COI Tracker

Privacy Policy

Last updated: April 2026

This page explains what COI Tracker collects, where it lives, and how we use it. Plain language, no dark patterns.

What we collect

  • Your email address (for sign-in and reminders).
  • Vendor names, emails, certificate types, expiry dates, and optional PDFs — everything you choose to enter.
  • Basic usage logs (IP, user agent, request timing) for abuse prevention.

Where it lives

  • Database and file storage: Supabase (AWS us-east-1).
  • Transactional email: Resend.
  • Hosting & logs: Vercel.

How we use it

  • To operate the Service: store your data and send reminders / vendor requests you trigger.
  • To communicate: occasional product updates and billing emails.
  • To prevent abuse: rate limits and security monitoring.

We do not sell your data. We do not run ads.

Vendor emails

When you click “Request Update” we send the vendor’s email address a message on your behalf, with your email set as the reply-to so replies come back to you directly.

Your rights

You can export or delete all your data at any time. Email privacy@coitracker.co and we’ll respond within 30 days.

Retention

Account data is kept while your account is active. If you delete your account, we remove your records within 30 days (except what law requires us to retain).

Changes

Material changes will be announced by email. This page always shows the current version.

Contact

privacy@coitracker.co