Privacy Policy

Last updated: May 15, 2026

Overview

Collectra helps businesses recover outstanding payments with transparent customer communication and secure payment links. This policy explains what data we collect, how we use it, and the choices you have.

Information We Collect
  • Account data: name, email, company workspace details.
  • Customer & transactional data: debts, invoices, payment attempts, statuses.
  • Communication data: emails and support messages.
  • Usage & analytics: logs, performance metrics, and aggregated usage data.
How We Use Your Data

We use data to operate the service, process payments, send collection emails, provide support, and improve product features. We do not sell personal data.

Cookies & Tracking

We use cookies for authentication (HTTP-only), session management, and analytics. Authentication cookies are required to access your workspace and are not readable by JavaScript. Below is a summary of cookies used by Collectra.

NamePurposeRetention
access_tokenHTTP-only auth token for API requestsShort-lived (session)
refresh_tokenLong-lived token to refresh sessions30 days
_collectra_sessionUI preferences and non-sensitive flags1 year
Data Retention & Deletion

We retain account and transactional data as required to provide the service and to meet legal obligations. You can request deletion of your account and associated data by contacting us; some data necessary for accounting or legal reasons may be retained as required by law.

Third-Party Services

We use third-party providers for hosting, email delivery, analytics, and payment processing (for example, Supabase, Stripe, Brevo). These providers have their own privacy practices — we ensure contracts require appropriate data protection.

Your Rights
  • Access and portability of your personal information.
  • Correction of inaccurate information.
  • Request deletion of your account (subject to legal retention requirements).

To exercise your rights, email privacy@collectra.xyz.

Security

We use administrative, technical, and physical safeguards to protect data. We regularly review our practices and maintain access controls for production systems.