Privacy Policy

Last updated: 26 June 2026

This Privacy Policy explains how simpleIOU ("simpleIOU", "we", "us", "our") collects, uses, shares, and protects your personal data when you use the website at www.simpleIOU.com and any related applications and services (collectively, the "Service"). simpleIOU is a personal money-tracking web app that helps you record IOUs, debts, subscriptions, and similar entries you choose to enter. By using the Service you acknowledge the practices described in this Policy. If you do not agree, please do not use the Service.

1. Who we are & data controller

simpleIOU is a trading name of AI Consultancy Services, the operator of the Service and the data controller responsible for your personal data. The Service is operated from London and is governed by the laws of England and Wales. You can reach us for any data-rights or privacy request via our contact page.

2. Information we collect

Depending on how you use the Service, we may collect the following categories of data:

  • Account email address — used to create and identify your account.
  • Password — hashed and managed by our authentication provider; it is never stored by simpleIOU directly.
  • Display name and profile information you choose to provide.
  • Financial-tracking records you enter — IOUs, debts, subscriptions, and contacts. Please note these records may include the names of third parties that you choose to enter; you are responsible for the information you record about other people.
  • App preferences such as theme and display currency.
  • Technical data such as IP address, device and browser information, and error logs.

3. How we use your information & legal bases

We process your personal data only where we have a lawful basis under the UK GDPR and the GDPR. The bases we rely on are:

  • Performance of a contract — to provide, maintain, and operate the Service and your account.
  • Legitimate interests — to secure, monitor, and improve the Service, and to prevent fraud and abuse.
  • Consent — where applicable, for example for non-essential cookies; you may withdraw consent at any time.
  • Legal obligation — to keep tax and accounting records relating to purchases.

4. Guest mode

You can use the Service without creating an account. In this guest mode, the data you enter is stored only in your browser's local storage on your own device and is never sent to simpleIOU's servers. Because this data lives only in your browser, clearing your browser storage or switching devices will remove it, and we cannot recover it for you.

5. How we share your information & subprocessors

We do not sell your personal data. We share data only with the service providers (subprocessors) that help us run the Service, and only as needed to deliver it:

  • Supabase — database, authentication, and storage hosting.
  • Lovable — application hosting platform.
  • Sentry — error and performance monitoring, which may process technical data and IP addresses.
  • Google — optional Google sign-in, used only if you choose it.
  • Frankfurter (api.frankfurter.app) — a public exchange-rate API used for currency conversion; no personal data is sent to it.

We may also disclose data where required by law or to protect our rights, safety, or property. For more, see our Terms & Conditions.

6. International data transfers

Some of our subprocessors may process data outside the United Kingdom and the European Economic Area. Where personal data is transferred internationally, we rely on appropriate safeguards — such as Standard Contractual Clauses — to ensure your data continues to receive an adequate level of protection.

7. Data retention

We retain your account data for as long as your account is active. When you delete your account, your account data is deleted, either immediately or within a reasonable period afterwards. Error logs are retained only for a limited period.

8. Your rights

Under the UK GDPR and the GDPR, you have the following rights in relation to your personal data:

  • Access — to obtain a copy of the personal data we hold about you.
  • Rectification — to correct inaccurate or incomplete data.
  • Erasure — the "right to be forgotten", to have your data deleted.
  • Restriction — to limit how we process your data.
  • Data portability — to receive your data in a portable format.
  • Objection — to object to certain processing.
  • Withdrawal of consent — where processing is based on consent.

You can exercise any of these rights through our contact page. You also have the right to lodge a complaint with a supervisory authority. In the UK, that authority is the Information Commissioner's Office (ICO).

9. Deleting your account & data

You can delete individual records, such as IOUs and contacts, directly within the app at any time. To delete your entire account and the personal data associated with it, please submit a request via our contact page, subject to the retention obligations described above.

10. Cookies & local storage

The Service uses essential cookies and local storage to support authentication and to remember your preferences. A cookie banner is shown where required, and you can manage your choices through it. If you have any questions about our use of cookies, please reach out via our contact page.

11. Security

We take reasonable measures to protect your data. All data is served over HTTPS, database rows are protected by row-level security scoped to each individual user, and passwords are hashed by our authentication provider rather than stored in plain text. You can read more about our approach on our trust page.

12. Children's privacy

The Service is not directed at children under 16, and we do not knowingly collect personal data from anyone under that age. If you believe a child has provided us with personal data, please contact us so we can take appropriate action.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "last updated" date at the top of this page to reflect the latest version. Your continued use of the Service after an update constitutes acknowledgement of the revised Policy.

14. Contact

Questions about this Privacy Policy or your data? Contact us.