Privacy Policy — COI Tracker

1. Introduction

COI Tracker ("we," "us," or "our") operates a web-based certificate of insurance tracking platform. This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your data.

By using COI Tracker, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

Account Information (Business Administrators)

Business name and owner name
Email address and phone number
Password (stored as a secure one-way hash — we cannot read your password)

Contractor Information

Contractor name, company name, and email address
Visitor or job dates submitted with a COI upload

Uploaded Documents

Insurance certificate files (PDFs or images) submitted by contractors
Any documents uploaded by business administrators for their own company COI

Payment Information

Payment processing is handled entirely by Stripe. COI Tracker never sees, stores, or has access to your credit card number or banking information. We retain only your Stripe customer ID and subscription status for billing management purposes.

Usage Data

Pages visited, features used, and general platform activity (no third-party tracking cookies or advertising trackers are used)
Browser type and device information for debugging and compatibility purposes

3. How We Use Your Information

We use the information we collect to:

Provide, operate, and maintain the COI Tracker platform
Send expiration reminder emails to business administrators and contractors when a certificate is approaching its expiration date
Send accept or rejection notifications to contractors when a business administrator reviews a submitted COI
Process payments and manage subscriptions through Stripe
Respond to support requests sent to [email protected]
Diagnose and fix technical issues with the platform
Comply with legal obligations

We do not sell your personal information to third parties. We do not use your data for advertising purposes.

4. Data Storage and Security

Your data is stored on Supabase, which runs on Amazon Web Services (AWS) infrastructure. All data is encrypted at rest and in transit using industry-standard HTTPS/TLS encryption.

COI documents are stored in a private, access-controlled storage bucket. Files are never publicly accessible by URL — downloads require a short-lived signed URL generated specifically for authenticated users. Each business can only access its own data, enforced at the database level through row-level security policies.

While we take commercially reasonable steps to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Third-Party Services

We use the following third-party services to operate the platform. Each has its own privacy policy governing its handling of data:

Service	Purpose	Data Shared
Stripe	Payment processing and subscription management	Email address, billing information
Resend	Transactional email delivery (expiration alerts, notifications)	Recipient email addresses, email content
Supabase	Database, authentication, and file storage	All platform data (stored on Supabase's AWS infrastructure)

We do not integrate with advertising networks, social media trackers, or analytics platforms that profile individual users.

6. Data Retention

We retain your account data and uploaded documents for as long as your subscription is active. If you cancel your subscription, your data is retained for a grace period of 90 days, during which you may request a full export of your data.

After the 90-day grace period, or upon your written request for deletion, your account data and all associated documents will be permanently deleted from our systems.

To request data export or deletion, email us at [email protected]. We will respond within 30 days.

7. Your Rights

You have the following rights with respect to your personal data:

Access: Request a copy of the personal data we hold about you
Correction: Request correction of any inaccurate or incomplete data
Deletion: Request deletion of your account and all associated data
Portability: Request an export of your data in a common format
Objection: Object to certain types of processing of your data

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Contractor Data

Contractors who submit COI documents through a business's upload link do not create a COI Tracker account. Their name, email, company, and uploaded documents are associated with the business that shared the upload link and are visible only to that business's administrator.

Contractors may contact us at [email protected] to request information about what data is stored about them and to request deletion of that data.

9. Cookies

COI Tracker uses essential session cookies to keep you logged in while using the platform. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. No cookie consent banner is required because we only use strictly necessary cookies.

10. Children's Privacy

The Service is intended for use by businesses and is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a minor, please contact us at [email protected] and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email at the address associated with your account before the changes take effect. Your continued use of the Service after the effective date of the updated policy constitutes your acceptance of those changes.

We encourage you to review this page periodically to stay informed about how we protect your information.

12. Contact

If you have questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:

Email: [email protected]
Website: coi-tracker.netlify.app