Joltly Privacy Policy

Privacy Policy

Privacy Policy
September 29, 2025

‍

Joltly Privacy Policy: Comprehensive Guide to Data Protection, Compliance, and User Rights for B2B SaaS

Joltly’s commitment to transparent data handling underpins every aspect of our AI-powered accounts payable automation, ensuring oil and gas finance teams benefit from both efficiency and iron-clad compliance. This Privacy Policy explains how we collect, use, secure and share user data, outlines your rights under major regulations like GDPR and CCPA, and details our retention and deletion practices. You will learn what personal and financial data we gather, how enterprise-grade security safeguards your information, the lawful bases for processing, third-party disclosure rules, cookie and tracking controls, data retention timelines, and how to reach our Data Protection Officer. By understanding these principles, you gain assurance that Joltly’s platform not only accelerates AP workflows but also upholds the highest standards of user privacy and regulatory compliance.

‍

How Artificial Intelligence is Transforming Accounts Payable Automation

The integration of artificial intelligence into accounts payable automation significantly enhances efficiency, accuracy, and security by automating mundane tasks, detecting fraudulent invoices, and identifying irregular payments. AI-driven solutions provide real-time financial insights, helping organizations manage cash flow and ensure regulatory compliance.

This article highlights how AI transforms AP workflows by improving accuracy, security, and fraud prevention, aligning with Joltly's claims about its AI-powered automation benefiting finance teams with efficiency and compliance.

‍

What Personal Data Does Joltly Collect and How Is It Used?

Joltly collects a range of personal and financial data to deliver, improve and secure our AI AP automation platform while maintaining compliance with global data protection laws, which empowers clients to streamline operations without sacrificing privacy.

‍

Which Types of Personal and Financial Data Are Collected by Joltly?

Below is an overview of the categories of personal and financial information we process to enable accurate invoice handling and customer support.

  • Joltly captures contact details such as full name, business email address, job title, and phone number when you register for a demo or create an account.
  • We process invoice line-item data and payment details (bank account numbers, transaction amounts) to automate accounts payable workflows and reconcile payments.
  • Usage data—including page views, feature interactions, and API call logs—is collected to optimize system performance and refine AI models.
  • Device and network information, such as IP address, browser type, and operating system, support platform security, fraud prevention, and troubleshooting.

Each category of information is fundamental to providing our core service, ensuring you experience accurate processing, timely notifications, and seamless integration with your finance systems.

How Does Joltly Collect Data Through AI-Powered AP Automation and Website Interactions?

Joltly gathers information through multiple methods that combine direct user input with automated technologies to support intelligent invoice processing and a personalised website experience.

  • Direct Submission: Data you enter via sign-up forms, demo requests, and support tickets are stored in encrypted databases.
  • API Integration: When you connect your ERP or accounting software, our AI engine ingests invoice and vendor details to classify, validate and route payments automatically.
  • Cookies and Tracking Pixels: Our website uses strictly necessary, analytical, and marketing cookies to understand your navigation preferences and improve service delivery.
  • Third-Party Sources: We may receive publicly available business contact data and credit ratings from verified industry providers for identity verification and anti-fraud measures.

By combining these collection methods, Joltly ensures that the data powering our AI-driven workflows remains accurate, complete and fully aligned with your operational needs.

‍

For What Purposes Does Joltly Process Your Data?

Joltly processes your personal and financial information under defined lawful bases to deliver superior AP automation, enhance security, comply with legal requirements and inform product improvements.

  • To operate and maintain the AI AP automation platform, including invoice validation, approval routing and payment execution.
  • To improve system accuracy through model training and anonymised analytics, driving continuous cost savings and error reduction.
  • To communicate important updates, alerts and customer support responses related to your account and services.
  • To comply with financial regulations, audit requirements and data protection laws, such as reporting obligations under anti-fraud statutes.
  • To deliver targeted marketing communications about product enhancements, webinars and demo opportunities when consent is provided.

These clear processing purposes ensure that every data point collected by Joltly directly contributes to service delivery, security or regulatory adherence.

‍

How Does Joltly Protect Your Data with Enterprise-Grade Security Measures?

Joltly implements a comprehensive security framework combining technical safeguards and organisational policies that protect user data from unauthorised access, modification or disclosure—empowering finance teams to operate with confidence in our platform’s resilience.

