Privacy Policy

DebtForge is operated by OP Studio. We provide an educational debt payoff toolkit to help individuals understand and manage their personal debt. Our registered contact is debtforge@opsols.net.

We collect only the data you provide directly:

• Account data: email address and password (stored via Supabase Auth).
• Financial data: income, outgoings, debt balances, APRs, and monthly payment entries you enter into the toolkit. This data is stored in our database and is associated with your account.
• Usage data: standard server logs (IP address, browser type, pages visited). We do not use third-party analytics on tool pages.

We do not collect payment card details. Payments are processed by Stripe, who have their own Privacy Policy.

• To provide and operate the DebtForge toolkit.
• To send transactional emails (account confirmation, password reset, magic link sign-in).
• To send product updates if you opted in during signup (you can unsubscribe at any time).
• To comply with legal obligations.

We do not sell your data. We do not share your financial data with third parties except as described in Section 5.

Your data is stored in a Supabase-managed PostgreSQL database hosted on AWS infrastructure in the United States. Data is encrypted at rest and in transit (TLS 1.2+). Access to your financial data is restricted to your account via Row-Level Security policies — no other user can read your data.

We implement reasonable technical and organisational measures to protect your data. No system is 100% secure; if you believe your account has been compromised, contact us immediately at debtforge@opsols.net.

We use the following sub-processors:

• Supabase — database and authentication hosting.
• Vercel — application hosting and edge delivery.
• Stripe — payment processing. Stripe does not receive your financial toolkit data.
• Resend — transactional email delivery.
• OpenAI — large-language-model inference for our optional AI-assisted features (see §6). We have OpenAI's training opt-out enabled, so your inputs are not used to train their models.

Each sub-processor is contractually bound to process your data only as instructed and to maintain appropriate security standards.

DebtForge offers optional AI-assisted features (debt-entry suggestions, dashboard insights, spending audit extraction, and bank-statement auto-fill). These features call OpenAI on your behalf when you choose to use them. They are entirely optional — every tool also has a manual entry path.

Bank statement upload — two modes, your choice. When you upload a statement, you pick the processing mode:

• Smart scan (default). The PDF is processed in memory on our server. Account numbers, card numbers, routing numbers, names, addresses, phone numbers, email addresses, and tax IDs are stripped from the text by an automated redaction step. Only the redacted transactional content is sent to OpenAI for categorisation. We never send your full PDF or your identifying details to any third party in this mode.
• AI scan (opt-in).If Smart scan can't read your PDF (e.g. it's a scanned image), you can choose AI scan. In this mode your full PDF — including any name, address, or account number printed on it — is sent to OpenAI under their training opt-out, analysed by a vision-capable model, and then deleted from OpenAI immediately after processing. OpenAI may retain API inputs for up to 30 days for trust-and-safety review under their standard terms. AI scan is never the default; you have to actively switch to it, and a clear notice describes this trade-off before you upload.

No retention of uploaded files on our side. In both modes, the bank statement you upload is held in our server memory only for the duration of a single request. We do not save it to disk, to our database, or to any storage bucket. Once the request returns, the file is discarded. The structured numbers extracted from it are written to your account only after you review and click Save.

Other AI-assisted features. Debt-entry suggestions, dashboard insights, and spending-audit extraction call OpenAI on free-text input you provide. They never send your account email, profile data, or other debts to the model — only the text you type. They are entirely optional; every tool also has a manual entry path.

Usage logging.We record per-call metadata for each AI feature you use (timestamp, model, token counts, estimated cost) for rate-limiting and cost monitoring. We never log the prompt body or the AI's response — only the counts.

You can avoid AI features entirely by sticking to manual entry. Closing your account deletes the usage log along with the rest of your data.

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including the right to know what data we collect, the right to delete it, and the right to opt out of sale (we do not sell data). All users, regardless of location, may:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Delete your account and all associated data (via Settings → Data → Delete my account, or by emailing us). At deletion, you may optionally tick a box to keep your email address on our marketing list for product updates; if you do not tick it, your email is permanently removed. You can unsubscribe at any time by emailing us.
• Export your data in a portable format (via Settings → Data → Export).
• Opt out of marketing emails at any time via the unsubscribe link in any email.

To exercise any of these rights, email us at debtforge@opsols.net. We will respond within 30 days.

We use only a session cookie required for authentication. We do not use advertising, tracking, or analytics cookies. No cookie consent banner is required.

DebtForge is not intended for users under the age of 18. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of DebtForge after a change constitutes acceptance of the updated policy.

This Privacy Policy is governed by the laws of the State of Delaware, United States. By using DebtForge, you consent to the collection and use of your information as described in this policy.

Questions about this policy? Email us at debtforge@opsols.net.