Back to Home

RepoCollect Privacy Policy

Version: 1.0

Last Updated: February 2026

Effective Date: Upon Account Registration

1. INTRODUCTION

RepoCollect (“Company,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect information you provide through RepoCollect (“Service”), our website, and related services.

This Privacy Policy applies to:

  • All users of RepoCollect (both during pre-launch waitlist phase and active service)
  • Individuals employed by repossession companies using RepoCollect team accounts
  • Visitors to our website

Jurisdiction Note: While this Privacy Policy complies with federal U.S. standards and international practices, we have specifically designed it to meet California Consumer Privacy Act (CCPA) requirements as amended effective January 1, 2026. This policy therefore provides protections applicable to all users regardless of location.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

Account Registration:

  • Name and email address
  • Company/business name and location
  • Job title and role
  • Password (hashed and not stored in plain text)

Subscription and Billing:

  • Billing name and address
  • Payment method information (credit card, ACH, etc.)
  • Billing history and invoice preferences
  • Tax ID or business registration number (if applicable)

Repossession and Collections Data:

  • Job and recovery records (assignment details, status, dates, outcomes)
  • Vehicle data (VIN, make, model, year, color, license plate)
  • Client information (names, contact details, account numbers)
  • Financial data (invoice amounts, payment records, amounts owed, aging data)
  • Collections correspondence (demand letters, payment reminders, escalation records)
  • Debtor information (names, addresses, amounts due) as entered by your organization
  • Notes, comments, and internal records related to jobs

2.2 Information Collected Automatically

Technical Information:

  • IP address and geolocation data
  • Browser type and operating system
  • Device identifier and hardware characteristics
  • Pages accessed and time spent on pages
  • Referring URL and exit pages
  • Links clicked within the Service
  • Error logs and crash reports

Behavioral Data:

  • Features used and frequency of use
  • Report generation and exports
  • Invoice creation and payment tracking actions
  • Search queries and filters applied
  • Account settings changes

2.3 Information from Third Parties

  • Payment Processors (Stripe): Billing information and transaction history
  • Identity Verification Services: Verification results for account confirmation
  • Email Service Providers (Resend): Bounce rates and engagement metrics
  • Business Databases: Company information and industry classification

2.4 Information About Children

The Service is not directed to individuals under age 18. We do not intentionally collect personal information from children. If we learn we’ve collected information from a minor, we will delete it promptly. If you believe we’ve collected information from a child, please contact privacy@repocollect.com immediately.

3. HOW WE USE YOUR INFORMATION

3.1 Service Delivery

We use information to:

  • Provide, maintain, and improve the Service
  • Process and fulfill your subscription
  • Generate invoices, demand letters, aging reports, revenue reports, and client scorecards
  • Store and retrieve your User Data
  • Authenticate your account and verify identity
  • Provide customer support and respond to inquiries
  • Debug, troubleshoot, and optimize Service functionality

3.2 Communication

We use information to:

  • Send transactional emails (receipts, password resets, account confirmations) from support@repocollect.com
  • Send automated payment reminders and collections correspondence from collections@repocollect.com on your behalf
  • Provide technical support and resolve issues
  • Send Service-related announcements
  • Notify you of changes to Terms or policies
  • Respond to your direct communications

3.3 Marketing and Business Development

With your consent, we use information to:

  • Send promotional emails about new features or services
  • Conduct market research and surveys
  • Recommend features or services based on your usage
  • Improve marketing campaigns and measure effectiveness

You may opt out of marketing communications by:

  • Clicking “unsubscribe” in any marketing email
  • Adjusting notification preferences in your account settings
  • Emailing support@repocollect.com

3.4 Compliance and Legal Obligations

We use information to:

  • Comply with laws and regulations (GDPR, CCPA, etc.)
  • Respond to legal requests and court orders
  • Detect and prevent fraud, abuse, and security incidents
  • Enforce these Terms and other agreements
  • Protect the rights, property, and safety of the Company, users, and public
  • Maintain compliance and audit records

3.5 Analytics and Improvement

We use information to:

