Debitura

Data Processing & Security Overview

Debitura is committed to protecting the personal data of our clients, their customers, and debtors. This page explains how we handle data, who we share it with, and how you can exercise your rights.

How Debitura processes data

Debitura is a debt collection platform that connects creditors with local collection agencies and law firms in 183 countries. When you use Debitura, personal data flows through our platform to facilitate the collection process.

In simple terms:

  • You (the creditor) upload claim and debtor information to Debitura
  • Debitura securely stores and transmits this data to the appropriate collection partner
  • The collection partner uses this data to recover the debt on your behalf

Each party has specific responsibilities under data protection law.

Roles under GDPR

Party Role Responsibility
Client (Creditor) Data Controller Determines why and how personal data is processed. Responsible for having a legal basis to share debtor data.
Debitura Data Processor Processes data on behalf of the client. Implements security measures and assists with data subject requests.
Collection Partner Independent Data Processor Processes data on behalf of the client to perform collection activities. Operates under their own data protection obligations.

What data we process

Debtor information:

  • Name and contact details (address, email, phone)
  • Invoice and claim details (amounts, due dates, reference numbers)
  • Communication history related to the collection case
  • Business identifiers (company registration numbers)

Client user information:

  • Full name and contact details of users managing cases
  • Login credentials and activity logs

We do not process special categories of personal data (health, religion, political opinions, etc.) unless strictly necessary and explicitly provided by the client.

Security measures

We take the security of your data seriously. Our key measures include:

  • Encryption: All data is encrypted in transit (TLS) and at rest
  • Hosting: Data is hosted on Microsoft Azure within the European Union
  • Access control: Only essential personnel have access to personal data
  • Staff training: All team members receive data protection training
  • Monitoring: We maintain logs and monitor for unauthorized access
  • Incident response: Documented procedures for identifying and responding to breaches

Subprocessors

Debitura uses the following third-party service providers to deliver our services. This list is kept up to date and was last reviewed on February 2026.

Subprocessor Purpose Location
Microsoft Azure Cloud hosting and infrastructure EU (Netherlands)
SendGrid (Twilio) Transactional email delivery USA*
Google Workspace Internal communication and support USA*
OpenAI AI-assisted features USA*
Airtable CRM and operational data management USA*
PDF.co PDF generation and document processing USA*
Zapier Workflow automation USA*
QuickBooks Online (Intuit) Accounting integration (invoice import) USA*
Zoho Books Accounting integration (invoice import) USA*

Data Processing Agreement

If you are a Debitura client, you can generate and sign a Data Processing Agreement (DPA) directly in the platform. The DPA defines our obligations as your data processor and ensures compliance with GDPR.

Generate your DPA in the Debitura platform →

For debtors

Debitura is a platform used by creditors to manage their debt collection process. We do not contact debtors directly. If you have received communication about an outstanding debt, it will have come from a local collection agency or law firm – not from Debitura.

However, your data may pass through our platform as part of the collection process. If you have questions or wish to exercise your data protection rights:

Your rights:

You have the right to:

  • Access the personal data held about you
  • Correct any inaccurate information
  • Object to processing in certain circumstances
  • Request deletion where legally applicable

Who to contact:

  1. The collection agency or law firm that contacted you – they are handling your case directly
  2. Your original creditor – they are the data controller and determined that your data should be processed
  3. Debitura – if you cannot reach the above parties, contact us at privacy@debitura.com and we will help direct your request

Please note: As a platform provider, we process data on behalf of creditors. Requests such as deletion may require the creditor's approval, and some data must be retained for legal reasons related to the debt collection process.

Data retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Active cases: Data is retained while the collection case is ongoing
  • Closed cases: Data is retained for up to 10 years for legal and compliance purposes
  • Account deletion: When a client deletes their account, all associated data is permanently removed within 30 days, unless retention is required by law

Contact us

For any questions about how we handle personal data, or to exercise your data protection rights:

Data Protection Contact:


 Lars Holdgaard
Email: privacy@debitura.com

Company details:
Debitura LLC

300 Delaware Ave

Ste 210 #557

Wilmington, DE 19801

Related documents

Last updated: February 2026