‍

What Technical and Organisational Security Controls Does Joltly Implement?

Security Control

Security Controls

‍

How Is Privacy Embedded by Design in Joltly’s AI AP Automation Platform?

Privacy by design at Joltly means incorporating data minimisation, pseudonymisation and strict access policies from inception through deployment. Our machine learning pipelines use anonymised datasets for training, and default configurations enforce the least-privilege principle—ensuring that only the minimal data necessary for invoice processing is accessed by each system component. This proactive approach embeds compliance throughout our product lifecycle and aligns with international privacy standards.

‍

The Increasing Importance of Privacy-By-Design

Privacy-By-Design is a strategic approach that embeds privacy into the core of products and services from the initial design phase, rather than adding it as an afterthought. This proactive method, encompassing principles like privacy as the default and end-to-end security, is crucial for building user trust and ensuring compliance in the evolving digital landscape.

This research underscores the importance of integrating privacy principles from the outset of product development, directly supporting Joltly's commitment to "Privacy by Design" in its AI AP automation platform.

‍

What Is Joltly’s Incident Response Process for Data Breaches?

In the unlikely event of a security incident, Joltly activates a cross-functional Incident Response Team that follows predefined steps: detection, containment, investigation, notification and remediation. Affected users and regulatory authorities are informed within statutory timelines, detailed root-cause analyses are conducted, and corrective actions are implemented to strengthen our controls and restore trust.

‍

What Are Your Data Privacy Rights Under GDPR, CCPA, and Other Regulations?

Joltly acknowledges your status as a data subject under GDPR, CCPA and similar laws, granting you explicit rights over your personal information—from access and correction to deletion and objection—so you can maintain control and confidence in our data practices.

‍

What Rights Do You Have Under GDPR and UK Data Protection Laws?

Under GDPR and the UK Data Protection Act, you are entitled to:

  • Access the personal data we hold about you and receive a copy in a structured, portable format.
  • Rectify inaccurate or incomplete information to ensure our records remain up to date.
  • Erase your data ("right to be forgotten") when there is no longer a lawful basis for processing.
  • Restrict or object to processing based on legitimate interests or direct marketing.
  • Request data portability to transfer your personal data to another service provider.

These rights ensure transparency and give you full oversight of how Joltly manages your information, building trust in our AI-driven AP services.

‍

How Does CCPA Protect Your Rights as a California Resident?

As a California resident, the CCPA grants you the right to:

  • Know the specific categories of personal data we collect and the purposes for which it is used.
  • Request deletion of your personal information from our records, subject to certain legal exceptions.
  • Opt-out of the sale or sharing of your personal data for targeted advertising.
  • Receive equal service and pricing even if you exercise these rights.

These provisions safeguard Californian users’ data privacy and reinforce our commitment to user autonomy.

‍

How Can You Exercise Your Data Privacy Rights with Joltly?

To submit a data access, correction, deletion or portability request, please email our Data Protection Officer at privacy@joltly.io or use the secure contact form on our website’s privacy portal. We will verify your identity, respond within one month, and, if necessary, explain any lawful reasons for refusal. You may also lodge a complaint with supervisory authorities if you believe your rights have been infringed.

‍

How Does Joltly Share Data with Third Parties and Manage Data Processing Agreements?

Joltly engages trusted service providers under strict contractual terms to support platform operations, and each sub-processor relationship is governed by a comprehensive Data Processing Agreement (DPA) that enforces compliance with applicable data protection laws.

‍

Which Third-Party Service Providers and Sub-processors Does Joltly Use?

We share data with third parties to enable key services:

  • Cloud infrastructure providers for secure hosting and storage.
  • Payment processors for encrypted transaction execution.
  • Analytics platforms for anonymised usage insights.
  • Email service providers for customer communications.

Every partner undergoes rigorous security and privacy due diligence before onboarding, ensuring consistent protection standards across our ecosystem.

‍

What Are Data Processing Agreements and How Does Joltly Ensure Compliance?

A Data Processing Agreement (DPA) is a legally binding contract that outlines each party’s obligations regarding personal data handling. Joltly’s DPAs:

  • Clearly define roles (controller vs processor) and processing purposes.
  • Mandate technical and organisational safeguards aligned with GDPR and CCPA.
  • Require subprocessors to adhere to identical privacy obligations.
  • Allow for audits and termination clauses in cases of non-compliance.

