Skip to main content
FeaturesState RequirementsPricingFree COI GraderBlog
Log inStart Free

Privacy Policy

Last updated: April 1, 2026

COIPulse, Inc. (“COIPulse,” “we,” “us,” or “our”) operates the COIPulse platform available at coipulse.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

By using COIPulse, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, company name, job title, and password (stored as a cryptographic hash). We may also collect billing address and phone number if you subscribe to a paid plan.

1.2 Documents You Upload

COIPulse processes Certificate of Insurance (COI) documents that you upload or that your vendors submit through your Vendor Portal link. These documents may contain sensitive insurance data including policy numbers, coverage limits, insurer names, insured business names, and addresses. We process this data solely to deliver the compliance scoring and tracking services you requested.

1.3 Vendor Information

When you add vendors to COIPulse, we store the vendor's business name, contact information, trade category, and compliance requirements you assign. Vendors who upload COIs through a self-service portal link do not create accounts and are not stored as registered users.

1.4 Usage Data

We automatically collect information about how you interact with COIPulse, including pages visited, features used, actions performed, time spent, error logs, and browser/device information. This data is used to improve the product and diagnose issues.

1.5 Communications

If you contact us via email or support ticket, we retain those communications to respond to your requests and improve our support quality.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the COIPulse service
  • Extract and structure data from uploaded COI documents using AI
  • Score vendor compliance against your configured requirements
  • Send expiration alerts, compliance notifications, and product-related communications
  • Process payments and manage subscriptions
  • Improve our AI extraction accuracy and compliance template library
  • Respond to support inquiries and fulfill service requests
  • Comply with legal obligations and protect against fraud

We do not sell your personal data or use your COI documents to train AI models shared with other organizations.

3. Third-Party Services

COIPulse uses the following third-party service providers to deliver our service. Each provider has its own privacy policy and data processing practices.

OpenAI — AI Document Extraction

COI documents you upload are sent to OpenAI's API for AI-powered data extraction. OpenAI processes document content in transit to return structured data. COIPulse has enabled OpenAI's API data opt-out; your documents are not used to train OpenAI models. See OpenAI Privacy Policy.

Stripe — Payment Processing

All billing is handled by Stripe. COIPulse does not store your credit card numbers. Stripe collects payment card information and billing address on our behalf. See Stripe Privacy Policy.

Resend — Transactional Email

We use Resend to deliver expiration alerts, vendor portal invitations, and account notifications to your email address. Email delivery logs are retained for 30 days.

Supabase — Database and Storage

Your account data, vendor records, compliance configurations, and uploaded documents are stored in Supabase-managed infrastructure on AWS (US East region). Data is encrypted at rest (AES-256) and in transit (TLS 1.2+).

4. Data Security

We implement industry-standard security measures to protect your data:

  • All data is encrypted at rest using AES-256 encryption
  • All data in transit is protected with TLS 1.2 or higher
  • Organization-level data isolation — your data is never accessible to other COIPulse customers
  • Role-based access controls within your organization
  • Passwords are hashed using bcrypt and never stored in plain text
  • Access to production systems is restricted to authorized personnel only

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.

5. Data Retention and Deletion

We retain your account data and uploaded documents for as long as your account is active or as needed to provide our services. Specifically:

  • Active accounts: All data retained while your account is in good standing
  • Cancelled accounts: Data is retained for 90 days post-cancellation, then permanently deleted
  • COI documents: Original PDF files and extracted data are deleted when you delete a vendor or cancel your account
  • Billing records: Transaction records may be retained for up to 7 years for legal and accounting compliance

You may request deletion of your account and associated data at any time by emailing privacy@coipulse.com.

6. Your Rights (CCPA / GDPR)

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (right to be forgotten)
  • Portability: Request a machine-readable export of your data
  • Opt-out of sale: We do not sell personal data. California residents may nonetheless submit a Do Not Sell request
  • Restrict processing: Request that we limit how we use your data in certain circumstances

To exercise any of these rights, contact us at privacy@coipulse.com. We will respond within 30 days. We may need to verify your identity before processing your request.

7. Cookies and Tracking

COIPulse uses cookies and similar tracking technologies to operate the service and improve your experience.

Essential cookies

Required for authentication, session management, and core functionality. These cannot be disabled without breaking the service.

Analytics cookies

Used to understand how users interact with COIPulse so we can improve the product. We use privacy-first analytics that do not track individuals across sites or sell data to advertisers.

You can control cookies through your browser settings. Disabling non-essential cookies will not affect your ability to use COIPulse.

8. Children's Privacy

COIPulse is a business-to-business service intended for use by adults 18 years of age or older. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete it promptly.

9. International Data Transfers

COIPulse is operated from the United States. If you are accessing our service from the European Union, United Kingdom, or other regions with data protection laws that differ from US law, your information may be transferred to and processed in the United States.

For EU/EEA users, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the lawful basis for such transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the “Last updated” date. For significant changes, we will also send an email notification to the address on your account.

Your continued use of COIPulse after changes are posted constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

COIPulse, Inc.

Privacy inquiries: privacy@coipulse.com

General: hello@coipulse.com

Website: coipulse.com