← Back to Home

Privacy Policy

Last updated: [INSERT DATE]

Introduction

Welcome to Slaash (also known as "Debt Payoff Companion" or "Debt Payoff Tracker"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our mobile application (the "App") and related services (collectively, the "Service").

We are committed to protecting your privacy and handling your data with transparency and care. This Privacy Policy applies to all users of the Slaash iOS application and describes our practices regarding the collection and processing of your personal and financial information.

By downloading, installing, accessing, or using the App, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein. If you do not agree with this Privacy Policy, please do not use the Service.

This Privacy Policy should be read in conjunction with our Terms of Service, available at https://slaash.app/terms.

1. Information We Collect

We collect several types of information from and about users of our Service, including information that identifies you personally and information about your financial accounts.

1.1 Account and Profile Information

When you create an account with Slaash, we collect information through OAuth authentication providers:

  • Email address
  • Display name
  • Profile photo URL
  • Unique user identifier generated by our authentication service (Supabase)

This information is collected when you sign in using either:

  • Sign in with Apple (OAuth)
  • Sign in with Google (OAuth)

We do not collect or store passwords, as authentication is managed through these third-party OAuth providers.

1.2 Financial Information

Through our integration with Plaid Inc., a third-party financial data aggregation service, we collect and store financial information from your connected credit card accounts:

  • Account identification: Credit card account names, financial institution names, account numbers (masked), account types
  • Balance information: Current balances, available credit, credit limits
  • Interest rates: Annual Percentage Rates (APR) for each connected account
  • Payment information: Minimum monthly payment amounts, payment due dates, last payment date and amount
  • Transaction history: Recent transactions used for automatic payment detection and tracking
  • Account status: Account open/closed status, last synchronization timestamps
  • Plaid-specific identifiers: Access tokens (encrypted), account IDs, item IDs for maintaining connections

Important: We only access and store information from credit card accounts that you explicitly choose to connect through the Plaid integration interface. We do not access information from other account types such as checking accounts, savings accounts, mortgages, auto loans, or student loans.

1.3 User-Generated Content and Settings

We collect information that you create or configure within the App:

  • Debt payoff strategy selection: Your chosen method (Snowball or Avalanche)
  • Payment goals: Monthly extra payment amounts, target debt-free dates
  • Manually added accounts: If you choose not to use Plaid, any debt account information you manually enter
  • Notification preferences: Your settings for payment reminders, milestone notifications, and weekly digests
  • Appearance preferences: Your selected display mode (light, dark, or system)
  • Demo mode status: Whether you have enabled demonstration mode
  • Reminder configurations: Timing preferences for payment notifications and reminders

1.4 Device and Technical Information

We collect technical information about your device and how you interact with the Service:

  • Device identifiers: iOS platform identifier, device model information
  • Push notification tokens: Apple Push Notification Service (APNs) device token for delivering notifications
  • App usage data: Features accessed, frequency of use, interaction patterns
  • Technical diagnostics: Error logs, crash reports, performance metrics
  • Synchronization data: Last sync timestamps, sync success/failure indicators

1.5 Automatically Collected Information

When you use the Service, certain information is collected automatically:

  • Access times: Date and time of your sessions
  • App version information: The version of the App you are using
  • Operating system: iOS version running on your device
  • Network information: Connection type (WiFi, cellular), network status for sync purposes

1.6 Information We Do NOT Collect

To be clear, we do NOT collect:

  • Passwords (authentication is handled by OAuth providers)
  • Social Security Numbers or Tax IDs
  • Full, unmasked credit card numbers
  • CVV/security codes
  • Bank account routing or account numbers
  • Login credentials for your financial institutions (these are handled securely by Plaid)
  • Precise location data or GPS coordinates
  • Contacts, photos, or other media from your device
  • Information from other apps on your device
  • Browsing history or web activity
  • Biometric data (Face ID/Touch ID is handled locally on your device)

2. How We Use Your Information

We use the information we collect for specific purposes related to providing and improving the Service:

2.1 Providing Core Service Functionality

  • Account management: Creating and maintaining your user account
  • Financial tracking: Displaying your current credit card balances, limits, APRs, and payment information
  • Debt payoff planning: Calculating optimized debt payoff strategies using Snowball or Avalanche methods
  • Progress tracking: Monitoring your debt reduction progress over time
  • Payment tracking: Detecting and recording payments made to your credit accounts
  • Projections and calculations: Generating debt-free date projections, interest cost calculations, and payment schedules
  • Data synchronization: Syncing your data between your device and our cloud database to ensure consistency across app sessions
  • Offline access: Caching data locally on your device for offline functionality

2.2 Notifications and Communications

  • Payment reminders: Sending push notifications before your payment due dates
  • Progress updates: Notifying you of milestones, achievements, and weekly progress summaries
  • Payment confirmations: Alerting you when the Service detects that a payment has been made
  • Celebration notifications: Sending congratulatory messages when you pay off a debt
  • Service communications: Sending important updates about changes to the Service, Terms, or Privacy Policy
  • Support responses: Responding to your inquiries and support requests

2.3 Service Improvement and Analytics

  • Performance optimization: Identifying and fixing bugs, errors, and technical issues
  • Feature development: Understanding how features are used to guide product improvements
  • User experience enhancement: Analyzing usage patterns to improve app navigation and functionality
  • Service reliability: Monitoring sync success rates, API performance, and connection stability
  • Crash analysis: Investigating app crashes to improve stability

2.4 Premium Subscription Management

  • Subscription verification: Validating your Premium subscription status through RevenueCat
  • Feature access control: Enabling Premium features (unlimited cards, widgets, advanced analytics) for subscribers
  • Family Sharing support: Supporting Apple's Family Sharing for eligible subscribers

2.5 Security and Fraud Prevention

  • Account security: Monitoring for suspicious activity or unauthorized access attempts
  • Data protection: Implementing and maintaining security measures to protect your information
  • Authentication verification: Ensuring that only authorized users can access accounts

2.6 Legal and Compliance Purposes

  • Terms enforcement: Ensuring compliance with our Terms of Service
  • Legal obligations: Complying with applicable laws, regulations, and legal processes
  • Dispute resolution: Responding to legal claims or disputes
  • Safety protection: Protecting the rights, property, and safety of our users and the Company

3. How We Share Your Information

We respect your privacy and limit the sharing of your information to specific circumstances:

3.1 Third-Party Service Providers

We share information with trusted third-party service providers who perform services on our behalf. These providers are contractually obligated to use your information only for the purposes we specify and to maintain appropriate security measures.

Plaid Inc. (Financial Data Aggregation)

  • Information shared: Your OAuth credentials to access your financial institutions
  • Purpose: Connecting to your credit card accounts and retrieving financial data
  • Privacy Policy: https://plaid.com/legal/
  • Data security: Plaid maintains bank-level security standards and is subject to strict data protection requirements

Supabase (Backend Infrastructure)

  • Information shared: All user data, financial data, settings, and preferences
  • Purpose: Database storage, user authentication, serverless functions, and data synchronization
  • Data security: Row Level Security (RLS) policies ensure users can only access their own data; data is encrypted in transit and at rest

RevenueCat (Subscription Management)

  • Information shared: User identifier, subscription status, purchase receipts
  • Purpose: Managing Premium subscriptions and validating feature entitlements
  • Data security: RevenueCat processes subscription data securely and interfaces with Apple's App Store

Apple Inc. (Push Notifications and Subscriptions)

  • Information shared: APNs device token, notification content, subscription information
  • Purpose: Delivering push notifications and processing App Store subscriptions
  • Privacy Policy: https://www.apple.com/legal/privacy/

3.2 Aggregated and De-Identified Information

We may share aggregated, de-identified, or anonymized information that cannot reasonably be used to identify you:

  • Usage statistics and trends
  • Feature adoption rates
  • Performance metrics
  • Industry research and analysis

This information is used for business analytics, market research, and service improvement purposes.

