Lender data is the most sensitive asset on our platform. CollectHQ AI is engineered as enterprise collections infrastructure, with security and tenant isolation baked into the architecture rather than bolted on.
Tenant isolation
- Every lender operates inside a logically isolated workspace identified by a tenant ID.
- Database row-level security policies enforce that users only see data belonging to tenants they are explicitly assigned to.
- Platform-owner accounts have controlled cross-tenant visibility for support; all access is auditable.
Secure cloud infrastructure
- Hosted on managed, secure cloud infrastructure with encryption in transit (TLS) and at rest.
- Secrets and service-role credentials are stored in a managed secret store, never in client code.
- Automated backups and point-in-time recovery on the primary database.
Access controls
- Role-based access control across platform_owner, tenant_admin, manager and collector roles.
- Authentication via managed identity provider with email verification.
- Sensitive operations (escalations, role changes, exports) are logged.
Responsible AI
AI-drafted messages and recommendations are presented to collectors for review and approval before being sent to borrowers. The platform is designed to keep a human in the loop on every borrower-facing communication.
Demo-mode disclaimer
Public demo workspaces use synthetic borrower data. They are intended for product evaluation only and must not be used to process real borrower personal data.
Reporting a security concern
Email security disclosures to support@collecthq.ai. We aim to acknowledge reports within two business days.