diol
Log inRequest access

Privacy Policy

Last updated: June 2026

This policy explains what diol collects, how we use it, and the choices you have. diol is a United States-only business-to-business product; we process data to provide the invoice-recovery features you direct.

1. Our role

For your account information (the data about you and your organization), diol is the controller. For your customer and invoice data, you are the controller and diol acts as your processor / service provider — we handle that data only to provide the Service, on your instructions, and not for our own purposes.

2. Information we process

  • Account data: your name, email, organization, and role.
  • Customer & invoice data: imported from QuickBooks or Stripe, or entered by you — customer business contacts, invoice amounts, due dates, payment status, and consent flags.
  • Communications: the emails, texts, and call transcripts and recordings generated through the Service, plus delivery and outcome metadata.
  • Connection tokens: OAuth tokens for connected services, encrypted at rest (AES-256-GCM).
  • Usage & log data: limited technical logs (e.g., device, IP, and actions taken) used to operate and secure the Service.

3. How we use it

  • To generate and send outreach in your business’s name.
  • To track recovery, promises-to-pay, and dashboard metrics.
  • To enforce consent, quiet hours, and opt-outs.
  • To provide support and to operate, secure, and improve the Service.

We do not sell or share your personal information, and we do not use your customer data for advertising.

4. AI processing

To draft messages and call scripts, diol sends the relevant context (such as an invoice summary and customer name) to our AI provider, Anthropic, via its API. Anthropic does not use data submitted through its API to train its models. AI is used to assist your outreach; you review and control what is sent.

5. Subprocessors

We share data only as needed with service providers who process it on our behalf: Supabase (database and authentication), Anthropic (message generation), Twilio (SMS), Retell (voice), Resend (email), Stripe (billing), and Intuit (QuickBooks). Each is bound to protect the data and use it only to provide its service.

6. Cookies

We use only essential cookies and similar storage needed to keep you signed in and to remember preferences such as your light/dark theme. We do not use third-party advertising or cross-site tracking cookies.

7. Call recordings

Where calls are recorded, recordings are made for quality and record-keeping. In all-party-consent states the recording disclosure is always played, and the automated nature of the call is always disclosed at the start of the call.

8. Security

Row-level security isolates every organization’s data; OAuth tokens are encrypted at rest; webhooks are signature-verified; access requires authentication; and sensitive actions are written to an audit log. No system is perfectly secure, but we work to protect your data using appropriate safeguards.

9. Data retention

We retain data for as long as your account is active or as needed to meet legal obligations, resolve disputes, and enforce our agreements. On termination we delete or de-identify your data within a reasonable period, except where retention is legally required.

10. Your rights & choices

Depending on your state (for example, under the California Consumer Privacy Act), you may have rights to access, correct, or delete personal information and to opt out of its sale or sharing — note that we do not sell or share it. To exercise a right relating to your account data, contact privacy@diol.app. Because diol processes end-customer data on behalf of the business that uploaded it, requests about that data should be directed to that business, and we will assist it in responding.

11. International

diol is intended for use in the United States, and data is stored and processed in the United States.

12. Children

The Service is for businesses and is not directed to children. We do not knowingly collect personal information from anyone under 18.

13. Changes

We may update this policy and will revise the date above; for material changes we will provide notice.

14. Contact

Privacy questions or requests: privacy@diol.app.