1. Introduction
CoverProof AI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cyber-insurance readiness platform.
2. Information We Collect
2.1 Information You Provide
- Account Information: Name, email address, company name, job title
- Billing Information: Payment card details (processed by Stripe)
- Security Data: Information from connected integrations (Azure AD, Microsoft 365, etc.)
- Questionnaire Data: Insurance questionnaire responses and evidence
- Communications: Support requests and feedback
2.2 Information Collected Automatically
- Usage Data: Features used, pages visited, actions taken
- Device Information: Browser type, operating system, IP address
- Cookies: Session and preference cookies
3. How We Use Your Information
We use your information to:
- Provide and maintain the Service
- Process insurance questionnaires and generate evidence
- Connect to your security tools via authorized integrations
- Process payments and manage subscriptions
- Send service notifications and updates
- Provide customer support
- Improve and develop new features
- Ensure security and prevent fraud
- Comply with legal obligations
4. Data Sharing
We may share your information with:
- Service Providers: Third parties that help us operate (hosting, payment processing, analytics)
- MSP Partners: If you are a client of an MSP using CoverProof, your MSP may access your data
- Legal Requirements: When required by law or to protect our rights
- Business Transfers: In connection with a merger, acquisition, or sale
We do not sell your personal information to third parties.
5. Data Security
We implement industry-standard security measures including:
- Encryption of data in transit (TLS 1.3) and at rest (AES-256)
- Multi-factor authentication support
- Regular security audits and penetration testing
- Access controls and audit logging
- SOC 2 Type II compliance (in progress)
6. Data Retention
We retain your data for as long as your account is active or as needed to provide services. After account deletion:
- Personal data is deleted within 30 days
- Audit logs are retained for 1 year for compliance
- Anonymized analytics data may be retained indefinitely
7. Your Rights
Depending on your location, you may have the right to:
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data
- Portability: Receive your data in a portable format
- Objection: Object to certain processing activities
- Restriction: Request restriction of processing
To exercise these rights, contact us at privacy@coverproof.ai
8. International Transfers
Your data may be transferred to and processed in the United States. We use Standard Contractual Clauses and other safeguards for international transfers.
9. Children's Privacy
The Service is not intended for individuals under 18. We do not knowingly collect information from children.
10. Cookies
We use cookies for:
- Essential: Required for the Service to function
- Analytics: To understand how the Service is used
- Preferences: To remember your settings
You can control cookies through your browser settings.
11. Third-Party Services
The Service integrates with third-party services (Microsoft, Google, etc.). Your use of these integrations is subject to their respective privacy policies.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service.
13. Contact Us
For privacy-related questions or concerns, contact us at:
14. Data Protection Officer
For GDPR-related inquiries, you may contact our Data Protection Officer at dpo@coverproof.ai