Plain-English summary
This Privacy Policy explains how Oll Korrekt LLC, a limited liability company formed in the State of Colorado, United States, doing business as MyDebtLens, handles data in relation to the MyDebtLens website, authenticated workspace, reports, billing, support, analytics, and related features.
MyDebtLens helps you understand debt balances, interest cost, payment timing, monthly pressure, scenario choices, reminders, and generated reports. To do that, the app uses information you enter, save, or choose to submit.
We use that information to run the service, generate reports, save planning history, enforce plan limits, provide support, protect the app, improve reliability, and create privacy-safe aggregate insights where allowed.
Information we collect
Account and login information
We collect account details such as email address, authentication method, access plan, subscription status, billing status, passkey status where enabled, and account settings. An email address and sign-in method are required for a standard account. A real-world name and ZIP code are optional profile details, not registration requirements.
Debt, household, and planning information
We collect the details you save in the app, which may include debt names, balances, APRs, payment amounts, due dates, debt roles, income, monthly expenses, emergency-fund targets, retirement or employer-match context, ZIP/local context, credit-context inputs, and scenario assumptions.
Reports, exports, calendar, and support
Generated reports and payoff workbooks may include saved report metadata and ordinary PDF, DOCX, or XLSX files, depending on your plan and retention settings. Sensitive report metadata may use application-level encryption, but generated files are not separately encrypted by the application; they are protected by account access and server/file controls.
Calendar tools may process due dates, reminders, income timing, fixed expense timing, ICS downloads, and optional Google Calendar connection status. When Google Calendar is connected, event content sent to Google may include debt labels, payment amounts, due dates, reminder context, and payoff timing. Disconnecting MyDebtLens does not necessarily remove events already created in Google, and remote events may remain under the user’s Google Calendar choices and Google’s retention practices.
Support or Ask MyDebtLens workflows may process the messages needed to provide the feature or handle a restricted support, security, or legal situation. If you voluntarily type real names, account numbers, government identifiers, or other personal identifiers into free-text fields, those identifiers may become part of the saved content or restricted support/security records even though MyDebtLens does not request them.
Consent, analytics, reliability, and request data
We collect privacy choices, cookie-consent state, basic device/browser information, coarse usage events, error/reliability events, and ordinary server request metadata so the app can operate safely and improve over time.
Analytics, cookies, and server traffic
Required cookies keep sign-in, account security, billing redirects, passkeys, maintenance checks, and privacy-choice storage working. Optional public visitor analytics is off unless you allow it.
- Public visitor analytics: Google Analytics 4 and Microsoft Clarity load only on public marketing/legal pages, only after optional analytics consent, and only when configured. They help MyDebtLens understand public-page traffic, landing pages, device/browser mix, scrolls, outbound clicks, downloads, and public-page experience. They are not loaded on authenticated app pages, admin pages, billing pages, private report pages, protected workspace pages, or Ask MyDebtLens conversations.
- Search visibility tools: Google Search Console and Bing Webmaster Tools may be used to understand aggregate search visibility, indexing, sitemap status, search queries, impressions, clicks, pages, countries, and device categories. These tools describe how search engines see public pages; they do not provide MyDebtLens with your private debts, account records, reports, payments, or authenticated workspace activity.
- Logged-in product analytics: first-party usage analytics records coarse events such as page/feature usage, plan type, account-age band, device/browser, and event date. Underlying event records may include an account-linked user ID and request/device metadata such as IP address and user agent. Admin dashboard summaries are aggregated or cohort-based and are not designed to display debt names, balances, income, report content, private Ask questions, or raw visitor IP lists.
- Public tool usage analytics: standalone public tools such as Can I afford it? may record first-party usage events such as tool page viewed, check started, result generated, broad commitment category, broad result band, device/browser, referrer, screen-size bucket, and approximate IP-derived geography. These events are not designed to store exact dollar amounts entered in the tool or free-form private labels typed by visitors. Underlying request, security, and reliability records can include IP address, user agent, device/browser details, and coarse geography.
- Server logs and AWStats summaries: ordinary server access logs and processed AWStats summaries are used for security, reliability, traffic health, and basic public-site measurement. These records may include request metadata such as IP address, Cloudflare request headers, browser/user-agent, timestamp, requested URL, referrer, status code, bandwidth, and robot/crawler indicators. Admin traffic summaries are designed not to expose raw visitor IP lists. Server access records and processed summaries may be accessed securely by Oll Korrekt LLC’s international operators only for application security, system optimization, reliability, and monitoring traffic health.
- Not used: marketing pixels, retargeting tags, and authenticated heatmaps/session replay.
MyDebtLens may use Cloudflare or similar security/proxy infrastructure to protect the site, terminate HTTPS, route traffic, and improve log accuracy. Optional public analytics choices do not turn off security, reliability, or server-log processing that is necessary to operate the service.
Public and official reference data
Personal projections are based on your own APRs, balances, payments, income, expenses, savings, and the app’s deterministic payoff calculations. MyDebtLens may use official or methodologically documented public data for context and comparisons. That data does not replace your actual figures.
Reference data is not a substitute for your own statements, lender terms, bills, local conditions, or professional advice. Cost-of-living context must be identified by its source; the current fallback is curated MyDebtLens context and should not be described as official BEA data unless source metadata proves that BEA data is being used.
How information is used
- To create debt overviews, scenario comparisons, calendar views, reminders, reports, and exports.
