Plain-language explanation of how DebtShift keeps your information safe. No jargon, no fine print โ just what you need to know.
Every piece of information you share with DebtShift is encrypted โ in transit and at rest. We take this seriously.
How we protect you
We use bcrypt with a unique salt per user. Your actual password is never stored anywhere โ only a one-way mathematical hash of it. Even if someone got access to our database, they couldn't reverse-engineer your password.
Every connection to DebtShift is encrypted using TLS 1.2+. Your data is scrambled between your browser and our servers. Nobody on the same Wi-Fi network, no ISP, no network operator can see what you're sending us.
Session tokens are stored in encrypted Postgres-backed storage, not in memory or temporary files. They're HTTP-only (JavaScript can't read them) and bound to secure connections only.
Everything stored in our database is encrypted at the file level. Your personal information (name, email, shift history, earnings) is protected even if someone physically accessed our servers.
DebtShift doesn't run ads, doesn't use third-party trackers, and doesn't sell your data. Period. We make money from the platform, not from your personal information.
You can delete your account at any time and we remove your personal data within 30 days. Contact privacy@debtshift.com if you need to exercise this right or have any questions.
Current security status
TLS 1.2+ enforced on all connections
bcrypt password hashing (cost factor 10)
HTTP-only secure session cookies
Found a security issue? Email security@debtshift.com โ we take all reports seriously.