Privacy Policy

CupDebt ("we," "our," or "us") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud-based debt schedule management platform.

Account Information: When you create an account, we collect your name, email address, and company name.

Business Data: Loan details, payment schedules, asset information, and other financial data you enter into the Service. This data belongs to you.

Third-Party Integration Data: When you connect QuickBooks or other integrations, we receive access tokens and account identifiers necessary to perform the integration. We do not store your QuickBooks login credentials.

Usage Data: We may collect information about how you access and use the Service, including browser type, pages visited, and timestamps.

We use your information to: (a) provide and maintain the Service; (b) process your loan and payment data as directed by you; (c) create bills in your connected accounting software on your behalf; (d) generate reports and analytics within the Service; (e) communicate with you about your account; (f) improve and optimize the Service; and (g) comply with legal obligations.

Your data is stored in Supabase-hosted PostgreSQL databases with row-level security (RLS) policies that ensure complete data isolation between organizations. Each organization can only access its own data. All data is encrypted in transit using TLS and at rest using AES-256 encryption. We implement industry-standard security practices including regular security audits and access controls.

We integrate with the following third-party services:

Supabase: Database hosting and authentication. Supabase Privacy Policy

QuickBooks Online (Intuit): Accounting integration for bill creation. When connected, we access your chart of accounts and create bills on your behalf. We store OAuth tokens securely and never access data beyond what is necessary for the integration. Intuit Privacy Policy

Vercel: Application hosting and deployment. Vercel Privacy Policy

We do not sell, rent, or trade your personal information or business data to third parties. We may share information only: (a) with third-party services as described above, solely to provide the Service; (b) to comply with legal obligations, court orders, or government requests; (c) to protect our rights, privacy, safety, or property; or (d) with your explicit consent.

We retain your data for as long as your account is active or as needed to provide the Service. Upon account deletion, we will delete your data within 30 days, except where retention is required by law. You may request data export at any time through the Service or by contacting us.

Depending on your jurisdiction, you may have the right to: (a) access the personal data we hold about you; (b) request correction of inaccurate data; (c) request deletion of your data; (d) object to or restrict processing of your data; (e) data portability; and (f) withdraw consent where processing is based on consent. To exercise these rights, contact us through the application.

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. Third-party services we integrate with may use their own cookies as described in their respective privacy policies.

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page. Your continued use of the Service after changes constitutes acceptance of the updated policy.

If you have questions or concerns about this Privacy Policy or our data practices, please contact us through the application or at the contact information provided in your account settings.