Privacy Policy

1. Introduction

Welcome to CoverLedger ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Certificate of Insurance (COI) tracking platform and related services (collectively, the "Service").

By accessing or using our Service, you agree to this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide when using our Service:

• Account Information: Name, email address, company name, phone number, and password
• Business Information: Company details, insured information, policy data
• Uploaded Documents: Insurance certificates, policy documents, and related files
• Communication Data: Messages, support requests, and feedback

2.2 Automatically Collected Information

When you access our Service, we automatically collect:

• Usage Data: Pages viewed, features used, time spent, click patterns
• Device Information: Browser type, operating system, device identifiers
• Log Data: IP address, access times, error logs
• Cookies and Tracking: Session data and preferences (see Section 7)

3. How We Use Your Information

We use collected information for the following purposes:

• Service Delivery: Process documents, track policies, send expiration alerts
• AI Processing: Extract data from insurance documents using artificial intelligence
• Communication: Send notifications, updates, and support responses
• Improvement: Analyze usage patterns to enhance features and user experience
• Security: Detect fraud, prevent abuse, and maintain platform security
• Compliance: Meet legal and regulatory obligations
• Business Operations: Billing, customer support, and service administration

4. Third-Party Services

We use trusted third-party service providers to operate our Service:

• Supabase: Database hosting, authentication, and file storage
• OpenRouter/Anthropic: AI-powered document parsing (Claude 3.7 Sonnet)
• Resend: Transactional email delivery
• Vercel: Application hosting and delivery

These providers have access to your information only to perform tasks on our behalf and are obligated to protect your data in accordance with their privacy policies and applicable laws.

5. Data Storage and Security

We implement industry-standard security measures to protect your information:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication with password hashing
• Row-level security and access controls
• Regular security audits and monitoring
• Data backup and disaster recovery procedures

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy. Specifically:

• Account Data: Retained while your account is active
• Documents: Retained according to your data retention settings
• Usage Logs: Typically retained for 90 days
• Legal Requirements: Some data may be retained longer if required by law

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

• Essential Cookies: Required for authentication and core functionality
• Preference Cookies: Remember your settings and choices
• Analytics Cookies: Help us understand how you use the Service

You can control cookies through your browser settings, but disabling certain cookies may affect Service functionality.

8. Your Privacy Rights

Depending on your location, you may have the following rights:

8.1 General Rights

• Access: Request a copy of your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal information
• Portability: Receive your data in a portable format
• Objection: Object to certain types of processing
• Restriction: Request restriction of processing

8.2 California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect and how it's used
• Right to delete personal information (subject to exceptions)
• Right to opt-out of the sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising CCPA rights

To exercise these rights, please contact us at legal@coverledger.net.

9. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable data protection laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: