Privacy Policy

Last updated: February 2026

At Cobro, we take your privacy seriously. This policy explains what data we collect, how we use it, and your rights regarding your information.

Information We Collect

Account Information

  • Name and email address
  • Profile photo (optional)
  • Authentication data (encrypted passwords or OAuth tokens)

Organization Information

  • Organization name and logo
  • Currency and timezone preferences
  • Reminder settings

Client Data

  • Client names, phone numbers, and email addresses
  • Payment history and enrollment records
  • Receipt images sent via WhatsApp

Automatically Collected

  • Session data and authentication tokens
  • Audit logs of actions performed in the platform

How We Use Your Data

  • Process and verify payment receipts
  • Match receipts to pending payments using AI
  • Send payment reminders via WhatsApp
  • Generate billing and payment reports
  • Maintain audit logs for accountability
  • Improve our matching algorithms and service

Third-Party Services

We use the following third-party services to operate Cobro:

WhatsApp Business API (Meta)

To receive receipt messages and send payment reminders.

Google AI (Gemini)

To extract payment details from receipt images using computer vision.

Cloud Storage (S3-compatible)

To securely store receipt images and documents.

Google OAuth

To provide secure sign-in via your Google account.

We do not sell your data to any third party.

Data Security

  • Multi-tenant data isolation — each organization's data is strictly separated.
  • Encrypted connections for all data transfers.
  • Secure session management with automatic expiration.
  • Audit logs track all critical actions for accountability.
  • Receipt images are stored with time-limited access URLs.

Your Rights

  • Access your data through the Cobro dashboard at any time.
  • Update or correct your personal and organization information.
  • Delete your account and associated data.
  • Disable payment reminders through organization settings.

Data Retention

We retain your data while your account is active. Deleted client records are soft-deleted and can be restored. Sessions expire automatically after 7 days. You can request full deletion of your account and data by contacting us.

Contact

If you have questions about this privacy policy, contact us at

Contact