Privacy Policy (GDPR) – DebtWise

Effective date: February 28, 2026

Data Controller: Altuğ Nuri ASLANTAŞ

This Privacy Policy explains how DebtWise ("App", "we", "us") processes personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR").

1. What data we process

Debt and payment records you enter: titles, amounts, due dates, notes, payment history, and related financial tracking data.
App settings: reminder preferences, appearance preferences, currency, strategy options, and similar configuration data.
Notification data: local reminder schedules and device notification permission status.
Security settings: whether app lock/biometric protection is enabled. Biometric templates (Face ID / Touch ID) are managed by Apple and are not accessible to us.
Advertising and consent signals: consent choices and ad-related identifiers handled by ad/consent SDKs (for example, Google Mobile Ads / User Messaging Platform) as applicable.
Backup data (optional): if you use backup features, your data may be stored in your personal cloud account/environment selected by the app feature.

2. Purposes and legal bases (GDPR Art. 6)

Provide core app functionality (debt tracking, calculations, reminders): Contract (Art. 6(1)(b)).
Maintain app security (lock/unlock controls): Legitimate interests (Art. 6(1)(f)).
Show personalized/non-personalized ads where required: Consent (Art. 6(1)(a)) where legally required; otherwise legitimate interests where permitted.
Comply with legal obligations: Legal obligation (Art. 6(1)(c)).

3. Data sharing and processors

We do not sell your personal data. We may share limited data with service providers strictly to operate app features, such as:

Advertising and consent services (for ad delivery and GDPR consent handling).
Cloud/backup providers when you explicitly use backup features.
Apple platform services necessary for notifications, security, and app operation.

These providers process data under their own terms and privacy documentation, and where required, under GDPR-compliant safeguards.

4. International transfers

Some service providers may process data outside the EEA. Where applicable, transfers rely on appropriate safeguards, such as Standard Contractual Clauses (SCCs) or equivalent lawful transfer mechanisms.

5. Data retention

Your debt records and settings are kept until you delete them, uninstall the app, or request deletion.
Backup copies remain according to your cloud/backup configuration and provider retention behavior.
Consent records may be retained as needed to demonstrate legal compliance.

6. Your GDPR rights

You have the right to:

Access your personal data.
Request rectification of inaccurate data.
Request erasure ("right to be forgotten").
Request restriction of processing.
Object to processing based on legitimate interests.
Data portability.
Withdraw consent at any time (without affecting prior lawful processing).
Lodge a complaint with your local data protection authority.

To exercise your rights, contact: babysleepdot@gmail.com.

7. Children’s privacy

DebtWise is not intended for children under the age where consent is required by applicable law. If you believe a child has provided personal data, contact us for removal.

8. Security measures

We apply reasonable technical and organizational measures to protect data, including platform security features and optional app lock/biometric access controls. No method of storage or transmission is 100% secure.

9. Changes to this policy

We may update this policy from time to time. Material updates will be reflected by updating the effective date above.

Contact for privacy requests: babysleepdot@gmail.com
Developer: Altuğ Nuri ASLANTAŞ
App: DebtWise