Privacy Policy

COI ParseAPI ("we," "us," or "our") operates the COI ParseAPI service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our API and related services.

By using COI ParseAPI, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Account Information

When you register for an account, we collect:

• Name and email address
• Company name and role
• Billing information (processed securely by our payment provider)
• API keys and authentication credentials

Uploaded Documents

When you use our API, you may upload insurance certificate documents (COIs) for parsing. These documents may contain:

• Insurance carrier and policy details
• Named insureds and certificate holders
• Coverage types, limits, and effective dates
• Business names, addresses, and contact information

Usage Data

We automatically collect certain information when you interact with our service:

• API call timestamps, endpoints used, and response codes
• IP addresses and approximate geographic location
• Browser type and device information (for web dashboard)
• Pages visited and features used

Cookies

We use essential cookies to maintain your session and preferences. Analytics cookies may be used via Google Tag Manager to help us understand usage patterns. We do not use advertising or tracking cookies.

2. How We Use Your Information

Provide and Operate the Service

• Process uploaded COI documents and return structured data
• Authenticate API requests and manage your account
• Process billing and payments
• Deliver API responses and webhook notifications

Improve Our Product

• Analyze usage patterns to optimize performance and accuracy
• Train and improve our parsing models (only with anonymized data - see Document Handling below)
• Identify and fix bugs, errors, and service issues
• Develop new features based on usage trends

Communicate With You

• Send service updates, security alerts, and maintenance notices
• Respond to support requests and inquiries
• Share product announcements and feature updates (you can opt out)

3. Document Handling

We take the handling of your uploaded insurance certificates very seriously. Here is how we process and store your documents:

Processing

Uploaded COI documents are processed in memory using OCR and AI vision models. The raw document and extracted data are handled in isolated, encrypted environments.

Retention Periods

Document retention depends on your plan tier:

• Free / Starter: Documents deleted within 24 hours of processing
• Professional: Documents retained for up to 30 days for re-processing and audit
• Enterprise: Custom retention periods per your agreement, up to 12 months

You can request immediate deletion of any document at any time via the API or dashboard.

Encryption

All documents are encrypted at rest using AES-256 encryption. All data in transit is protected with TLS 1.3. Encryption keys are managed through a dedicated key management service and rotated regularly.

Model Training

We do not use your raw documents to train our models. If we use any data for model improvement, it is first stripped of all personally identifiable information and business-specific details. You can opt out of anonymized data usage entirely in your account settings.

4. Data Sharing

We do not sell your data. We do not share your personal information or documents with third parties for their marketing purposes.

We may share limited information with the following categories of service providers:

• Cloud hosting: Our infrastructure runs on major cloud providers that maintain SOC 2 and ISO 27001 compliance
• Payment processing: Billing information is processed by PCI-DSS compliant payment providers. We do not store full credit card numbers
• Analytics: Aggregated, non-identifiable usage data may be processed by analytics tools to help us understand service usage

We may also disclose information if required by law, court order, or governmental regulation, or if necessary to protect the rights, property, or safety of our users or the public.

5. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: AES-256 at rest, TLS 1.3 in transit
• Access controls: Role-based access, principle of least privilege, multi-factor authentication for internal systems
• Infrastructure: Isolated processing environments, regular security patching, network segmentation
• Monitoring: Continuous logging, intrusion detection, and anomaly alerting
• Compliance: We are working toward SOC 2 Type II certification and follow OWASP security best practices

No method of electronic storage or transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Your Rights

You have the following rights regarding your personal data:

• Access: Request a copy of all personal data we hold about you
• Correction: Update or correct inaccurate information in your account
• Deletion: Request deletion of your account and associated data. We will delete your data within 30 days, except where retention is required by law
• Export: Download your data in a structured, machine-readable format (JSON)
• Restriction: Request that we limit processing of your data in certain circumstances
• Objection: Object to processing of your data for specific purposes

To exercise any of these rights, contact us through our contact form or email us directly. We will respond within 30 days.

7. Cookies

We use the following types of cookies:

• Essential cookies: Required for authentication, session management, and security. These cannot be disabled
• Analytics cookies: Used via Google Tag Manager to collect aggregated usage statistics. These help us understand how users interact with our dashboard and documentation. You can opt out of analytics cookies in your browser settings

We do not use advertising cookies, retargeting pixels, or cross-site tracking technologies.

8. Children's Privacy

COI ParseAPI is a business-to-business service and is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Send a notification to the email address associated with your account
• Display a prominent notice on our dashboard

Continued use of the service after changes take effect constitutes acceptance of the updated policy. We encourage you to review this page periodically.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please reach out:

• Use our contact form
• Email: privacy@coiparseapi.com

We aim to respond to all privacy-related inquiries within 5 business days.