ShuffleMyDebt logo
ShuffleMyDebt

Last updated: April 19, 2026

Privacy Policy

ShuffleMyDebt ("we," "our," or "us") is committed to protecting the privacy of every family who trusts us with their financial information. This Privacy Policy explains what we collect, why we collect it, how we use it, and the rights you have over your data.

1. Information We Collect

We collect three categories of information:

  • Account information — first and last name, email address, phone number (optional), and password (hashed; never stored in plaintext).
  • Financial information you enter — debts (balances, interest rates, minimum payments, due dates), income sources, monthly bills, optional HELOC details, payment history, and emergency-fund progress. This data is manually entered by you. ShuffleMyDebt does not connect to your bank accounts and does not pull transactions from any financial institution.
  • Billing information — handled exclusively by Stripe, our PCI-compliant payment processor. We never see or store your full card number, CVV, or bank account number. We only retain the Stripe customer ID, subscription status, plan type, and billing dates.

We also collect minimal technical data: IP address, browser type, device type, and basic usage events (e.g., login timestamps) to keep the service secure and functional.

2. How We Use Your Information

  • To generate your personalized debt-free plan and payment schedule.
  • To send transactional emails (welcome, payment receipts, payment failures, trial reminders, debt payoff celebrations, and cancellation notices).
  • To provide customer support when you contact us.
  • To prevent fraud, abuse, and unauthorized access to accounts.
  • To comply with legal obligations (tax, accounting, lawful requests).

We do not sell, rent, or trade your personal or financial information to third parties. Ever.

3. How We Share Information

We share data only with the limited service providers required to run ShuffleMyDebt:

  • Stripe — payment processing and subscription management.
  • Lovable Cloud (Supabase) — encrypted database hosting and authentication.
  • Resend — transactional email delivery from notify@lmfai.solutions.
  • Cloudflare — application hosting, DDoS protection, and edge delivery.

Each provider is bound by their own data processing agreements and is restricted to the minimum data necessary to perform their function.

4. Data Storage & Security

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Passwords are hashed with bcrypt. Database access is protected by row-level security policies — each user can only ever read or write their own records.

Despite our safeguards, no system is 100% secure. If we ever discover a breach affecting your data, we will notify you within 72 hours as required by applicable law.

5. Data Retention

  • Active accounts: data is retained for as long as your subscription is active.
  • Cancelled accounts: data is retained for 90 days after cancellation in case you reactivate, then permanently deleted.
  • Billing records: retained for 7 years to comply with tax and accounting obligations.
  • Email logs: retained for 12 months for deliverability and audit purposes.

You may request earlier deletion at any time (see Section 7).

6. Cookies & Tracking

ShuffleMyDebt uses only essential first-party cookies required to keep you logged in and to remember interface preferences. We do not use advertising cookies, do not run third-party trackers, and do not participate in cross-site behavioral advertising networks.

7. Your Rights

You have the right to:

  • Access a copy of all data we hold about you.
  • Correct any inaccurate data directly in your dashboard or via support.
  • Delete your account and all associated data (subject to Section 5 retention rules).
  • Export your data in a portable format (CSV/JSON).
  • Opt out of non-essential emails. Critical billing and security emails cannot be opted out of while your account is active.

To exercise any of these rights, email privacy@shufflemydebt.com. We respond within 30 days.

8. Children's Privacy

ShuffleMyDebt is not directed to anyone under 18. We do not knowingly collect data from minors. If we learn we have, we will delete it immediately.

9. International Users

ShuffleMyDebt is operated from the United States and data is stored on servers in the United States. By using the service from outside the U.S., you consent to the transfer of your data to the U.S.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced via email and an in-app notice at least 14 days before taking effect. Continued use after the effective date constitutes acceptance.

11. Contact Us

Questions about this policy or your data? Email privacy@shufflemydebt.com.

See also our Terms of Service.