Privacy
Privacy Policy
Effective date: April 19, 2026
1. Information We Collect
We collect information that you provide directly, information generated by your use of the platform, and limited technical data necessary to operate the service.
- Account information: name, work email, company name, and role when you register or request access.
- Workspace data: debt accounts, contacts, statuses, notes, activity logs, and any content your team creates inside the platform.
- Communications data: records of outreach sent through Debtnote including SMS, email, and call logs, as required to provide the service.
- Usage data: page visits, feature interactions, session duration, and error logs used to improve the platform.
- Device and network data: IP address, browser type, and operating system collected automatically when you access the service.
2. How We Use Your Information
We use the information we collect solely to operate, maintain, and improve the Debtnote platform and to fulfill our contractual obligations to you.
- Provide, secure, and maintain the platform and your account.
- Process and deliver outreach actions you initiate (SMS, email, voice).
- Send transactional communications such as account confirmations, security alerts, and billing receipts.
- Diagnose technical issues, investigate security incidents, and improve platform performance.
- Comply with applicable legal obligations and enforce our Terms of Service.
We do not use your workspace data or client records to train AI models or for advertising purposes.
3. Data Sharing
We do not sell your data. We share information only as described below and only to the extent necessary.
- Service providers: third-party vendors who process data on our behalf (cloud infrastructure, email delivery, telephony) under data processing agreements that restrict their use of your information.
- Outreach providers: SMS and call data is routed through the provider you configure (e.g. Twilio, RingCentral). Their privacy terms apply to that transmission.
- Legal requirements: when required by law, court order, or to protect the rights and safety of users or the public.
- Business transfers: in connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction with notice to you.
4. Data Security
We implement industry-standard technical and organizational measures to protect your data from unauthorized access, disclosure, alteration, and destruction.
- All data is encrypted in transit using TLS and at rest using AES-256 encryption.
- Access to production systems is restricted to authorized personnel and protected by multi-factor authentication.
- Session cookies are HttpOnly, Secure, and SameSite to reduce exposure to cross-site attacks.
- Access logs and audit trails are retained so that unauthorized activity can be detected and investigated.
- We conduct regular security reviews of our infrastructure and application code.
No system is perfectly secure. If you discover a potential vulnerability, please report it to us promptly using our contact page.
5. Your Rights
Depending on your jurisdiction, you may have rights regarding your personal data. You can exercise these rights by contacting us through the contact page.
- Access: request a copy of the personal data we hold about you.
- Correction: request that we correct inaccurate or incomplete data.
- Deletion: request deletion of your personal data, subject to legal retention requirements.
- Portability: request an export of your data in a machine-readable format.
- Objection: object to certain processing activities, including direct marketing.
- Withdrawal of consent: where processing is based on consent, you may withdraw it at any time.
7. Data Retention
We retain your data for as long as your account is active and for a reasonable period afterward to meet legal, audit, and dispute-resolution obligations. Workspace data is retained for the life of your subscription and deleted within 90 days of account closure, unless a longer period is required by law.
8. Policy Changes
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice in the platform at least 14 days before the change takes effect. Continued use of the service after the effective date constitutes acceptance of the updated policy.
9. Contact Us
If you have questions about this Privacy Policy or want to exercise your data rights, please reach out through our contact page. We respond to all privacy inquiries within one business day.