AutoDebtor
Features
← Legal

Privacy Policy

Last updated: 8 July 2026

This Privacy Policy explains how AutoDebtor ("AutoDebtor", "we", "us") collects, uses, shares, and protects personal data when you use our website at autodebtor.com and our credit-control platform (the "Service"). It should be read together with our Terms of Service, our GDPR notice (which sets out data-protection roles and your rights), and our Security statement.

1. Two roles: your data and your customers' data

AutoDebtor is a business-to-business tool. It handles personal data in two distinct capacities:

  • As a controller — for the personal data of the people who create and administer an AutoDebtor account (our direct customers and their users). We decide how and why this data is processed.
  • As a processor — for the personal data about your customers and contacts (the "debtors") that you upload and instruct us to process on your behalf. You remain the controller of that data. Our respective responsibilities are described in the GDPR notice.

2. Personal data we process

2.1 Account data (we are the controller)

  • Authentication details — your email address and a password. Authentication is handled by Supabase Auth; passwords are stored by Supabase as salted hashes and are never visible to us in plaintext.
  • Organisation profile & settings — your organisation name, the caller identity you configure (e.g. the name and department your calls are made under), your accounts-receivable ("call summary") email address, working hours, timezone, and similar operational settings.
  • Verification & password-reset codes — six-digit codes are generated for email verification and password resets. They are stored only as keyed hashes, are single-use, and expire after a short period.
  • Billing data — if you subscribe to a paid plan or buy minute top-ups, our payments processor (Stripe) creates a customer and subscription record. We store the resulting Stripe customer/subscription identifiers and your plan, quota, and usage status. We do not receive or store full card numbers (see section 4).

2.2 Debtor and invoice data (you are the controller; we are the processor)

When you upload your ledger or add customers, we process the data you provide, which typically includes:

  • Your customers' business/contact names and customer references;
  • Telephone numbers and email addresses used to contact them;
  • Country and timezone;
  • Invoice details — invoice numbers, amounts, currencies, due dates, and any custom fields you include in an import; and
  • Notes and any other information you choose to add.

You are responsible for having a lawful basis to upload this data and to instruct automated calls to the numbers you provide.

2.3 Call data

To place automated collection calls, the Service processes call audio in real time through our telephony and voice sub-processors (see section 3). During and after a call we generate and store a text transcript of the conversation, together with structured outcomes (for example a promise-to-pay date, a payment window, a dispute, a documentation request, a call-back request, or a "wrong number" result), call status and timing metadata, and any items the customer raised that were logged for review. We store the audio we synthesise for the call greeting on a short-lived, per-call basis; we do not build a general store of recorded call audio. Telephony and speech providers process live audio to connect and transcribe the call under their own terms.

3. How we use personal data, and our legal bases

PurposeData usedLegal basis (UK/EU GDPR)
Create and secure your account; authenticate you; verify your email; reset passwordsAccount dataPerformance of a contract; our legitimate interest in securing the Service
Provide the Service — schedule and place calls, run the conversation, record outcomes, send you post-call summary emailsAccount data; debtor & invoice data; call dataPerformance of a contract (with you). For debtor data we act on your documented instructions as processor
Take payment and manage subscriptions and usage quotasAccount and billing dataPerformance of a contract
Operate, monitor, debug, and secure the platform (diagnostic logs and traces, rate limiting, abuse prevention)Account data; call/operational metadataLegitimate interests in a reliable, secure Service
Comply with legal obligations and handle disputesAs requiredLegal obligation; legitimate interests

We do not use your data or your debtors' data for advertising, and we do not sell personal data.

4. Sub-processors and third parties we share data with

We rely on a small number of infrastructure and service providers to run the Service. They process personal data only to provide their part of the Service, under their own terms and security measures. The current providers are:

ProviderFunctionData involved
SupabaseManaged database and authenticationAccount data; debtor, invoice and call data
CloudflareApplication hosting, CDN, and edge/serverless compute (including the streaming call worker)All data in transit; request/operational logs
TwilioTelephony — placing the PSTN call and carrying call audioDebtor phone numbers; live call audio; call metadata
DeepgramSpeech-to-text (transcription of the customer's speech)Live call audio
CartesiaText-to-speech (the agent's voice)The text the agent speaks
OpenAILarge-language-model reasoning that drives the conversationConversation text and the relevant invoice/account context for the call
ResendTransactional email delivery (verification, password reset, call summaries)Recipient email address and message content
StripePayment processing and subscription managementBilling contact and payment details (handled by Stripe)
Plausible AnalyticsPrivacy-friendly, cookieless website analytics (aggregate visit data only)Aggregate usage statistics — no cookies, no cross-site tracking; data processed in the EU

Payment card details are entered directly with Stripe and are not transmitted through or stored by AutoDebtor. Some providers may process data outside the UK/EEA; see the GDPR notice for international-transfer information. We may also disclose data where required by law or to protect our rights, and we may transfer data as part of a corporate transaction (e.g. a merger or acquisition), subject to this policy.

5. How long we keep data

We keep account, debtor, invoice, and call data for as long as your account is active and as needed to provide the Service. Debtor and invoice records, and their associated call transcripts and outcomes, remain available in your account until you delete them or close your account. Verification and reset codes are short-lived and expire automatically. We retain limited billing records where needed to meet legal and accounting obligations.

6. Your choices and rights

You can access and update most account and debtor data directly in the dashboard, and you can delete debtor and invoice records. Depending on where you live, you may have additional rights over personal data we hold about you as a controller (such as access, correction, deletion, restriction, portability, and objection). For debtor data, where we act as processor, requests from data subjects should be directed to the relevant AutoDebtor customer (the controller); we will assist that customer as described in the GDPR notice. To exercise your rights or ask a question, contact us at [email protected].

7. Cookies and local storage

AutoDebtor does not use advertising or third-party analytics cookies, and does not run cross-site tracking. To keep you signed in, our authentication provider stores session information in your browser's local storage; this is essential to the operation of the signed-in application. Clearing your browser storage will sign you out.

8. Children

The Service is a business tool and is not directed to children. We do not knowingly collect personal data from children.

9. Changes to this policy

We may update this policy from time to time. Material changes will be reflected by updating the "Last updated" date above and, where appropriate, by notifying you.

10. Contact

Questions about this policy or our data practices can be sent to [email protected]. If you are in the UK or EEA and are not satisfied with our response, you may lodge a complaint with your local supervisory authority (in the UK, the Information Commissioner's Office).

Related documents

  • Legal overview
  • Privacy Policy
  • Terms of Service
  • Security
  • GDPR
AutoDebtor

AI-powered credit control that automates invoice chasing with intelligent calls, transcripts, and payment tracking.

Product

  • Features
  • Pricing

Company

  • About
  • Careers
  • Press

Resources

  • Contact

Legal

  • Privacy
  • Terms
  • Security
  • GDPR

2026 AutoDebtor. All rights reserved.

Privacy PolicyTerms of Service