3.3 Business Transfers

If we are involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your information may be transferred or disclosed as part of that transaction. We will notify you via email and/or a prominent notice in the App of any change in ownership or use of your information, as well as any choices you may have regarding your information.

3.4 Legal Requirements and Protection

We may disclose your information when we believe in good faith that disclosure is necessary to:

  • Comply with applicable laws, regulations, legal processes, or enforceable governmental requests
  • Enforce our Terms of Service, including investigating potential violations
  • Detect, prevent, or address fraud, security issues, or technical problems
  • Protect against harm to the rights, property, or safety of the Company, our users, or the public as required or permitted by law

3.5 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing. You will be notified before your information is shared and will have the opportunity to refuse such sharing.

3.6 What We Do NOT Share

We do NOT:

  • Sell your personal information to third parties for their marketing purposes
  • Share your financial information with advertisers
  • Provide your data to data brokers or information resellers
  • Display advertisements in the App (we do not have advertising partners)
  • Share your information on social media platforms
  • Rent or lease your data to any third party

4. Data Storage and Security

4.1 Where Your Data is Stored

Your information is stored in two locations:

Local Device Storage:

  • Data is stored on your iOS device using Swift Data framework
  • Enables offline access and optimal app performance
  • Syncs bidirectionally with cloud storage
  • Protected by your device's security features (passcode, Face ID, Touch ID)
  • Cleared when you delete your account or uninstall the App

Cloud Storage (Supabase):

  • PostgreSQL database hosted by Supabase
  • Located in secure data centers with enterprise-grade infrastructure
  • Geographic location: [Based on Supabase region configuration]
  • All data is backed up regularly for disaster recovery

4.2 Security Measures

We implement industry-standard security measures to protect your information:

Encryption:

  • All data transmitted between your device and our servers is encrypted using HTTPS/TLS protocols
  • Plaid access tokens are encrypted before storage in our database
  • Sensitive authentication data is hashed using SHA256
  • Data at rest is protected using database-level encryption

Access Controls:

  • Row Level Security (RLS) policies on all database tables ensure users can only access their own data
  • Multi-factor authentication requirements for administrative access
  • Secure API authentication required for all data requests
  • OAuth-based authentication eliminates password storage risks

Security Best Practices:

  • Regular security audits and vulnerability assessments
  • Prompt application of security patches and updates
  • Secure coding practices and code reviews
  • Monitoring for suspicious activity and unauthorized access attempts
  • Incident response procedures in the event of a security breach

Third-Party Security:

  • Reliance on Plaid's bank-level security infrastructure for financial data access
  • Use of Apple's secure authentication mechanisms (Sign in with Apple)
  • Supabase's enterprise security features and compliance certifications

4.3 Security Limitations

While we strive to protect your information using commercially reasonable security measures, please understand that:

  • No method of electronic transmission or storage is 100% secure
  • We cannot guarantee absolute security of your information
  • You are responsible for maintaining the security of your device and OAuth provider credentials
  • You should use strong passwords for your OAuth accounts and enable two-factor authentication where available
  • You should not share your device or account access with unauthorized individuals

4.4 Security Breach Notification

In the event of a data breach that compromises your personal information, we will:

  • Investigate the breach promptly and thoroughly
  • Notify affected users via email and in-app notification within a reasonable timeframe
  • Provide information about what data was compromised and what steps we are taking
  • Comply with all applicable data breach notification laws
  • Offer guidance on steps you can take to protect yourself

5. Data Retention

5.1 Account Data Retention

We retain your information for as long as your account is active or as needed to provide you with the Service:

Active Accounts:

  • Your account information, financial data, settings, and preferences are retained for the duration of your account's existence
  • Financial data is refreshed nightly through Plaid synchronization
  • Historical transaction and payment tracking data is retained to maintain accurate progress tracking

Deleted Accounts:

  • When you delete your account, all of your personal and financial information is permanently deleted from our servers
  • Account deletion triggers a CASCADE delete operation that removes all associated data
  • Local data on your device is also cleared upon account deletion
  • Plaid access tokens are revoked, terminating the connection to your financial institutions

