Legal

Privacy policy

How we collect, use, store, and protect information. Plain English where we can, formal where we have to.

Status: This is a working draft pending review by legal counsel before launch. The substance is accurate to how ti3 operates today; the language may be revised by counsel before going public. Last updated 2026-05-02.

The short version

  • We collect what we need to run the service. We don't sell or rent personal information.
  • If you're a ti3 customer (a creditor), we hold your account information, your aging report data, and the communications we send on your behalf.
  • If you're a debtor receiving messages from a ti3 customer, ti3 sees the message metadata (sent/opened/replied) but we never sell or share your data with third parties beyond the original creditor.
  • You can request a copy or deletion of your data by emailing [email protected].

Who this policy covers

This policy applies to (a) visitors to ti3.co, (b) ti3 customers (businesses using the platform to recover invoices), and (c) debtors of ti3 customers who receive communications through the platform. Different sections apply to different groups; we've tried to make it clear who we're talking to in each one.

What we collect

From visitors to ti3.co

Standard web analytics: IP address, browser, pages visited, referrer, time on page. This data is used in aggregate to understand traffic patterns and improve the site. We use two tools:

  • Google Analytics 4. Aggregate traffic and conversion analytics. IP addresses are anonymized. You can opt out using the GA browser opt-out or by enabling Do Not Track / Global Privacy Control in your browser.
  • Microsoft Clarity. Heatmaps and session recordings to understand how visitors use the site. Clarity does not record passwords or sensitive form fields. We use Clarity in aggregate to improve UX. You can opt out via Microsoft's privacy controls.

From ti3 customers

Account information (name, business email, business name, phone), billing information (processed by Stripe; we don't store full card numbers), and the data you upload to run recovery sequences (your aging report, customer/debtor contact details, invoice amounts and dates).

From debtors of ti3 customers

The contact information your creditor uploaded (name, email, phone, mailing address if applicable), invoice details, and your engagement with the messages we send on the creditor's behalf (delivery status, opens, replies, the option you selected if you took action).

How we use information

  • To operate the platform and run recovery sequences as our customers configure them.
  • To bill our customers for the service.
  • To support our customers when they ask for help.
  • To improve the product (in aggregate, never identifying individual debtors to other customers).
  • To comply with legal obligations.

How we share information

  • With our customers (creditors). Debtor data uploaded by a creditor is accessible to that creditor. Standard SaaS pattern.
  • With service providers. Payment processing (Stripe), email/SMS delivery (Resend, Twilio), hosting (Cloudflare), analytics (Google Analytics 4, Microsoft Clarity), error tracking. These providers are contractually limited to the purpose of supporting ti3.
  • For legal reasons. If required by valid legal process. We notify customers when we receive such requests unless we're legally prohibited.
  • Never sold. We don't sell personal data to advertisers, data brokers, or any other third party.

Cookies

We use cookies for: analytics (GA4 and Microsoft Clarity), session management for logged-in customers, and (planned) feature preferences. We don't use third-party advertising cookies. A cookie banner is in development.

Data retention

  • Customer accounts: retained for the life of the account plus 12 months after cancellation, then anonymized.
  • Recovery data (debtor records): retained for the duration of the active sequence plus 24 months for audit purposes, then anonymized. Customers may request earlier deletion.
  • Billing records: retained for 7 years per US tax requirements.
  • Site analytics: retained per Google Analytics defaults (currently 14 months).

Your rights

Depending on your jurisdiction, you may have rights to:

  • Request a copy of the personal information we hold about you.
  • Request correction of inaccurate information.
  • Request deletion of personal information (subject to legal retention obligations above).
  • Opt out of certain processing.
  • Lodge a complaint with a data protection authority.

Email [email protected] for any of these. We respond within 30 days.

Security

We use encryption in transit (TLS) and at rest, role-based access controls, and standard cloud security practices. SOC 2 Type II is in progress as of this writing.

Children

ti3 is a B2B service. We don't knowingly collect information from anyone under 18.

Changes to this policy

We'll update this page when we make material changes and notify customers via email when relevant. Older versions are available on request.

Contact

Captira Analytical, LLC (the operator of ti3.co). Privacy questions: [email protected]. General contact: [email protected].