Last updated: March 1, 2026

Privacy Policy

Overview

CoverReady ("we," "our," or "us") operates the CoverReady platform, a cybersecurity compliance and documentation tool for small businesses. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website and services.

Important Notice

CoverReady is not a law firm, insurance broker, or cybersecurity consultancy. We provide tools and educational resources to help businesses document their security posture. This privacy policy governs our platform — not any third-party services you may integrate with.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password. If you sign up on behalf of an organization, we also collect your organization name.

Business Information

To provide our services, we collect information about your business including industry, company size, and security controls you report through our platform. This information is used to generate your readiness score and tailor recommendations.

Uploaded Documents

You may upload documents to our Evidence Vault, including security policies, compliance certificates, training records, and other files. These documents are stored securely and are only accessible to authorized members of your organization.

Usage Data

We automatically collect certain technical information when you use our platform, including browser type, device information, IP address, pages visited, and actions taken within the application. This data helps us improve our service and troubleshoot issues.

Assessment Data

If you complete our free readiness assessment, we collect your responses to generate your score. If you do not create an account, this data is not stored on our servers.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services, including generating readiness scores, policy documents, and compliance reports
  • Process your subscription and manage billing through our payment processor
  • Send transactional communications (account confirmations, billing receipts, security alerts)
  • Respond to your support requests and provide customer service
  • Analyze usage patterns to improve our platform and develop new features
  • Comply with legal obligations and enforce our Terms of Service

We do not sell your personal information or business data to third parties. We do not use your uploaded documents or business data for advertising purposes.

3. Data Storage and Security

Your data is stored on secure, US-based servers provided by Supabase (our database and authentication provider). All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption.

We implement industry-standard security measures including:

  • Row-level security policies ensuring users can only access their own organization's data
  • Secure authentication with password hashing and optional multi-factor authentication
  • Regular security assessments and vulnerability monitoring
  • Encrypted file storage for all uploaded documents

While we take reasonable measures to protect your data, no method of electronic storage is 100% secure. We cannot guarantee absolute security.

4. Third-Party Services

We use the following third-party services to operate our platform:

Stripe (Payment Processing)

We use Stripe to process subscription payments. When you subscribe, your payment information is sent directly to Stripe and is never stored on our servers. Stripe's privacy policy governs their handling of your payment data.

Supabase (Database and Authentication)

We use Supabase to store your account data, business information, and uploaded documents. Supabase provides SOC2-compliant infrastructure with data centers in the United States.

Anthropic (AI Policy Generation)

When you use our AI-powered policy generator, your business context (industry, size, requirements) is sent to Anthropic to generate customized security policy documents. Anthropic does not use this data for model training. No personally identifiable information or uploaded documents are sent to Anthropic.

5. Cookies

We use only essential cookies required for the platform to function. These include:

  • Authentication cookies — to keep you logged in and maintain your session
  • Security cookies — to prevent cross-site request forgery and protect your account

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

6. Data Retention and Deletion

We retain your data for as long as your account is active or as needed to provide our services. If you cancel your subscription, your data remains accessible in read-only mode for 90 days, after which it may be deleted.

You may request deletion of your account and all associated data at any time by contacting us at support@coverready.com. Upon receiving a deletion request, we will:

  • Delete your account and authentication credentials
  • Delete all uploaded documents from our storage
  • Delete all business data, policies, and compliance records
  • Retain only anonymized usage data and billing records required for legal compliance

Deletion is typically completed within 30 days of your request.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to or restrict certain processing activities

To exercise any of these rights, contact us at support@coverready.com. We will respond within 30 days.

8. Children's Privacy

CoverReady is designed for businesses and is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of the platform after changes are posted constitutes acceptance of the revised policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

support@coverready.com