5.2 Backup and Recovery

  • Database backups may retain your data for a limited period (typically 30-90 days) for disaster recovery purposes
  • Backup data is subject to the same security protections as production data
  • Once backups expire, your data is permanently purged from backup systems

5.3 Legal and Compliance Retention

We may retain certain information for longer periods when required by:

  • Legal obligations, regulations, or court orders
  • Dispute resolution and legal proceedings
  • Fraud prevention and security investigations
  • Audit and compliance requirements

Such retained information is limited to what is necessary for these purposes and is securely deleted when no longer required.

5.4 Aggregated Data

De-identified and aggregated data that cannot be used to identify you may be retained indefinitely for analytics, research, and service improvement purposes.

6. Your Privacy Rights and Choices

You have certain rights and choices regarding your personal information:

6.1 Account Access and Management

Access Your Data:

  • You can view all of your financial data, settings, and preferences directly within the App
  • Your connected accounts, payoff plans, and progress tracking are accessible at any time

Update Your Information:

  • You can modify your notification preferences, appearance settings, and payoff strategies within the App settings
  • You can update manually entered debt information at any time
  • OAuth profile information (email, name, photo) is managed through your OAuth provider (Apple or Google)

Reconnect Accounts:

  • You can disconnect and reconnect your Plaid-linked financial accounts at any time
  • Reconnecting may be necessary if your financial institution requires re-authentication

6.2 Data Portability

Upon request, we will provide you with a copy of your personal information in a structured, commonly used, and machine-readable format. To request a data export, contact us at [INSERT CONTACT EMAIL].

6.3 Account Deletion and Data Erasure

Delete Your Account:

  • You can permanently delete your account at any time through the in-app account settings
  • Account deletion is immediate and cannot be undone
  • All of your personal and financial data will be permanently erased from our servers
  • Plaid connections will be automatically revoked
  • Local device data will be cleared

Important: Deleting your Slaash account does NOT cancel your Premium subscription. You must separately cancel your subscription through your Apple App Store account settings to avoid future charges.

Request Deletion:

  • If you are unable to delete your account through the App, you can request account deletion by contacting us at [INSERT CONTACT EMAIL]
  • We will respond to deletion requests within 30 days

6.4 Notification Controls

Manage Push Notifications:

  • Master toggle to enable or disable all push notifications
  • Granular controls for specific notification types (payment reminders, weekly digests, milestone celebrations)
  • Snooze functionality for individual reminders
  • iOS system-level notification settings provide additional controls

Opt Out of Service Communications:

  • You cannot opt out of critical service-related emails (Terms changes, security notices)
  • You may delete your account if you no longer wish to receive any communications

6.5 Marketing Communications

No Marketing Communications:

  • We do not send marketing, promotional, or advertising emails
  • We do not share your information with third parties for their marketing purposes
  • The App does not display advertisements

6.6 Demo Mode Privacy

Enable Demo Mode:

  • You can enable Demo Mode to display fictional sample data instead of your actual financial information
  • Useful for demonstrating the App or taking screenshots without exposing real debt information
  • Demo Mode does not affect the actual data stored in your account

6.7 State-Specific Privacy Rights

Depending on your state of residence, you may have additional privacy rights:

California Residents (CCPA/CPRA):

  • Right to know what personal information we collect, use, disclose, and sell
  • Right to request deletion of personal information
  • Right to opt out of the sale of personal information (note: we do not sell personal information)
  • Right to non-discrimination for exercising privacy rights
  • See "California Privacy Rights" section below for more details

Virginia, Colorado, Connecticut, and Other States:

  • If your state has enacted comprehensive privacy legislation, you may have rights to access, correct, delete, and obtain a copy of your personal information
  • Contact us to exercise these rights

6.8 Exercising Your Rights

To exercise any of the rights described in this section:

  • Use the in-app account management features where available
  • Contact us at [INSERT CONTACT EMAIL] with your request
  • Provide sufficient information to verify your identity (we may ask for confirmation of your email address)
  • Allow up to 30 days for us to respond to your request

We will not discriminate against you for exercising any of your privacy rights.