  • Analyze how the Service is used
  • Identify trends and usage patterns
  • Develop new features and services
  • Improve user interface and experience
  • Measure Service performance and reliability
  • Create aggregated, de-identified reports

4. LEGAL BASIS FOR PROCESSING

We process information based on:

  • Contract Performance: Information needed to provide the Service under your subscription agreement
  • Legitimate Business Interests: Service improvement, fraud prevention, security, analytics, and business operations
  • Consent: Marketing communications, non-essential cookies, and optional features
  • Legal Obligation: Compliance with tax, financial recordkeeping, and other regulations
  • Legal Claims: Defending against claims and enforcing agreements

Sensitive personal information (such as debtor financial data or vehicle identification numbers) is processed only as necessary to provide the Service and with appropriate safeguards. We do not use sensitive personal information for purposes beyond those disclosed in this policy.

5. HOW WE SHARE YOUR INFORMATION

5.1 Third-Party Service Providers

We share information with trusted service providers who process data on our behalf:

Data Hosting and Infrastructure:

  • Supabase: Database hosting, user authentication, data storage (Data Processing Agreement signed; SOC 2 Type 2 certified; GDPR compliant)
  • Vercel: Application hosting, content delivery, CDN services (DPA signed; SOC 2 Type 2 certified)

Payment Processing:

  • Stripe: Credit card information, billing details, transaction history (PCI DSS Level 1 compliant; does not retain full card data on our systems)

Email and Communications:

  • Resend: Transactional emails, payment reminders, demand letters, and notifications sent on your behalf from collections@repocollect.com and support@repocollect.com

All service providers have executed Data Processing Agreements (DPAs) and are prohibited from using your data for purposes other than providing services to RepoCollect.

5.2 Legal Requirements and Enforcement

We may disclose information when required by law or when we believe in good faith that disclosure is necessary to:

  • Comply with applicable law, regulation, or legal process
  • Enforce our Terms of Service and other agreements
  • Respond to valid government requests (warrants, subpoenas, etc.)
  • Protect against fraud and security incidents
  • Protect the safety and rights of RepoCollect, users, and the public

We will provide notice of legal requests when permitted by law.

5.3 Aggregated and De-identified Data

We may share aggregated, anonymized data that does not identify individuals with:

  • Business partners and affiliates
  • Researchers and industry analysts
  • Marketing partners
  • Public reporting (blog posts, whitepapers)

This data cannot be re-identified to you and is used for industry benchmarking and insights.

5.4 Business Transfers

If RepoCollect is involved in a merger, acquisition, bankruptcy, asset sale, or other business transaction, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

5.5 With Your Consent

We do not share personal information beyond the above purposes without your explicit consent. If you consent to sharing information with partners or third parties, such sharing will be disclosed at the point of collection.

6. YOUR PRIVACY RIGHTS

6.1 CCPA/CPRA Rights (California Residents)

California residents have the following rights:

Right to Know: You may request what personal information we collect, use, and share about you.

Right to Delete: You may request deletion of personal information we have collected, subject to certain exceptions (e.g., information needed for legal compliance, fraud prevention).

Right to Correct: You may request correction of inaccurate personal information.

Right to Opt Out: You may opt out of:

  • Sale or sharing of personal information (we do not sell data)
  • Targeted advertising and profiling
  • Automated decision-making technology that produces legal or similarly significant effects

Right to Non-Discrimination: We will not discriminate against you for exercising privacy rights by denying goods or services, charging different prices, providing different levels of quality, or suggesting you will receive different treatment.

6.2 GDPR Rights (EU Residents)

While RepoCollect is a U.S. company, we respect GDPR rights for residents of the European Union and other jurisdictions with similar laws:

  • Right to Access: Request a copy of personal data we hold about you
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request deletion of personal data (“right to be forgotten”), subject to legal obligations
  • Right to Restrict Processing: Limit how we process your data
  • Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format
  • Right to Object: Oppose processing for marketing, profiling, or other purposes
  • Right to Lodge a Complaint: Contact your local data protection authority

6.3 Other U.S. State Privacy Laws

We comply with emerging state privacy laws including:

  • Virginia Consumer Data Protection Act (VCDPA)
  • Colorado Privacy Act (CPA)
  • Connecticut Data Privacy Act (CTDPA)
  • Utah Consumer Privacy Act (UCPA)
  • Montana Consumer Data Privacy Act (MCDPA)

6.4 Exercising Rights

To exercise any privacy right:

  1. Provide sufficient information to identify your account or the data in question
  2. Verify your identity (we may request government ID, account confirmation, or similar)
  3. Specify the right you are exercising
  4. Designate an authorized agent if applicable (we may require power of attorney)

We will confirm receipt within 10 business days and respond within applicable timeframes.

