia-south1 (Mumbai) region. Firebase Crashlytics and Analytics may process data in other Google regions for operational reasons, in line with Google's Firebase policy.
- Encryption: data in transit is protected by TLS. Data at rest is encrypted using Google's default encryption.
- Access control: each user can read and write only their own data, enforced by Firestore security rules. Financial status flags (e.g. Pro) are written only by server-side Cloud Functions after verified payment.
- Internal access: a small number of DebtZen engineers have administrative access to Firestore strictly for support, debugging, and security incident response. Access is logged.
- No password storage: we use phone OTP; there is no password for us to lose.
6. Retention and deletion
- While your account is active, we retain your data to provide the Service.
- You can delete your account at any time: Settings → Delete Account. Your account enters a 7-day soft-delete grace period during which you can restore it by signing in.
- After 7 days, your data is permanently erased from Firestore by an automated Cloud Function.
- Certain minimal records (order IDs, payment event logs, abuse-prevention logs) may be retained for up to 7 years to comply with Indian tax and payment-regulation requirements. These records do not contain your detailed financial profile.
7. Your rights under the DPDP Act, 2023
If you are a Data Principal under India's Digital Personal Data Protection Act, 2023, you have the right to:
- Access the personal data we hold about you.
- Correct any inaccurate personal data.
- Erase your personal data (subject to legal retention obligations in §6).
- Withdraw your consent at any time.
- Nominate another individual to exercise your rights in the event of incapacity or death.
- Raise a grievance with our Grievance Officer.
To exercise any of these rights, email debtzen.app@gmail.com. We will respond within 30 days.
8. Grievance Officer
In compliance with the DPDP Act, 2023 and the Information Technology Rules, we have appointed a Grievance Officer.
Grievance Officer: DebtZen Grievance Redressal Team
Email: debtzen.app@gmail.com
Response time: within 30 days of receipt.
9. Children
The Service is not directed to anyone under 18. We do not knowingly collect data from minors. Parents or guardians who believe a minor has used the Service may contact debtzen.app@gmail.com for immediate deletion.
10. International users
The Service is built for users in India and stored in India. If you access it from outside India, you understand that your data will be transmitted to and stored in India. By using the Service, you consent to this transfer.
11. Cookies and similar technologies
The mobile app does not use web cookies. The website debtzen.in may use strictly-necessary cookies for session management and analytics; we do not use advertising cookies or cross-site trackers.
12. Security incidents
In the unlikely event of a personal-data breach that is likely to result in a risk to your rights, we will notify you and the Data Protection Board of India as required by the DPDP Act.
13. Financial disclaimer
DebtZen provides financial tools and information, not professional financial or investment advice. DebtZen is not a lender and does not issue loans. For significant financial decisions, consult a SEBI-registered advisor.
14. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top will reflect the most recent version. Material changes will be notified via in-app banner or push notification. Continued use of the Service after a change indicates acceptance of the updated policy.
15. Contact us
Privacy queries: debtzen.app@gmail.com
Grievance: debtzen.app@gmail.com
General support: debtzen.app@gmail.com
Website: www.debtzen.in