7. California Privacy Rights (CCPA/CPRA)

This section applies to California residents and supplements the information in this Privacy Policy.

7.1 Personal Information We Collect

In the past 12 months, we have collected the following categories of personal information:

CategoryExamplesCollected
IdentifiersEmail address, display name, user IDYes
Financial InformationCredit card balances, APRs, payment amounts, due datesYes
Internet ActivityApp usage, features accessed, error logsYes
Device InformationiOS version, device model, APNs tokenYes
Geolocation DataPrecise location dataNo
Sensitive Personal InformationSSN, driver's license, financial account login credentialsNo

7.2 Sources of Personal Information

We collect this information from:

  • Directly from you (account creation, manual data entry, settings)
  • Your devices (device identifiers, usage data)
  • Third-party services (Plaid, Apple, Google OAuth)

7.3 Purpose of Collection and Use

We use your personal information for the purposes described in Section 2 ("How We Use Your Information").

7.4 Disclosure of Personal Information

We disclose personal information to the categories of third parties described in Section 3 ("How We Share Your Information"), including service providers and third-party platforms.

7.5 Sale and Sharing of Personal Information

We do NOT sell or share your personal information for cross-context behavioral advertising purposes.

7.6 Your California Privacy Rights

California residents have the right to:

Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, including:

  • Categories of personal information collected
  • Categories of sources from which information was collected
  • Business or commercial purposes for collecting information
  • Categories of third parties with whom we share information

Right to Delete: Request deletion of personal information we have collected from you, subject to certain exceptions.

Right to Correct: Request correction of inaccurate personal information we maintain about you.

Right to Opt Out: Opt out of the sale or sharing of personal information (note: we do not sell or share personal information).

Right to Limit Use of Sensitive Personal Information: Limit our use of sensitive personal information (note: we do not use sensitive personal information beyond providing the Service).

Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA rights.

7.7 Exercising Your California Rights

To exercise your rights under the CCPA:

  • Submit a request: Email us at [INSERT CONTACT EMAIL] with the subject line "California Privacy Rights Request"
  • Specify your request: Clearly state which right you wish to exercise
  • Verify your identity: We may ask you to verify your identity by confirming your email address or other account information
  • Response time: We will respond to verifiable requests within 45 days

Authorized Agents: California residents may use an authorized agent to submit requests on their behalf. We will require verification that the agent is authorized to act on your behalf.

7.8 Do Not Track Signals

The App does not respond to "Do Not Track" browser signals because the App is a native mobile application and does not employ web-based tracking technologies.

7.9 California "Shine the Light" Law

California Civil Code Section 1798.83 permits California residents to request information regarding disclosure of personal information to third parties for their direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

8. Children's Privacy

8.1 Age Restriction

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from anyone under 18 years of age.

8.2 COPPA Compliance

We comply with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect, use, or disclose personal information from children under 13.

8.3 Parental Notice

If we discover that we have collected personal information from a person under 18, or a child under 13, we will delete that information immediately. If you are a parent or guardian and believe that your child has provided personal information to us, please contact us immediately at [INSERT CONTACT EMAIL].

8.4 Verification

By using the Service, you represent and warrant that you are at least 18 years of age. We may request proof of age at any time.

9. International Data Transfers

9.1 United States-Based Service

The Service is designed for users located in the United States and supports connections only to United States financial institutions. Our servers and data storage infrastructure are located in the United States.

9.2 Data Transfer

If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence.

9.3 Non-U.S. Users

By using the Service from outside the United States, you consent to the transfer of your information to the United States and acknowledge that U.S. law will govern the collection, use, and disclosure of your information.

9.4 GDPR Compliance

If you are a resident of the European Economic Area (EEA), United Kingdom, or Switzerland, you may have additional rights under the General Data Protection Regulation (GDPR) or equivalent laws. However, because the Service is designed exclusively for U.S. users and U.S. financial institutions, we do not actively support or market the Service to individuals in these regions.

