We never sell your data. Your loan information โ including anything imported via PAN โ stays private and is used only to power your DebtFree experience.
1. Information We Collect
We collect the following categories of information:
- Account information: phone number or email address used to sign in via OTP
- Loan data: loan names, types, principal, outstanding balance, interest rate, EMI, tenure, and lender name โ entered manually or imported via PAN
- PAN-based financial data (optional): with your explicit consent via the Account Aggregator framework, loan details from banks, NBFCs, and credit bureaus linked to your PAN
- AI usage data: messages sent to the AI Debt Advisor and generated Debt Health Reports
- Device information: device type, OS version, app version, and push notification token
- Payment information: subscription status and transaction references (card/UPI details are handled directly by Razorpay โ we never store them)
2. PAN Auto-Import & Account Aggregator (AA) Consent
DebtFree's PAN Auto-Import feature is built on the RBI-regulated Account Aggregator (AA) ecosystem. When you choose to use this feature:
- You provide explicit, time-bound consent through a licensed Account Aggregator to fetch your loan information from participating Financial Information Providers (FIPs) โ banks, NBFCs, and credit bureaus
- You can view the exact scope of data being shared (which accounts, which data fields, for how long) before approving
- Consent can be paused, modified, or revoked at any time โ either from within the DebtFree app or directly through your Account Aggregator app
- We process the fetched data only to populate your loan dashboard (balances, EMIs, rates, tenures) and to power AI Advisor context โ we do not use it for any other purpose
- Raw consent artefacts and bureau data are encrypted in transit (TLS 1.3) and at rest (AES-256), and retained only as long as needed to maintain your active loan records
If you revoke AA consent, previously imported loans remain in your account (as snapshots) unless you delete them manually, but no further automatic syncing will occur.
3. How We Use Your Information
We use your information to:
- Provide and improve the DebtFree service, including the dashboard, Snowball/Avalanche planner, and calculator
- Send EMI payment reminders via push notification
- Power the AI Debt Advisor and AI Debt Health Report with your loan context
- Process payments for Pro and Lifetime subscriptions via Razorpay
- Send important service updates (e.g., changes to these policies, security notices)
- Analyse aggregated, anonymised usage patterns to improve features
4. Data Storage and Security
Your data is stored on secure servers hosted by Hetzner Cloud in the European Union. We use industry-standard encryption โ TLS 1.3 for data in transit and AES-256 for data at rest. We implement role-based access controls, regular security reviews, and automated backups. Access to PAN-linked financial data is restricted to the minimum systems necessary to operate the import feature.
5. Data Sharing with Third Parties
We do not sell your personal data. We share data only with the following service providers, under strict data processing agreements:
- Account Aggregator network โ to fetch loan data with your explicit, revocable consent
- Anthropic (Claude AI) โ anonymised loan portfolio summary only, to generate AI Advisor responses
- Razorpay โ for payment processing (Pro/Lifetime subscriptions)
- Firebase (Google) โ for push notification delivery
- Our infrastructure providers โ Hetzner Cloud, for hosting
6. AI Data Processing
When you use the AI Debt Advisor or request an AI Debt Health Report, a summary of your loan portfolio (loan types, balances, interest rates, EMIs, tenures, and lender names) is sent to Anthropic's Claude API to generate personalised responses. We do not share your name, phone number, email address, or PAN with Anthropic. Conversations are logged in our systems for usage tracking (to enforce monthly message limits) but are not used to train third-party AI models.
7. Your Rights
You have the right to:
- Access all data we hold about you, including PAN-imported loan records
- Correct inaccurate data
- Revoke Account Aggregator consent at any time
- Delete your account and all associated data
- Export your loan data
- Opt out of non-essential communications
To exercise these rights, email support@debtfreeapp.in โ we respond within 72 hours.
8. Data Retention
We retain your data as long as your account is active. If you delete your account, we delete all personal data โ including PAN-imported records and AA consent artefacts โ within 30 days, except where retention is required by law (e.g., payment records retained for 7 years under Indian tax regulations).
9. Analytics & Cookies
The mobile app does not use cookies. We use Firebase Analytics to understand aggregated, anonymised app usage patterns. You can opt out of analytics collection in your device settings at any time.
10. Children's Privacy
DebtFree is not intended for users under 18 years of age, and PAN-based financial accounts require the holder to be an adult. We do not knowingly collect personal information from minors. If we discover we have inadvertently collected such information, we will delete it promptly.
11. Changes & Contact
We may update this Privacy Policy periodically. We will notify you of significant changes โ especially any affecting PAN/AA data handling โ via in-app notification or email at least 7 days before they take effect.