These provisions guarantee uniform protection across all data handlers.

‍

How Does Joltly Handle International Data Transfers?

Transfer Mechanism

Description

Compliance Standard

Standard Contractual Clauses (SCCs)

EU-approved clauses ensuring equivalent safeguards for EU data

GDPR Article 46

EU-US Data Privacy Framework

Voluntary certification for US-based processors handling EU data

Adopted by US Department of Commerce

Binding Corporate Rules (BCRs)

Internal policies for cross-border data transfers within our group

Approved by EU supervisory authorities

These transfer mechanisms uphold the same level of protection no matter where your data is processed.

‍

What Is Joltly’s Policy on Cookies and Tracking Technologies?

Joltly uses cookies and similar technologies to maintain session integrity, gather anonymised analytics and deliver tailored marketing content, all while offering you full control over your preferences.

‍

What Types of Cookies Does Joltly Use and Why?

We deploy three categories of cookies to optimise your experience:

  • Strictly Necessary Cookies – enable core site functions such as login persistence and security validation.
  • Analytical Cookies – collect anonymised metrics on feature usage and system performance to drive continuous improvements.
  • Marketing Cookies – track engagement with promotional content to deliver relevant product updates and demonstration invites.

These cookie categories support essential operations and empower data-driven enhancements without compromising your privacy.

‍

How Can Users Manage and Control Their Cookie Preferences?

You can adjust cookie settings via our cookie consent banner or by accessing the “Cookie Preferences” link in our website footer. From there, you may enable or disable non-essential cookies at any time and revoke prior consent. Browser settings also allow you to block or delete cookies globally, though this may affect site functionality.

‍

How Long Does Joltly Retain Your Data and What Are the Deletion Practices?

Joltly applies retention schedules based on data type and regulatory requirements, and employs secure deletion methods to ensure that personal and financial information is removed when no longer needed.

‍

What Are the Retention Periods for Different Types of Data?

‍

‍

How Does Joltly Securely Delete Data When No Longer Needed?

When retention periods expire or upon valid user request, data is destroyed using certified secure deletion tools that render information irrecoverable. Backup snapshots are also purged in accordance with our backup lifecycle policy, ensuring thorough removal of obsolete records.

‍

How Can You Contact Joltly for Privacy Concerns or Data Protection Requests?

Joltly provides dedicated channels for privacy inquiries and data subject requests to guarantee prompt, transparent support when you need assistance or information.

‍

Who Is the Data Protection Officer (DPO) at Joltly and How Can They Be Reached?

Our appointed DPO is responsible for overseeing compliance with privacy laws and internal policies.

Data Protection Officer: Harrison Chamberlain

Email: support@joltly.io

Phone: 720-877-1966

‍

What Are the Channels for General Privacy Inquiries and Support?

For non-DPO inquiries or technical assistance, please reach out via:

  • Email to support@joltly.io with subject line “Privacy Inquiry”
  • Phone at +1 720-877-1966 (Mon–Fri, 09:00–17:00 GMT)
  • Online contact form available in the Privacy section of our website

Our team will acknowledge your request within 48 hours and guide you through any necessary steps.

‍

Joltly’s Privacy Policy reflects our dedication to safeguarding your data while delivering industry-leading AP automation for the oil and gas sector. We continuously review and update these practices to align with evolving regulations and technological advances. By choosing Joltly, you benefit from transparent data handling, robust security measures and clear rights management—all designed to support operational excellence and peace of mind. To explore how our secure platform can optimise your finance operations, request a personalised demo or sign up for a free trial today.

Let’s TRY!

Chat with Sales

Give Joltly a try and see for yourself if it's a good fit for Saas needs.

Thank you! Your submission has been received!
Oops! Something went wrong!!!
Monthly Contracts
Transparent Pricing
AI Insights
Independent Operator

Ideal for small-scale energy businesses seeking efficient AP automation.

$250.00
Midsize Operator

Designed for energy companies needing advanced AP solutions

$500.00
Get started today

It's time for oil and gas to break up with crappy software.

©2024 Joltly

Privacy PolicyTerms of ServiceCookies Settings