If you are an EEA/UK resident who has accessed the Service, you may have rights to:

  • Access your personal data
  • Rectify inaccurate personal data
  • Request erasure of personal data
  • Restrict or object to processing
  • Data portability
  • Withdraw consent
  • Lodge a complaint with a supervisory authority

To exercise these rights, contact us at [INSERT CONTACT EMAIL].

10. Third-Party Links and Services

10.1 Third-Party Services

The Service integrates with and relies on third-party services, including:

  • Plaid Inc. for financial data aggregation
  • Supabase for backend infrastructure
  • RevenueCat for subscription management
  • Apple for authentication, push notifications, and payment processing
  • Google for OAuth authentication

Each of these third parties has its own privacy policy governing the collection, use, and disclosure of your information. We encourage you to review these policies:

10.2 No Responsibility for Third Parties

We are not responsible for the privacy practices, content, or policies of these third-party services. Your interactions with third-party services are governed by their respective terms and privacy policies, not by this Privacy Policy.

10.3 No External Links

The App does not contain links to external websites or services (other than the integrated third-party services listed above). We do not display advertisements or sponsored content.

11. Changes to This Privacy Policy

11.1 Right to Modify

We reserve the right to modify this Privacy Policy at any time to reflect changes in our practices, the Service, applicable laws, or for other operational, legal, or regulatory reasons.

11.2 Notification of Changes

When we make changes to this Privacy Policy, we will:

  • Update the "Effective Date" at the top of this Privacy Policy
  • Notify you through the App with a prominent notice
  • Send you an email notification (if we have your email address)
  • Provide a reasonable opportunity to review the changes before they take effect

11.3 Material Changes

For material changes that significantly affect your rights or how we handle your information, we will provide advance notice (at least 30 days when reasonably possible) and may require you to affirmatively accept the new Privacy Policy before continuing to use the Service.

11.4 Acceptance of Changes

Your continued use of the Service after the effective date of a revised Privacy Policy constitutes your acceptance of the changes. If you do not agree with the modified Privacy Policy, you must stop using the Service and may delete your account.

11.5 Review Regularly

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. You can always access the most current version at https://slaash.app/privacy or within the App.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Email: [INSERT CONTACT EMAIL]
Website: https://slaash.app
Support: support@slaash.app

12.1 Privacy-Specific Inquiries

For questions specifically regarding:

Data Access and Portability:

  • Email [INSERT CONTACT EMAIL] with the subject line "Data Access Request"
  • Allow up to 30 days for response

Account Deletion:

  • Use the in-app account deletion feature (Settings → Account → Delete Account)
  • Or email [INSERT CONTACT EMAIL] with the subject line "Account Deletion Request"

Data Corrections:

  • Most data can be updated directly in the App
  • For assistance, email [INSERT CONTACT EMAIL]

California Privacy Rights:

  • Email [INSERT CONTACT EMAIL] with the subject line "California Privacy Rights Request"

Security Concerns:

  • Report security issues to [INSERT SECURITY EMAIL]
  • We take security reports seriously and will investigate promptly

Plaid Connection Issues:

  • First try disconnecting and reconnecting your account through the App
  • If problems persist, contact us at support@slaash.app

12.2 Response Time

We strive to respond to all privacy-related inquiries and requests within 30 days. For California residents exercising CCPA rights, we will respond within 45 days as required by law.

12.3 Verification

To protect your privacy and security, we may require you to verify your identity before responding to requests to access, modify, or delete your personal information. Verification may include confirming your email address or other account information.

13. Consent and Acceptance

By downloading, installing, accessing, or using the Slaash application, you acknowledge that you have read, understood, and agree to the collection, use, disclosure, and processing of your information as described in this Privacy Policy.

If you do not agree with this Privacy Policy, do not use the Service.

For the most current version of this Privacy Policy, please visit https://slaash.app/privacy or check within the App.

Last Updated: [INSERT DATE]