Privacy Policy

Last updated: February 2026

Introduction

SmartCOI ("we", "us", "our") respects your privacy. This policy describes how we collect, use, and protect your information when you use the SmartCOI service.

Information We Collect

Account information

Name, email address, and organization name, provided during registration.

Property and vendor/tenant data

Property names, addresses, vendor and tenant company names, and contact email addresses, entered by users within the application.

Insurance documents

Certificate of Insurance (COI) PDF files uploaded by users or their vendors and tenants through the self-service portal.

Usage data

Pages visited, features used, and timestamps, collected automatically to help us improve the service.

Payment information

Payment processing is handled by Stripe. We do not store credit card numbers or full payment details on our servers.

How We Use Your Information

To provide the service

We use your data to extract information from COI documents, check compliance against your configured requirements, and send notifications about coverage gaps and expirations.

AI processing

Uploaded PDF documents are sent to Anthropic's Claude API for data extraction. Anthropic processes the document content to extract structured insurance data. Anthropic's data retention policies apply to this processing — see Anthropic's privacy policy for details.

Email communications

Transactional emails, including compliance notifications, follow-up reminders, and portal upload links, are sent via Resend.

Service improvement

We use aggregated, anonymized usage data to understand how the product is used and to improve its features.

Data Storage and Security

  • Data is stored on Supabase (backed by AWS) with encryption at rest and in transit.
  • PDF documents are stored in Supabase Storage with access controls restricting access to authorized users.
  • We use row-level security to ensure organizations can only access their own data.
  • We do not sell, rent, or share your personal information with third parties for marketing purposes.

Data Retention

  • Account data is retained while your account is active.
  • After account cancellation, data is retained for 90 days to allow for recovery, then permanently deleted.
  • You may request deletion of your data at any time by contacting support@smartcoi.io.

Third-Party Services

SmartCOI relies on the following third-party services to operate:

  • Anthropic — AI-powered data extraction from insurance documents
  • Supabase — Database, authentication, and file storage
  • Stripe — Payment processing and subscription management
  • Resend — Transactional email delivery
  • Vercel — Application hosting and deployment

Your Rights

  • Access: You may request a copy of the personal data we hold about you.
  • Correction: You may update your information at any time through the app settings.
  • Deletion: You may request deletion of your account and all associated data.

California residents: Under the CCPA, you have the right to know what personal data is collected, request deletion, and opt out of the sale of personal data. We do not sell personal data.

Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising or tracking cookies.

Children

SmartCOI is a business-to-business service and is not intended for use by anyone under 18 years of age.

Changes to This Policy

We may update this privacy policy from time to time. We will notify users of material changes via email. Continued use of the service after changes take effect constitutes acceptance of the updated policy.

Contact

If you have questions about this privacy policy or your data, contact us at support@smartcoi.io.