AutoDebtor
Features
← Legal

GDPR & Data Protection

Last updated: 8 July 2026

This notice explains how AutoDebtor approaches the UK GDPR and EU GDPR. It expands on our Privacy Policy and should be read alongside it and our Terms of Service.

1. Controller and processor roles

AutoDebtor processes personal data in two capacities:

  • Controller — for personal data about our own customers and their account users (for example, the email address and organisation details used to register and operate an account).
  • Processor — for the personal data about your customers and contacts (the "debtors") that you upload and instruct us to process. You are the controller of that data and determine the purposes and means of its processing; we act on your documented instructions.

2. When we act as your processor

As processor of debtor data, we commit to:

  • Process debtor data only to provide the Service and on your documented instructions (including operating the calls you schedule);
  • Ensure personnel with access are bound by confidentiality;
  • Apply appropriate technical and organisational security measures (see our Security page);
  • Engage sub-processors only as described below, and impose data-protection obligations on them;
  • Assist you, taking into account the nature of processing, with data-subject requests and with your own security, breach-notification, and impact-assessment obligations; and
  • Delete or return debtor data at the end of the relationship, subject to any legal retention requirements.

You are responsible for establishing a lawful basis for the processing you instruct — including contacting the phone numbers you upload with an automated/AI voice agent — and for providing any notices and honouring any objections or withdrawals of consent required in your jurisdiction.

3. Sub-processors

We use the following sub-processors to deliver the Service. Each processes personal data only for its specific function:

Sub-processorPurpose
SupabaseManaged database and authentication
CloudflareHosting, CDN, and edge/serverless compute (including the streaming call worker)
TwilioTelephony — placing calls and carrying live call audio
DeepgramSpeech-to-text transcription
CartesiaText-to-speech synthesis of the agent voice
OpenAILanguage-model reasoning that drives the conversation
ResendTransactional email delivery
StripePayment processing and subscription management

4. International transfers

Some of our sub-processors may process personal data outside the UK and the European Economic Area. Where personal data is transferred internationally, it must be protected by an appropriate safeguard under UK/EU data-protection law (for example, an adequacy decision, the UK International Data Transfer Agreement, or EU Standard Contractual Clauses). The precise mechanism and each provider's processing locations are confirmed on request.

5. Data-subject rights

Individuals have rights over their personal data, including the rights of access, rectification, erasure, restriction, portability, and objection, and rights relating to automated decision-making.

  • Account users: where we are the controller, you can exercise these rights by contacting us at [email protected]. Much of your account data can also be viewed and updated directly in the dashboard.
  • Debtors / data subjects in uploaded data: where we are the processor, requests should be directed to the relevant AutoDebtor customer (the controller). If we receive such a request directly, we will refer it to that customer and assist them as required.

6. Automated calling and AI

The Service uses an AI voice agent to conduct collection calls and to derive structured outcomes from the conversation. Where you use this feature, you are responsible for meeting any transparency requirements toward the individuals called and for any rules in your jurisdiction on automated or AI-generated calls and on solely-automated decisions. Outcomes generated by the agent are intended to support your credit-control process and should be reviewed by you.

7. Data Processing Agreement

If you require a Data Processing Agreement (DPA) covering our processing of debtor data on your behalf, please contact us at [email protected].

8. Complaints

If you have concerns about how personal data is handled, please contact us first at [email protected]. You also have the right to lodge a complaint with a supervisory authority — in the UK, the Information Commissioner's Office (ICO).

Related documents

  • Legal overview
  • Privacy Policy
  • Terms of Service
  • Security
  • GDPR
AutoDebtor

AI-powered credit control that automates invoice chasing with intelligent calls, transcripts, and payment tracking.

Product

  • Features
  • Pricing

Company

  • About
  • Careers
  • Press

Resources

  • Contact

Legal

  • Privacy
  • Terms
  • Security
  • GDPR

2026 AutoDebtor. All rights reserved.

Privacy PolicyTerms of Service