Privacy Policy

Last updated: April 2026

Introduction

SmartCOI ("we", "us", "our") respects your privacy. This policy describes how we collect, use, and protect your information when you use the SmartCOI service.

Information We Collect

Account information

Name, email address, and organization name, provided during registration.

Property and vendor/tenant data

Property names, addresses, vendor and tenant company names, and contact email addresses, entered by users within the application.

Insurance documents

Certificate of Insurance (COI) PDF files uploaded by users or their vendors and tenants through the self-service portal.

Vendor and tenant portal data

When vendors or tenants upload certificates through the self-service portal, we collect the uploaded document and any information extracted from it (company names, coverage details, policy dates). Portal users do not create accounts, but their uploaded documents are stored and processed within the organization's SmartCOI account that issued the portal link.

Usage data

Pages visited, features used, and timestamps, collected automatically to help us improve the service.

Payment information

Payment processing is handled by Stripe. We do not store credit card numbers or full payment details on our servers.

How We Use Your Information

To provide the service

We use your data to extract information from COI documents, check compliance against your configured requirements, and send notifications about coverage gaps and expirations.

AI processing

Uploaded PDF documents are sent to Anthropic's Claude API for data extraction. Anthropic processes the document content to extract structured insurance data.

SmartCOI uses Anthropic's commercial API, which does not use your data to train AI models. Document content is processed in real time and is not stored by Anthropic beyond the duration of the API request, in accordance with Anthropic's API data policies. For full details, see Anthropic's privacy policy.

Email communications

Transactional emails, including compliance notifications, follow-up reminders, and portal upload links, are sent via Resend.

Service improvement

We use aggregated, anonymized usage data to understand how the product is used and to improve its features.

Data Storage and Security

  • Data is stored on Supabase (backed by AWS) with encryption at rest and in transit.
  • PDF documents are stored in Supabase Storage with access controls restricting access to authorized users.
  • We use row-level security to ensure organizations can only access their own data.
  • We do not sell, rent, or share your personal information with third parties for marketing purposes.

Data Retention

  • Account data is retained while your account is active.
  • After account cancellation, data is retained for 90 days to allow for recovery, then permanently deleted.
  • You may request deletion of your data at any time by contacting support@smartcoi.io.

Data Breach Notification

In the event of a data breach that compromises your personal information or uploaded documents, we will notify affected users via email within 72 hours of confirming the breach. Notification will include a description of the breach, the types of data affected, and steps we are taking to address it.

International Data Transfers

SmartCOI's servers and data infrastructure are located in the United States. If you access the service from outside the United States, your data will be transferred to and processed in the United States. By using the service, you consent to this transfer. We apply the same security and privacy protections to all user data regardless of the user's location.

Third-Party Services

SmartCOI relies on the following third-party services to operate:

  • Anthropic — AI-powered data extraction from insurance documents
  • Supabase — Database, authentication, and file storage
  • Stripe — Payment processing and subscription management
  • Resend — Transactional email delivery
  • Vercel — Application hosting and deployment
  • PostHog — Product analytics (anonymized usage patterns, feature adoption, no personal data)

Your Rights

  • Access: You may request a copy of the personal data we hold about you.
  • Correction: You may update your information at any time through the app settings.
  • Deletion: You may request deletion of your account and all associated data.

California residents: Under the CCPA, you have the right to know what personal data is collected, request deletion, and opt out of the sale of personal data. We do not sell personal data.

Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising or tracking cookies.

Children

SmartCOI is a business-to-business service and is not intended for use by anyone under 18 years of age.

Changes to This Policy

We may update this privacy policy from time to time. We will notify users of material changes via email. Continued use of the service after changes take effect constitutes acceptance of the updated policy.

Contact

If you have questions about this privacy policy or your data, contact us at support@smartcoi.io.