Security Protections at a Glance
All communication between your browser and our servers is encrypted with TLS. There is no unencrypted HTTP access — all connections are forced to HTTPS. Your data is never transmitted in plaintext.
Your password is never stored in plaintext. We store only a bcrypt hash — a one-way cryptographic transform — so even if our database were accessed, your actual password could not be recovered. We cannot see your password.
Your security PIN provides a second layer of protection for sensitive account actions. Like your password, it is stored only as a bcrypt hash. We cannot see your PIN. Anyone who gains access to your account credentials would still need the PIN to perform protected actions.
All payment processing is handled entirely by Stripe, which is PCI-DSS Level 1 compliant — the highest level of payment security certification. Your card number, CVV, and expiration date go directly from your browser to Stripe. We receive only a Stripe Customer ID and subscription status; we never see, store, or log your raw payment details.
Our database is hosted on Railway with encrypted storage. Data at rest is protected; your debtor configurations and alert history are not accessible to other users of the platform.
When you log in, you receive a secure session token stored in a cookie. Sessions expire automatically. Logging out invalidates your session token immediately. We log IP addresses at login for security monitoring — if you see an unrecognized login, contact us immediately.
Data Isolation — Your Data Is Yours
Your debtor monitoring configurations, sweep histories, and alert results are associated with your account only. They are not visible to other users of the service, not shared with third parties for any commercial purpose, and not accessible to support staff except in the narrow context of troubleshooting a specific issue you've reported.
If There Is a Security Incident
In the unlikely event of a security incident that affects your personal data, we will notify you in accordance with our Terms of Service and applicable law. Notification will be sent to the email address on your account.
If you discover a security vulnerability in our service, please report it responsibly to Support@TrackMyDebtor.com before disclosing it publicly. We take security reports seriously and respond promptly.
Your Role in Account Security
Our technical security measures only go so far — account security also depends on you:
- Use a strong, unique password. Don't reuse a password from another site. A password manager makes this easy.
- Keep your PIN private. Your 6-digit security PIN is a second factor of protection. Don't share it with anyone, including TrackMyDebtor support — we will never ask for it.
- Don't share account credentials. Each person who needs access should have their own account. Credential sharing reduces accountability and increases exposure.
- Log out on shared devices. If you access your account from a shared or public computer, always log out when you're done.
No security system is 100% guaranteed. We implement industry-standard protections and take security seriously — but no service can promise it will never be affected by a breach. Using a strong, unique password and keeping your PIN private are the most effective steps you can take to protect your account.
For the complete data protection terms, see the Privacy Policy. For a plain-language summary, see Privacy Policy — Help Center Article.
Was this article helpful?