- To keep saved profiles, selected routes, saved reports, billing status, and account settings available.
- To manage support, referral, partner attribution, and requested service communication workflows.
- To enforce plan limits, access rules, report generation limits, and saved-report retention settings.
- To diagnose errors, prevent misuse, secure the service, and respond to support requests.
- To create privacy-safe aggregate/community or partner trends when settings, thresholds, and applicable rules allow it.
Sharing, providers, and partner boundaries
We do not sell personal debt data to advertisers. We share information only when needed to operate the service, protect the app, comply with legal obligations, process payments, provide support, manage requested service communications, or deliver a feature you chose.
Because Oll Korrekt LLC operates a digital service with international administration and third-party infrastructure, information may be hosted, processed, transferred, stored, or accessed in the United States and in other countries where the LLC’s operators, administrators, contractors, or service providers are located. This cross-border processing is used to operate, support, secure, troubleshoot, and improve MyDebtLens.
Service providers may include hosting, email, analytics, payment, storage, calendar, security, and AI infrastructure providers. Payment details may be handled by a payment processor such as Stripe; MyDebtLens does not store full card numbers on its own servers.
Saved information is account-protected. Ordinary admin screens restrict sensitive details and sensitive actions are audited, but the current administrative boundary is a restricted owner-admin model, not developed multi-role role-based access control. Authorized operators with sufficient server, database, application, and encryption-key access could technically access or decrypt relevant records when needed to operate, secure, support, or comply with law.
Partner organizations, including credit unions or other sponsors, do not receive individual debt details by default. Partner reporting may include aggregate, threshold-protected usage and engagement summaries, referral attribution, pilot participation counts, and broad feature adoption. It is designed not to include individual debt names, balances, creditor names, income, private reports, Ask conversations, or identifiable member-level planning behavior unless a separate, clear consent flow is provided.
AI, reports, and evidence logs
Ask MyDebtLens is optional and currently uses DeepSeek through its API. When you activate it, MyDebtLens may send your question and relevant saved planning context selected for that request. The context can include debt labels, balances, APRs, minimum payments, income, expenses, savings, a saved first or household name, ZIP-based location context, and deterministic payoff results. MyDebtLens does not intentionally add the account email, internal user ID, Stripe identifiers, or Google identifiers to the AI prompt.
Core payoff calculations, Scenario Lab results, Can I Afford It? results, calendars, charts, and report figures are deterministic and do not require AI. AI explanations cannot change stored data, make payments, contact creditors, alter subscriptions, connect integrations, or take autonomous action.
Questions and responses may be stored by MyDebtLens under configured transcript-retention, security-hold, and restricted-evidence rules. DeepSeek’s own retention and processing are governed by its API terms and account settings; MyDebtLens does not promise provider zero retention or no training without separate verification.
Do not enter Social Security numbers, full financial-account numbers, payment-card numbers, government ID numbers, passwords, real names that are not needed, or other unnecessary personal identifiers into Ask MyDebtLens, report titles, workbook names, debt labels, support messages, or other free-text fields. Oll Korrekt LLC does not require or verify real-world identities to provide debt-planning models, and users are responsible for unnecessary identifiers they voluntarily submit into interactive text fields.
For restricted situations such as chargebacks, legal requests, security incidents, abuse/resource misuse, prompt-injection attempts, or support escalation, MyDebtLens may keep restricted transcript evidence. Access to those records is intended to be limited, reason-captured, audited, and retained only as long as needed.
Generated reports are account-protected unless you choose to share them. Saved report limits and retention windows may vary by plan, and downloaded files should be protected by you after they leave the workspace.
Your choices and controls
- You can update saved balances, APRs, payments, due dates, income, expenses, and scenario assumptions inside the app.
- You can delete saved reports when you no longer need them or when you need to free a saved-report slot.
- You can disconnect calendar integrations where connection controls are available.
- You can manage optional cookie/analytics choices from the public footer or consent banner.
- You can opt out of future anonymized aggregate public/community reports from the authenticated privacy controls where that setting is available.
- You can request account support, correction, export, or deletion by contacting MyDebtLens.
An account-deletion request enters a grace period, currently 30 days, during which restoration may be possible. After the grace period, the account becomes eligible for the permanent-purge workflow. Limited billing, security, legal, consent, provider, restriction, deletion-receipt, log, and backup records may remain for their applicable retention periods. MyDebtLens does not promise immediate deletion from every provider or backup.
Security and retention
MyDebtLens uses authentication, application-level encryption for many sensitive debt and household-planning fields, restricted owner-admin access, restricted transcript retrieval, audit logging for sensitive admin actions, and transport security for requests. MyDebtLens is not end-to-end encrypted. Not every operational field, analytics record, billing field, generated report, workbook, or exported file is separately encrypted by the application. Authorized operators with sufficient server, database, application, and encryption-key access could technically access or decrypt relevant records.
No online service can guarantee perfect security. You should use a strong password, protect your email account, and avoid sharing report files with people who should not see your financial information.
Retention periods may differ by data type. Saved reports, usage logs, security evidence, consent records, server logs, and aggregate analytics can have different retention windows depending on operational, legal, and product needs.
Children and intended users
MyDebtLens is intended for adults managing their own financial obligations. People under 18 may not create an account, subscribe, or use the authenticated service. MyDebtLens is not directed to children under 13 and does not knowingly collect personal information directly from children under 13.