🔒 Privacy-First Philosophy
The Path Out is built on a simple principle: Your financial data is yours, and yours alone. All debt calculations happen entirely in your browser. We never see, collect, or store your financial information on our servers.
1. Information We Collect
1.1 Financial Data (Client-Side Only)
When you use The Path Out's debt calculator:
- Your debt amounts, interest rates, and payment information are processed entirely in your web browser using JavaScript
- This data is stored locally in your browser's localStorage (encrypted using AES-256-GCM)
- We NEVER transmit this data to our servers
- Only you can access your financial data
- Clearing your browser data will permanently delete this information
1.2 Email Addresses (Optional)
If you choose to save your progress or receive tips, we collect:
- Email address - To send you your debt payoff plan and optional monthly tips
- Signup source - Which feature prompted you to sign up (e.g., "post-calculation modal")
- IP address - For spam prevention and rate limiting only
- Browser information - User agent string for troubleshooting
- Signup date - When you subscribed
What we DO NOT collect:
- ❌ Your debt amounts or financial details
- ❌ Credit card or banking information
- ❌ Social Security Number or tax IDs
- ❌ Payment information (the tool is free)
- ❌ Passwords (we don't have user accounts)
1.3 Analytics Data
We use Google Analytics to understand how people use our app:
- Pages visited
- Time spent on site
- Device type (mobile, desktop, tablet)
- Geographic location (country/city level, not precise location)
- Referral source (how you found us)
Important: Google Analytics is configured with IP anonymization, and we do NOT track individual users across sessions. Your financial calculations are never sent to analytics.
2. How We Use Your Information
| Data Type | Purpose | Storage Location |
|---|---|---|
| Financial calculations | Provide debt payoff plans | Your browser only (localStorage) |
| Email address | Send tips, updates, and your plan | Our MySQL database (encrypted) |
| IP address | Prevent spam and abuse | Our database (hashed) |
| Analytics data | Improve the app experience | Google Analytics servers |
3. Data Storage & Security
3.1 Client-Side Encryption
Your financial data stored in your browser is encrypted using:
- AES-256-GCM encryption - Military-grade encryption
- Web Crypto API - Browser-native, hardware-accelerated encryption
- Unique encryption keys - Generated per-browser, never shared
3.2 Server-Side Security
For email addresses we collect:
- HTTPS/TLS encryption - All data in transit is encrypted
- Prepared statements - Protection against SQL injection
- Rate limiting - Prevents spam and abuse (10 requests/hour, 50/day)
- Firewall protection - Server-level security
- Regular backups - Data protection and recovery
4. Cookies & Tracking
4.1 Essential Cookies
We use minimal cookies for functionality:
- localStorage - Saves your debt plan locally (not a cookie, but similar)
- Session cookies - For CSRF protection on API requests
4.2 Analytics Cookies
Google Analytics uses cookies to:
- Distinguish unique visitors
- Track session duration
- Understand user behavior patterns
You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
4.3 No Third-Party Tracking
We do NOT use:
- ❌ Facebook Pixel
- ❌ Advertising cookies
- ❌ Behavioral tracking scripts
- ❌ Retargeting pixels
- ❌ Cross-site tracking
5. Third-Party Services
The Path Out integrates with the following third-party services:
5.1 Google Analytics
- Purpose: Understand app usage and improve experience
- Data shared: Anonymous usage statistics
- Privacy policy: Google Privacy Policy
5.2 Google reCAPTCHA v3
- Purpose: Prevent spam and abuse on email signup
- Data shared: Browser information, IP address (for bot detection)
- Privacy policy: Google Privacy Policy
5.3 Firebase (Optional Features)
- Purpose: Future features like cloud sync (not currently active)
- Data shared: None at this time
- Privacy policy: Firebase Privacy Policy
5.4 Hostinger (Hosting Provider)
- Purpose: Website hosting and email delivery
- Data shared: Email addresses (for sending emails only)
- Privacy policy: Hostinger Privacy Policy
6. Your Rights (GDPR & CCPA Compliance)
You have the following rights regarding your data:
6.1 Right to Access
You can request a copy of all data we have about you. Email support@thepathout.com with "Data Access Request" in the subject line.
6.2 Right to Deletion
You can permanently delete your data:
- Financial data: Clear your browser's localStorage or use the "Clear All Data" button in the app
- Email data: Use our GDPR deletion tool (requires email verification)
6.3 Right to Unsubscribe
You can stop receiving emails at any time:
- Click "Unsubscribe" in any email we send you
- Visit our unsubscribe page
6.4 Right to Rectification
If your email address changes, you can update it by unsubscribing the old address and re-subscribing with the new one.
6.5 Right to Object
You can object to data processing for marketing purposes. We only send debt-related tips (no product promotions), and you can opt out anytime.
⚖️ California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA). We do not sell your personal information. For CCPA requests, email support@thepathout.com with "CCPA Request" in the subject line.
7. Data Retention
- Financial calculations: Stored in your browser indefinitely (until you clear data)
- Email addresses: Retained until you unsubscribe or request deletion
- IP addresses: Deleted after 90 days (kept temporarily for spam prevention)
- Analytics data: Retained by Google Analytics for 26 months
- Deleted data: Audit trail kept for 1 year (for compliance), then permanently deleted
8. Children's Privacy
The Path Out is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@thepathout.com.
9. International Users
The Path Out is operated from the United States. If you are accessing our service from outside the U.S., please be aware that your information may be transferred to, stored, and processed in the United States.
We comply with:
- GDPR - European Union General Data Protection Regulation
- CCPA - California Consumer Privacy Act
- PIPEDA - Canadian Personal Information Protection and Electronic Documents Act
10. Data Breaches
In the unlikely event of a data breach affecting your email address:
- We will notify you within 72 hours
- We will provide details of what data was affected
- We will explain steps we're taking to resolve the issue
- We will offer assistance in protecting your information
Note: Since your financial data never leaves your browser, it cannot be breached on our servers.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Material changes will be communicated via:
- Email notification to subscribers
- Prominent notice on our homepage
- Banner notification in the app
Continued use of The Path Out after changes constitutes acceptance of the updated policy.
12. Contact Us
Questions, concerns, or data requests? Contact us:
- Email: support@thepathout.com
- Subject Line: "Privacy Inquiry" for fastest response
- Response Time: Within 48 hours for privacy-related requests
For GDPR or CCPA requests, include your email address and specify the type of request (access, deletion, etc.).
✅ Our Promise
We built The Path Out because we believe financial tools should empower you, not exploit you. Your privacy is not a commodity - it's a fundamental right. We will never sell, rent, or share your data with third parties for marketing purposes.