7. DATA RETENTION

7.1 Retention Periods

Active Account:

  • Account information retained while account is active
  • User Data retained for as long as account is active
  • Transaction history retained for 7 years (tax and financial compliance)

Terminated Account:

  • Account metadata retained for 12 months (payment disputes, refund verification)
  • User Data deleted from active systems within 30 days; from backups within 90 days
  • Financial records (invoices, payment records, tax-related data) retained for 7 years per tax and financial compliance requirements
  • Anonymized usage analytics retained indefinitely

7.2 Right to Deletion Exception

Data required for tax or financial compliance; fraud prevention and security; dispute resolution and enforcement; legal obligations; or legitimate business interests is not deleted even if you request deletion. This includes financial records that must be retained for 7 years under applicable tax law.

8. SECURITY AND ENCRYPTION

8.1 Security Measures

RepoCollect implements industry-standard security measures to protect your information:

Data Encryption:

  • In Transit: TLS 1.2+ encryption for all data transmitted to/from the Service
  • At Rest: AES-256 encryption for sensitive data stored on servers
  • User Data: Encrypted at the database layer and in backups
  • Payment Data: Encrypted and not stored by RepoCollect (processed by Stripe, PCI DSS Level 1 compliant)

Access Controls:

  • Role-based access control (RBAC) for employees
  • Two-factor authentication (2FA) available for user accounts
  • Secure password requirements (minimum 12 characters, complexity rules)
  • Session timeouts for inactive accounts
  • Audit logs tracking data access

8.2 Breach Notification

If we discover a breach of personal information, we will:

  • Notify affected individuals without unreasonable delay (within 30 days)
  • Provide information about the breach and mitigation steps
  • Comply with state and federal notification laws
  • Cooperate with law enforcement if applicable

9. COOKIES AND SIMILAR TECHNOLOGIES

RepoCollect uses essential cookies and similar technologies to provide core Service functionality, including session management and authentication. We may also use analytics cookies to understand how the Service is used and to improve the user experience. You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent certain features of the Service from functioning properly.

10. INTERNATIONAL DATA TRANSFERS

10.1 Data Processing Locations

RepoCollect is based in Washington State, USA. Your information is processed and stored in the United States. Our third-party service providers (Supabase, Vercel) may process data in multiple locations globally.

10.2 Transfers from EU/UK/Other Jurisdictions

For individuals in the European Union, UK, or other jurisdictions restricting data transfers:

Legal Mechanisms:

  • Standard Contractual Clauses (SCCs): Our service providers (Supabase, Vercel) utilize approved SCCs
  • Data Processing Agreements: Executed DPAs address data protection for transfers

11. CHANGES TO THIS PRIVACY POLICY

RepoCollect may update this Privacy Policy at any time. Changes become effective upon posting. We will:

  • Notify you of material changes via email
  • Post the update date at the top of this policy
  • Request re-consent if changes materially affect your rights (with 30 days’ notice)

Continued use following notice constitutes acceptance of changes. Review this policy periodically for updates.

12. CONTACT US

For Privacy Questions:
Email: privacy@repocollect.com

General Support:
Email: support@repocollect.com

Legal Inquiries:
Email: legal@repocollect.com

California Residents (CCPA Inquiries):
Email: privacy@repocollect.com

Disclaimer: This Privacy Policy is provided as a general framework and should be reviewed by qualified legal counsel before finalization. It does not constitute legal advice. Privacy laws evolve rapidly; ensure this policy remains compliant with current CCPA, GDPR, and state-specific requirements.