CollBox is committed to ensuring the security and privacy of its users' data. This Security Policy outlines the measures we take to protect user data, including how we collect, store, and use it.
Data Collection and Storage
- CollBox collects the following types of user data:
- Company information (contact details, firmographic information, etc.)
- User details (names, emails, communication preferences, etc.)
- Customer contact information
- Invoice and A/R information (dates, amounts, balances, invoice numbers, etc.)
- Payment preferences
- CollBox does NOT store sensitive customer payment information like credit card numbers
- Customer data is stored in exclusively in the United States of America.
- Sensitive information like passwords, API keys / secrets are encrypted at rest and in transit.
- Data transferred to / from CollBox is always encrypted in transit.
- Access to user data is restricted to authorized personnel only.
- All data shared with third parties is for the following purposes: (1) providing core product functionality, (2) providing auxiliary services explicitly requested by our customers, including relevant 3rd parties (e.g. assigned collection agencies), (3) ensuring quality of service (logging, monitoring, performance analysis, etc.), (4) backing up and securing customer data, (5) data analysis / benchmarking for improving the quality of our product, providing additional information to our users, and / or accumulating (anonymized) industry information, (6) building generalized customer profiles for marketing purposes.
User Authentication and Authorization
- Users can log in via external Single Sign-On (SSO) systems or via username and password.
- CollBox cannot restrict or ensure the security of external SSO systems, but only integrates with systems believed to provide strong security guarantees.
- While strong passwords are ultimately the responsibility of the user, CollBox aims to enforce strong password requirements including a reasonable minimum password length, a strong mix of constituent characters, and avoiding passwords consisting of common English words.
- User access to sensitive data is restricted based on role and level of authorization.
- Customers are able to grant access to additional parties including, but not limited to, coworkers and accounting professionals. It is the responsibility of customers utilizing such functionality to ensure they are granting the desired level of access to the correct parties.
Data Sharing and Third-Party Access
- Third-party vendors and partners are required to adhere to similar security standards as CollBox and are contractually obligated to keep user data confidential.
- CollBox does not sell user data to third parties.
- We use a combination of firewalls, encryption, antivirus software, and / or other security tools to protect against unauthorized access, data breaches, and other security threats.
- Our security measures are regularly reviewed and updated to ensure that they are up-to-date and effective.
- Security breaches are monitored and tracked and appropriate action is taken in the event of a security incident.