Privacy Policy

Our commitment

Covrabl handles sensitive personal and financial information. We take that responsibility seriously. This policy describes what we collect, why we collect it, and what we do (and don't do) with your information. We have written it in plain language because we believe you should be able to understand how your data is handled without a law degree.

What we collect

Information you provide directly

• Account information: Your email address and password (stored as a one-way hash — we cannot see your password)
• Insurance documents: Policy PDFs, declarations pages, and other documents you upload
• Policy information: Carrier names, policy numbers, coverage amounts, deductibles, renewal dates, premium amounts, claims data, and other details you enter or that are extracted from your documents
• Contact information: Names, phone numbers, and email addresses of insurance agents, brokers, or other contacts you choose to store
• Emergency card information: Names and phone numbers of emergency contacts you choose to include on your emergency access card

Information collected automatically

• Log data: When you use the Service, our servers automatically record information including your IP address, browser type, and the pages you visit. This is standard for all web services and is used solely for security and debugging purposes.

What we do NOT collect

• Social Security numbers
• Bank account or credit card numbers (payment processing is handled by secure third-party processors)
• Location data
• Data from third-party tracking or advertising networks

How we use your information

We use your information for the following purposes and no others:

• To provide the Service — storing, organizing, and displaying your insurance information
• To extract data from documents you upload, so you don't have to enter it manually
• To send you transactional emails (password resets, account notifications)
• To send you renewal reminders and alerts you have opted into
• To maintain the security and integrity of the Service

How we protect your data

Your individual coverage data belongs to you and is never shared with third parties without your explicit permission.

We may use aggregated, anonymized insights to improve our services and better understand coverage trends. These insights cannot identify you.

We will never:

• Sell your personal information — your name, email, and individual policy details are never sold to third parties
• Share your data with advertisers or use it for targeted advertising
• Use your information for unsolicited insurance marketing or lead generation

If we ever introduce features that involve sharing information with partners, you will always choose whether to participate.

How we share your information

We share your information only in these limited circumstances:

• When you choose to share: When you use our sharing features (policy sharing, emergency cards), the information you designate is made available to the people you choose. You control this entirely.
• Service providers: We use a small number of third-party services to operate Covrabl (cloud hosting, file storage, payment processing). These providers access your data only to perform services on our behalf and are contractually obligated to protect it.
• Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request. We will notify you before doing so unless legally prohibited.

We do not share your individual data with insurance companies, brokers, agents, or advertisers without your explicit consent.

Document extraction and AI processing

When you upload a document, we use artificial intelligence to extract key information (carrier, policy number, coverage amounts, etc.) so you don't have to type it manually. We also use AI to analyze your coverage — including scoring your protection level, detecting gaps in your insurance, identifying policy changes between terms, and generating renewal alerts. All of this processing is performed solely to provide the Service to you. Your data is stored in your account and is not used to train AI models, build datasets, or for any purpose other than serving you.

Data security

We protect your data with industry-standard security practices:

• Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security)
• Password security: Your password is hashed using bcrypt with a high work factor. We never store or have access to your plain-text password
• Authentication: Sessions are managed via secure, time-limited JWT tokens
• Access controls: Your data is isolated to your account. Other users cannot access your information unless you explicitly grant them permission
• Audit logging: All significant actions are logged so you can review access and changes to your data

No system is perfectly secure. While we implement strong protections, we cannot guarantee absolute security. We will notify you promptly if we become aware of a breach affecting your data.

Data retention and deletion

We retain your data for as long as your account is active. When you delete a policy, document, or other content, it is permanently removed from our systems.

When you delete your account, all of your data — including policies, documents, contacts, emergency cards, and personal information — is permanently deleted. This action is irreversible. We recommend exporting your data before deleting your account.

We may retain anonymized, aggregated data (such as total number of users) that cannot be used to identify you.

Your rights

You have the right to:

• Access your data: You can view all information stored in your account at any time
• Export your data: You can export your policy data in standard formats
• Correct your data: You can edit any information in your account at any time
• Delete your data: You can delete individual items or your entire account at any time
• Revoke sharing: You can revoke any sharing permissions you have granted at any time

If you are a resident of the European Economic Area (EEA), you have additional rights under GDPR, including the right to data portability and the right to lodge a complaint with a supervisory authority. If you are a California resident, you have additional rights under the CCPA, including the right to know what personal information is collected and the right to request deletion.

To exercise any of these rights, contact us at privacy@covrabl.com.

Cookies

Covrabl uses only essential cookies and local storage required for the Service to function (such as keeping you logged in). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

Children's privacy

Covrabl is not directed to children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

Third-party services

We use the following third-party services to operate Covrabl:

• Cloud hosting and infrastructure — for running the application and storing data
• Object storage — for securely storing uploaded documents
• Payment processors — Payments are processed through secure third-party payment processors (such as Stripe). Covrabl does not store full payment card details on its own servers. Payment providers may collect and process information in accordance with their own privacy policies.
• AI providers — for document extraction (documents are processed and not retained by the provider)

Each of these providers is bound by their own privacy policies and contractual obligations to protect your data.

Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through the Service at least 30 days before the changes take effect. We will always keep the prior version available for your review.

Contact

If you have questions about this Privacy Policy or how your data is handled, please contact us:

• Email: privacy@covrabl.com
• General: support@covrabl.com