COLLBOX – SECURITY POLICY

Updated as of May 7, 2026

Introduction

CollBox is committed to ensuring the security and privacy of its users’ data. This Security Policy outlines the measures we take to protect user data, including how we collect, store, and use it.

Data Collection and Storage

  • CollBox collects the following types of user data:
    • Company information (contact details, firmographic information, etc.)
    • User details (names, emails, communication preferences, etc.)
    • Customer contact information
    • Invoice and A/R information (dates, amounts, balances, invoice numbers, etc.)
    • Basic matter / case / project information (names, descriptions, types / categories, responsible party / attorney, etc.)
    • Payment preferences
  • CollBox does NOT store sensitive customer payment information like credit card numbers
  • Customer data is stored in exclusively in the United States of America.
    • Sensitive information like passwords, API keys / secrets are encrypted at rest and in transit.
    • Data transferred to / from CollBox is always encrypted in transit.
  • Access to user data is restricted to authorized personnel only.
  • We do not share user data with third parties except as described in our Privacy Policy and Terms of Service.
    • All data shared with third parties is for the following purposes: (1) providing core product functionality, (2) providing auxiliary services explicitly requested by our customers, including relevant 3rd parties (e.g. assigned collection agencies), (3) ensuring quality of service (logging, monitoring, performance analysis, etc.), (4) backing up and securing customer data, (5) data analysis / benchmarking for improving the quality of our product, providing additional information to our users, and / or accumulating (anonymized) industry information, (6) building generalized customer profiles for marketing purposes.

User Authentication and Authorization

  • Users can log in via external Single Sign-On (SSO) systems or via username and password.
    • CollBox cannot restrict or ensure the security of external SSO systems, but only integrates with systems believed to provide strong security guarantees.
    • While strong passwords are ultimately the responsibility of the user, CollBox aims to enforce strong password requirements including a reasonable minimum password length, a strong mix of constituent characters, and avoiding passwords consisting of common English words.
  • User access to sensitive data is restricted based on role and level of authorization.
  • Customers are able to grant access to additional parties including, but not limited to, coworkers and accounting professionals. It is the responsibility of customers utilizing such functionality to ensure they are granting the desired level of access to the correct parties.

Data Sharing and Third-Party Access

  • CollBox may share user data with third-party vendors or partners to provide certain features or services, but only does so in accordance with published policies (e.g. our Privacy Policy and Terms of Service).
  • Third-party vendors and partners are required to adhere to similar security standards as CollBox and are contractually obligated to keep user data confidential.
  • CollBox does not sell user data to third parties.

Security Measures

  • We use a combination of firewalls, encryption, antivirus software, and / or other security tools to protect against unauthorized access, data breaches, and other security threats.
  • Our security measures are regularly reviewed and updated to ensure that they are up-to-date and effective.
  • Security breaches are monitored and tracked and appropriate action is taken in the event of a security incident.

Incident Response and Breach Notification

  • In the event of a security breach, CollBox will take immediate steps to mitigate any damage caused by the breach.
  • Affected users will be notified of the breach and provided with instructions on how to protect their data.
  • CollBox will work with law enforcement and regulatory agencies as necessary to investigate and resolve the breach.

Compliance with Relevant Laws and Regulations

  • CollBox complies with all relevant laws and regulations related to data privacy and security.
  • As a US-based company, CollBox is subject to US-based laws and regulations. CollBox makes no claims of compliance with non-US laws and regulations, and cannot strictly control access to US-based individuals / companies, but aims, at all times, to be a good steward of its customers’ data.

Vulnerability Reports

If you believe you have discovered a vulnerability in CollBox, please email us at security@collbox.co. We will make all efforts to address and remediate reported security matters in a timely manner, and appreciate the efforts of the community in ensuring the ongoing security of CollBox customer data.

Conclusion

CollBox is committed to maintaining the security and privacy of its users’ data. We regularly review and update our security practices to ensure that they are up to date and effective. If you have any questions or concerns about our security practices, please do not hesitate to contact us.

Contact Information

For questions or concerns about this Security Policy or our security practices, please contact us at security@collbox.co