Privacy Notice

Effective date: January 20, 2026

This Privacy Notice explains how CheckCOA collects, uses, and shares information when you use our Service.

1. Key points (short summary)

  • We collect account and usage information to run the Service (verification history, collections, wishlist).
  • Payments are handled by Stripe. We do not store full card details.
  • Authentication is handled by Supabase Auth (passwords hashed, not stored in plain text).
  • We are not affiliated with Providers; we display Provider data as provided by them.

2. Information we collect

A) Account information

  • Email address, login method (Google or email/password)
  • Name and avatar (if provided by Google)
  • Account IDs and timestamps

B) Verification & catalog data

  • Provider selected, certificate number entered/scanned
  • Result metadata returned by Providers (as available)
  • Scan/check type (AI/OCR vs Manual), timestamps, status
  • Collections, wishlist, tags, notes, custom fields
  • Uploaded images you choose to add to items

C) Usage & device information

  • IP address (approximate location), device/browser info, logs
  • Cookies or similar technologies (for sessions, preferences, analytics where enabled)

3. How we use information

We use information to:

  • Provide the Service (run checks, display results, save history)
  • Maintain accounts and preferences
  • Enforce limits/credits and prevent fraud/abuse
  • Improve reliability and user experience
  • Provide customer support
  • Process billing status (via Stripe webhooks/events)

4. Payments (Stripe)

All payments are processed by Stripe. Your payment details are submitted directly to Stripe.

CheckCOA receives limited billing signals (e.g., subscription status, last4/brand may be shown by Stripe in the customer portal, invoice IDs) to manage your access. We do not store full card numbers or CVV.

5. How we share information

We may share information with:

  • Service providers needed to run the Service (hosting, databases, auth, analytics, email support tools) — including Supabase and Stripe.
  • Legal/compliance if required by law.

We do not sell your personal information.

6. Data retention

We keep your account and scan history while your account is active. You can request deletion; some records may be retained as required for legal, accounting, or security reasons.

7. International users

We may process and store information in countries different from yours. We use safeguards where required.

8. Your choices and rights

Depending on your region, you may request access, correction, export, or deletion of your data.

Contact: [email protected]

9. Children’s privacy

The Service is not intended for users under 16. We do not knowingly collect data from children.

10. Changes

We may update this Notice and will revise the effective date.