Privacy Policy

Last Updated: January 4, 2026

1. Introduction

This Privacy Policy describes how COI Autopilot ("we," "us," or "our") collects, uses, and shares information when you use our Service. By using the Service, you consent to the practices described in this Policy.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, name, password (encrypted)
• Payment Information: Billing details processed by third-party payment processors (we do not store credit card numbers)
• Documents: Certificate of Insurance files you upload for analysis
• Communications: Messages you send to us

2.2 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent, actions taken
• Device Information: IP address, browser type, operating system, device identifiers
• Cookies and Similar Technologies: We use cookies to maintain sessions and improve user experience
• Log Data: Server logs, error reports, performance metrics

3. How We Use Your Information

We use collected information to:

• Provide, maintain, and improve the Service
• Process your COI documents using AI analysis
• Process payments and manage subscriptions
• Send service-related communications and updates
• Respond to your requests and customer support inquiries
• Monitor and analyze usage patterns and trends
• Detect, prevent, and address technical issues and fraud
• Comply with legal obligations

4. Third-Party Services

We use the following third-party services that may collect and process your data:

• OpenAI: AI analysis of COI documents (subject to OpenAI's privacy policy)
• Supabase: Database and authentication (subject to Supabase's privacy policy)
• Stripe: Payment processing (subject to Stripe's privacy policy)
• Vercel: Hosting and infrastructure (subject to Vercel's privacy policy)
• SendGrid: Email delivery (subject to SendGrid's privacy policy)
• Sentry: Error tracking and monitoring (subject to Sentry's privacy policy)

We are not responsible for the privacy practices of these third parties. Please review their privacy policies directly.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

• Service Providers: With third parties that perform services on our behalf
• Legal Requirements: When required by law, subpoena, or government request
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Protection of Rights: To protect our rights, property, or safety, or that of others
• With Your Consent: When you explicitly authorize us to share information

6. Data Security

We implement reasonable security measures to protect your information. However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data. You use the Service at your own risk.

Security measures include:

• Encrypted data transmission (HTTPS/TLS)
• Encrypted password storage
• Secure cloud infrastructure
• Regular security updates and monitoring

7. Data Retention

We retain your information for as long as your account is active or as needed to provide services. We may retain certain information after account closure as required by law or for legitimate business purposes.

• Account Data: Retained while your account is active
• COI Documents: Stored until you delete them or close your account
• Usage Logs: Typically retained for 90 days
• Payment Records: Retained as required by law (typically 7 years)

8. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

• Access: Request a copy of your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your personal information
• Export: Request a portable copy of your data
• Opt-Out: Unsubscribe from marketing communications
• Account Closure: Delete your account at any time

To exercise these rights, contact us at privacy@coiautopilot.com. We will respond within 30 days.

9. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect information from children. If you become aware that a child has provided us with personal information, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using the Service, you consent to such transfers.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected and how it is used
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising privacy rights

12. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have rights under the General Data Protection Regulation:

• Legal basis for processing: Consent, contract performance, legitimate interests
• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority
• Right to object to processing based on legitimate interests

13. Do Not Track

We do not currently respond to "Do Not Track" signals from browsers. Third-party services we use may track your browsing activities across different websites.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated Policy and updating the "Last Updated" date. Continued use of the Service after changes constitutes acceptance of the updated Policy.

15. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you as required by applicable law. However, we do not guarantee the security of your data and cannot be held liable for unauthorized access.

16. Contact Us

For questions, concerns, or requests related to this Privacy Policy or your personal information, contact us at:

• Email: privacy@coiautopilot.com
• Subject Line: "Privacy Request"