Privacy

Privacy Policy

Effective date: April 19, 2026

1. Information We Collect

We collect information that you provide directly, information generated by your use of the platform, and limited technical data necessary to operate the service.

  • Account information: name, work email, company name, and role when you register or request access.
  • Workspace data: debt accounts, contacts, statuses, notes, activity logs, and any content your team creates inside the platform.
  • Communications data: records of outreach sent through Debtnote including SMS, email, and call logs, as required to provide the service.
  • Usage data: page visits, feature interactions, session duration, and error logs used to improve the platform.
  • Device and network data: IP address, browser type, and operating system collected automatically when you access the service.

2. How We Use Your Information

We use the information we collect solely to operate, maintain, and improve the Debtnote platform and to fulfill our contractual obligations to you.

  • Provide, secure, and maintain the platform and your account.
  • Process and deliver outreach actions you initiate (SMS, email, voice).
  • Send transactional communications such as account confirmations, security alerts, and billing receipts.
  • Diagnose technical issues, investigate security incidents, and improve platform performance.
  • Comply with applicable legal obligations and enforce our Terms of Service.

We do not use your workspace data or client records to train AI models or for advertising purposes.

3. Data Sharing

We do not sell your data. We share information only as described below and only to the extent necessary.

  • Service providers: third-party vendors who process data on our behalf (cloud infrastructure, email delivery, telephony) under data processing agreements that restrict their use of your information.
  • Outreach providers: SMS and call data is routed through the provider you configure (e.g. Twilio, RingCentral). Their privacy terms apply to that transmission.
  • Legal requirements: when required by law, court order, or to protect the rights and safety of users or the public.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction with notice to you.

4. Data Security

We implement industry-standard technical and organizational measures to protect your data from unauthorized access, disclosure, alteration, and destruction.

  • All data is encrypted in transit using TLS and at rest using AES-256 encryption.
  • Access to production systems is restricted to authorized personnel and protected by multi-factor authentication.
  • Session cookies are HttpOnly, Secure, and SameSite to reduce exposure to cross-site attacks.
  • Access logs and audit trails are retained so that unauthorized activity can be detected and investigated.
  • We conduct regular security reviews of our infrastructure and application code.

No system is perfectly secure. If you discover a potential vulnerability, please report it to us promptly using our contact page.

5. Your Rights

Depending on your jurisdiction, you may have rights regarding your personal data. You can exercise these rights by contacting us through the contact page.

  • Access: request a copy of the personal data we hold about you.
  • Correction: request that we correct inaccurate or incomplete data.
  • Deletion: request deletion of your personal data, subject to legal retention requirements.
  • Portability: request an export of your data in a machine-readable format.
  • Objection: object to certain processing activities, including direct marketing.
  • Withdrawal of consent: where processing is based on consent, you may withdraw it at any time.

6. Cookies

We use cookies and similar technologies to operate the platform and maintain your authenticated session. We do not use third-party advertising cookies.

  • Session cookie: an HttpOnly, Secure server-side session cookie that keeps you signed in.
  • Preference cookies: lightweight cookies that remember your UI settings (e.g. theme).
  • Analytics: anonymized usage signals collected without persistent cross-site identifiers.

You can configure your browser to refuse cookies, but doing so may prevent you from signing in to the platform.

7. Data Retention

We retain your data for as long as your account is active and for a reasonable period afterward to meet legal, audit, and dispute-resolution obligations. Workspace data is retained for the life of your subscription and deleted within 90 days of account closure, unless a longer period is required by law.

8. Policy Changes

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice in the platform at least 14 days before the change takes effect. Continued use of the service after the effective date constitutes acceptance of the updated policy.

9. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, please reach out through our contact page. We respond to all privacy inquiries within one business day.