Trust
Security & Privacy
This page is maintained by the simpleIOU team to answer common security and privacy questions about the app. It describes the controls that are currently enabled — it is not an independent certification or audit.
Accounts & authentication
Sign-in is handled by our managed authentication provider. We support email/password and Google sign-in. Passwords are never stored by simpleIOU directly — they are hashed and managed by the auth provider.
You can also use simpleIOU without an account. In that case your data lives only in your browser's local storage; clearing site data or switching device will erase it. Create an account to back it up to our database.
Data you give us
We store the records you create — IOUs, debts, subscriptions, contacts — and basic profile information (display name, email). We don't sell your data or use it for advertising.
Every row in our database is scoped to your user account using row-level security. Other users cannot read or modify your records, even via the API.
Free to use
simpleIOU is currently free to use. There are no paid plans, no in-app purchases, and no payment processing on this site.
Analytics — never inside the app
We use Contentsquare analytics to understand how our public marketing pages perform. It loads only on marketing pages (this site's landing, blog, FAQ and similar), and only after you accept it in the cookie banner. Rejecting it means no analytics anywhere.
It never runs inside the app or on the sign-in page — the places where you type names, amounts and credentials. This is enforced in three independent ways: the app's Content-Security-Policy blocks analytics domains outright, entering the app is a fresh page load that leaves any marketing scripts behind, and the loader itself refuses to start on app pages. Your financial data is not observed by any analytics or session-replay tool.
Hosting & infrastructure
simpleIOU is hosted on the Lovable platform. Traffic is served over HTTPS and our database is managed by Supabase. We rely on these providers for at-rest encryption, backups, and infrastructure patching.
Subprocessors
- Lovable — application hosting
- Supabase — database, authentication, storage
- Contentsquare — analytics on marketing pages only, with your consent; never inside the app
Deleting your data
You can remove individual records from the app at any time. To delete your account and all associated records, contact us via the contact page.
Reporting a vulnerability
If you believe you've found a security issue, please reach out through the contact page before disclosing publicly. We'll respond as quickly as we can.
Last updated: June 2026. This page is editable content owned by simpleIOU and is not an independent attestation of compliance with any specific standard.