Privacy Policy
Last updated: July 11, 2026
1. Who we are
COI Chase("we," "us," or "our") provides a vendor compliance platform for tracking Certificates of Insurance (COI), W-9 forms, licenses, lien waivers, and related documents. This policy explains how we handle personal information when you use our website and services (the "Service").
Questions about privacy: info@coichase.com
2. Information we collect
Account holders (contractors / workspace owners): name, email address, company name, authentication credentials (managed by our auth provider), workspace settings, and usage activity within the Service.
Vendors (upload via magic link): name, email address, uploaded compliance documents, and metadata extracted from those documents (e.g., policy numbers, expiration dates, coverage limits).
Automatically collected: standard server logs (IP address, browser type, pages visited, timestamps), cookies required for login sessions, and error diagnostics needed to operate and secure the Service.
3. How we use information
We use collected information to:
- Provide, maintain, and improve the Service
- Authenticate users and manage workspaces
- Process and review uploaded compliance documents, including AI-assisted field extraction
- Send transactional emails (upload links, expiry reminders, account notices)
- Process subscriptions and billing
- Respond to support requests and enforce our Terms of Service
- Detect abuse, fraud, and security incidents
We do not sell your personal information.
4. AI and document processing
Uploaded documents may be analyzed by third-party AI services to extract structured fields and suggest compliance status. AI output is assistive only — final compliance decisions remain with your organization. Do not upload documents you are not authorized to share.
5. How we share information
We share data only as needed to run the Service, including with:
- Infrastructure & database — hosting, storage, and authentication (e.g., Supabase)
- Email delivery — transactional messages (e.g., Resend)
- Payments — subscription billing via Paddle.com (Merchant of Record). Paddle processes payments and may collect billing contact details; we do not store full payment card numbers on our servers.
- AI providers — document parsing for audit assistance
We may also disclose information if required by law, to protect rights and safety, or in connection with a merger, acquisition, or asset sale (with notice where legally permitted).
6. Data retention
We retain account and document data while your workspace is active or as needed to provide the Service. You may delete vendors and documents from your workspace. If you close your account, contact us to request deletion. We may retain limited records where required for legal, billing, or security purposes.
7. Security
We use industry-standard measures including encrypted connections (HTTPS), access controls, and private document storage. No method of transmission or storage is 100% secure; you use the Service at your own risk and should protect your account credentials.
8. Your rights (US & international users)
Depending on where you live, you may have rights to access, correct, delete, or export personal information, or to opt out of certain processing. California residents may have additional rights under the CCPA. To exercise these rights, email info@coichase.com. We will respond within a reasonable timeframe.
9. Children
The Service is intended for business use and is not directed to anyone under 18. We do not knowingly collect information from children.
10. International transfers
We may process and store information in the United States and other countries where our service providers operate. By using the Service, you consent to such transfers subject to applicable safeguards.
11. Changes to this policy
We may update this Privacy Policy from time to time. We will post the revised version on this page and update the "Last updated" date. Continued use after changes constitutes acceptance of the updated policy.
See also our Terms of Service and Refund Policy.