Privacy Policy
Effective Date: March 26, 2026 · Last Updated: March 26, 2026
Website: chaseyourdues.com · Operated by Chase Your Dues · Bengaluru, Karnataka, India
1. Introduction
Chase Your Dues (“we,” “us,” or “our”) is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, store, share, and protect information when you use our automated payment recovery platform (“the Service”).
This policy applies to all users of the Service, including account holders and the clients whose data is processed through the Service. It also applies to recipients of emails sent through our platform — including the IP address and device data we collect when those emails are opened.
We comply with the Digital Personal Data Protection Act, 2023 (DPDPA) of India and applicable data protection regulations. Where our users have clients in the EU or UK, we have considered GDPR requirements in our data handling practices.
2. Data We Collect
2.1. Account Information (Data You Provide Directly)
- Identity Data: Full name, business name, email address.
- Account Credentials: Encrypted password (hashed; we never store plaintext passwords).
- Business Information: Business type, industry, GST number (optional).
- Payment Information: Processed by Razorpay. We retain only a payment token, last four digits of card, and billing address.
2.2. Client Data (Data You Input About Your Clients)
- Client Contact Information: Names, email addresses, phone numbers, business names.
- Invoice Data: Invoice numbers, amounts, due dates, currency, payment status, line items.
- Communication History: Records of emails, SMS, and voice calls sent through the Service.
Important: You are the data controller for your client data. You are responsible for obtaining appropriate consents from your clients.
2.3. Email Open Tracking Data (Third-Party Recipients)
When emails are sent through our platform to your clients, we embed a tracking pixel in each email. When a recipient opens the email, we automatically collect:
- IP address of the device used to open the email.
- User agent string (browser type, operating system, device type).
- Timestamp of the open event.
- Approximate geographic location (city/region level, derived from IP address).
This data is attributed to you (the account holder) as read receipt analytics. The email recipients — your clients — are the data subjects for this tracking data. You are responsible for disclosing this tracking practice to your clients and obtaining any consents required by applicable law.
2.4. Voice Call Recordings
If you use the AI telephonic follow-up feature (Pro plan), we collect call recordings and call metadata (date, time, duration, phone number, outcome). Calls are generated by ElevenLabs AI voice synthesis and are not human-operated. Recordings are stored for quality assurance, dispute resolution, and service improvement.
2.5. Usage and Analytics Data
We automatically collect service usage data, feature interaction logs, device and browser data, and network data (IP address, city-level location) from your use of the platform dashboard and website.
2.6. Cookies and Similar Technologies
We use cookies to maintain your authenticated session, remember preferences, collect analytics, and enable functionality. See Section 9 for details.
3. How We Use Your Data
3.1. Service Delivery
Sending payment reminders, managing records, processing payments, providing tracking, generating AI content, and executing escalation sequences.
3.2. Service Improvement
Analyzing usage patterns, monitoring performance, developing features, and improving AI models (using anonymized data only).
3.3. Communication
Transactional emails, product updates (with opt-out), and support responses.
3.4. Security and Compliance
Detecting fraud, enforcing Terms of Service, and complying with legal obligations.
4. Legal Basis for Processing
- Consent: You provide consent when creating an account.
- Contractual Necessity: Processing required to deliver the Service.
- Legitimate Interest: Service improvement, security, and fraud prevention.
- Legal Obligation: Compliance with tax, accounting, and regulatory requirements.
5. Third-Party Services and Data Sharing
5.1. Razorpay (Payment Processing)
Payment information, billing address, email, and transaction amounts are shared with Razorpay for processing payments and managing subscriptions. Razorpay is RBI-authorized and PCI DSS compliant. We do not store your full card details.
5.2. Resend (Email Delivery)
Recipient email addresses and email content are transmitted to Resend for delivery. Resend also processes open tracking data (see Section 2.3) on our behalf.
5.3. ElevenLabs (AI Voice Synthesis)
The text scripts of AI voice calls are sent to ElevenLabs to generate voice audio (Pro plan only). We do not share client phone numbers or personal identifiers with ElevenLabs — only the script text.
5.4. AI Language Model Provider (Moonshot Kimi)
Invoice context, outstanding amounts, and tone preferences are shared to generate personalized payment reminder messages. We anonymize client names and sensitive identifiers where possible before sending to the AI provider.
5.5. Google Analytics
Anonymized usage data (page views, session data, feature interactions) is sent to Google Analytics to help us understand how users use the product. This data is subject to Google's privacy policy.
We do not sell your personal data or your clients' data to any third party, ever.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 30 days after closure |
| Client and invoice data | Duration of account + 30 days after closure |
| Email open tracking data (IP, user agent) | 12 months from send date |
| Voice call recordings | 90 days from call date |
| Payment and billing records | 7 years (Indian tax law requirement) |
| Usage analytics data | 24 months (anonymized after that) |
| Server logs | 90 days |
7. Data Security
- Encryption in Transit: All data encrypted using TLS 1.2+.
- Encryption at Rest: Sensitive data encrypted at rest in databases.
- Access Controls: Role-based access on a need-to-know basis.
- Authentication Security: Passwords hashed using industry-standard algorithms.
- Infrastructure Security: Hosted on secure cloud infrastructure with regular assessments.
- Monitoring: Security monitoring and logging for unauthorized access detection.
8. Your Rights
8.1. Right to Access
You may request a copy of your personal data. Export is available through Settings.
8.2. Right to Correction
You may update or correct your data through account settings or by contacting us.
8.3. Right to Erasure
You may request deletion of your account. Processed within 30 days, subject to legal retention requirements.
8.4. Right to Grievance Redressal
Contact our Grievance Officer (Section 12) to file a grievance.
8.5. Right to Nominate
Under the DPDPA, you may nominate another individual to exercise your rights in the event of death or incapacity.
8.6. Right to Withdraw Consent
You may withdraw consent at any time. This does not affect prior processing. Withdrawal may limit access to certain features.
9. Cookies
| Type | Purpose | Duration |
|---|---|---|
| Essential/Session | Authentication, CSRF protection | Session |
| Functional | Preferences, theme settings | 1 year |
| Analytics | Google Analytics, Mixpanel | Up to 2 years |
You can control cookies through browser settings. Disabling essential cookies may prevent use of the Service.
10. Data Processing for Client Data
When you input client data, you act as data controller; we act as data processor. You are responsible for having a lawful basis, informing clients, obtaining consent for tracking and recordings, and responding to data subject requests.
11. Children's Privacy
The Service is not intended for individuals under 18. We do not knowingly collect data from children.
12. Contact Information and Grievance Officer
Chase Your Dues — Data Protection
Website: chaseyourdues.com
Location: Bengaluru, Karnataka, India
Email: Available on the website contact page
Grievance Officer: As required under the DPDPA 2023, our Grievance Officer can be reached at the contact above. Grievances are acknowledged within 48 hours and resolved within 30 days.
13. Changes to This Privacy Policy
We may update this policy. For material changes, we will notify you via email at least 30 days before changes take effect. Continued use constitutes acceptance.
14. Compliance Frameworks
14.1. Digital Personal Data Protection Act, 2023 (India — DPDPA)
We comply with the DPDPA and the Information Technology Act, 2000. As a Data Fiduciary, we process personal data only for stated purposes, maintain reasonable security safeguards, and respond to data principal requests within the timelines prescribed by law.
14.2. GDPR Considerations
Our platform is operated from India. If you are an account holder with clients located in the European Union or United Kingdom, you (as the data controller) are responsible for compliance with GDPR when processing their personal data. We act as a data processor on your behalf and can provide a Data Processing Agreement (DPA) upon request.
14.3. Cross-Border Data Transfers
Some of our third-party service providers (Resend, ElevenLabs, Google Analytics) may process data outside India. We ensure such transfers occur under appropriate contractual safeguards and only with providers who maintain industry-standard security certifications.
14.4. Email Open Tracking and Applicable Laws
Email open tracking involves processing IP addresses of email recipients. Depending on your jurisdiction and your clients' jurisdiction, this may require disclosure or consent. We provide the tracking mechanism; you are responsible for compliance with laws applicable to your use, including CAN-SPAM, CASL, GDPR Article 6, and the DPDPA.
By using Chase Your Dues, you acknowledge that you have read and understood this Privacy Policy.