PRIVACY POLICY
Effective Date: May 17, 2026
Last Updated: May 17, 2026
This Privacy Policy explains how CollectNow Central Europe s. r. o., with its registered seat at Doležalova 3424/15C, 821 04 Bratislava – mestská časť Ružinov, Slovenská republika, IČO: 57 278 555, registered in the Slovak Commercial Register maintained by Mestský súd Bratislava III, Section Sro, Insert No. 192870/B ("CollectNow," "we," "us," or "our") handles personal data when you use our website at collectnow.app and the CollectNow platform and related services (the "Service").
We are the data controller for personal data of our customers and their authorized users. We are a data processor for personal data our customers upload about their debtors and other third parties.
1. Data We Collect
1.1 Information you provide
- Account data: name, email, hashed password, company, role.
- Billing data: billing address, VAT ID, payment method. Payment card details are processed directly by Stripe; we do not store full card numbers.
- Content you upload: invoices, receivables, debtor records, communications, and other documents you submit to the Service.
- Support communications: messages, attachments, and metadata sent to our support channels.
1.2 Information collected automatically
- Usage data: pages visited, features used, timestamps, device and browser information.
- Log data: IP address, request metadata, error reports.
- Cookies: strictly necessary cookies for authentication and session, and optional analytics cookies in aggregated and pseudonymized form.
1.3 Information from third parties — Plaid
When you connect a financial institution via Plaid Link, Plaid acts on your behalf to retrieve information from your bank and transmit it to us. Depending on the institution and the products you authorize, this can include:
- account identifiers, account type, currency, and balances;
- transaction history (date, amount, counterparty, description);
- account holder identity information;
- institution metadata.
We use this data only for the purposes you authorize in CollectNow. In practice that means reconciling incoming payments against your receivables and showing account information in the app. We do not sell data obtained via Plaid, and we do not use it for advertising.
Plaid’s own handling of your data is governed by Plaid’s End User Privacy Policy, available at plaid.com/legal/#end-user-privacy-policy.
You can disconnect any institution from CollectNow at any time in account settings. Disconnecting revokes our Plaid access token. What happens to previously-retrieved data is described in Section 5.
2. How We Use Personal Data
We process personal data for these purposes, on these legal bases under Article 6 GDPR:
| Purpose | Legal basis |
|---|---|
| Provide and operate the Service (account, reconciliation, dashboards) | Contract (Art. 6(1)(b)) |
| Process payments and manage subscriptions | Contract (Art. 6(1)(b)) |
| Comply with accounting, tax, and AML obligations | Legal obligation (Art. 6(1)(c)) |
| Secure the Service, prevent fraud and abuse | Legitimate interests (Art. 6(1)(f)) |
| Send service notifications (security alerts, billing) | Contract / Legitimate interests |
| Send marketing emails or newsletter | Consent (Art. 6(1)(a)), withdrawable at any time |
| Improve the product through aggregated analytics | Legitimate interests |
We do not sell personal data and we do not engage in automated decision-making that produces legal or similarly significant effects on you.
3. How We Share Personal Data
We share personal data only with:
- Sub-processors that run parts of the Service for us under a Data Processing Agreement: hosting (Vercel), our database provider, financial connectivity (Plaid), payments (Stripe), newsletter delivery (Beehiiv, only if you subscribe), and transactional email.
- Professional advisers (accountants, lawyers) bound by confidentiality.
- Authorities when required by law, for example a court order or tax authority request.
- A successor if we are acquired or merged, with notice to you where required.
A current list of sub-processors is available on request from privacy@collectnow.app.
4. International Transfers
Some of our sub-processors are based outside the European Economic Area (EEA), notably Plaid and Stripe in the United States. For those transfers we rely on the European Commission’s Standard Contractual Clauses (SCCs) and, where applicable, the EU–U.S. Data Privacy Framework.
5. Retention
We keep personal data only as long as we need it, then delete or anonymize it. The main retention periods:
- User account data: life of the account plus 30 days.
- Plaid access tokens: deleted on disconnect, account closure, or token revocation, whichever happens first.
- Plaid-sourced financial data: kept while the Item is connected, then up to 90 days after disconnect for reconciliation, unless a legal hold applies.
- Invoices and receivables data: kept for the period required by applicable accounting law, typically 10 years under Slovak and Czech accounting acts.
- Application logs: 30 days. Security / audit logs: 12 months. Backups: 30 days rolling.
6. Your Rights
Under GDPR you have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate or incomplete data.
- Erase your data (“right to be forgotten”), subject to legal retention requirements.
- Restrict or object to certain processing.
- Data portability — receive your data in a structured, machine-readable format.
- Withdraw consent at any time, where processing is based on consent.
- Lodge a complaint with a supervisory authority. In Slovakia that is the Úrad na ochranu osobných údajov SR, in the Czech Republic the Úřad pro ochranu osobních údajů. You can also contact your local EU/EEA authority.
To exercise any right, email privacy@collectnow.app. We respond within 30 days (extendable by 60 days for complex requests, with notice).
7. Security
We use technical and organizational measures appropriate to the risk: encryption in transit and at rest, MFA on production systems, least-privilege access, peer-reviewed code changes, vulnerability monitoring, and a documented incident response process. No system is perfectly secure. If a personal data breach happens, we will notify the competent supervisory authority within 72 hours, and affected users without undue delay where Article 34 GDPR requires.
8. Children
The Service is intended for business use and is not directed to individuals under 18. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact privacy@collectnow.app.
9. Cookies
- Strictly necessary cookies — required for login, session, and security. Always on.
- Analytics cookies — used in aggregated and pseudonymized form. Requires consent in regions where required.
You can manage cookie preferences in your browser settings.
10. Contact
Data controller: CollectNow Central Europe s. r. o., Doležalova 3424/15C, 821 04 Bratislava – mestská časť Ružinov, Slovenská republika, IČO: 57 278 555.
Privacy email: privacy@collectnow.app
General contact: hello@collectnow.app
If you are an end user whose data is processed by a CollectNow customer (for example, a debtor on an uploaded invoice), please contact that customer directly to exercise your rights. We will assist them as their processor.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified by email or in-app notice at least 14 days before they take effect. The “Last Updated” date above indicates the most recent revision.