Privacy Policy
Last updated: September 24, 2025
Privacy First: Coverly is designed with privacy as a core principle. We process your data locally on your device whenever possible and use end-to-end encryption for cloud storage. We never sell your data or use it for advertising.
1. Introduction
Welcome to Coverly ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application Coverly (the "App"). We are committed to protecting your privacy and ensuring you understand how your data is handled.
By using our App, you agree to the collection and use of information in accordance with this Privacy Policy.
2. Information We Collect
2.1 Information You Provide Directly
- Product Information: Product names, brands, models, serial numbers, purchase dates, and prices
- Purchase Records: Store names, receipts, warranty documents, and related photos
- Vehicle Information: VIN numbers, make, model, year, mileage, and service records
- Photos: Product images, receipt photos, serial number images, and vehicle photos
- Account Information: App preferences and settings
2.2 Information Automatically Collected
- Usage Analytics: Anonymous usage statistics, feature usage patterns, and app performance metrics
- Device Information: iOS version, device model, and app version (for compatibility and support)
- Crash Reports: Anonymous crash logs and error reports to improve app stability
2.3 Information from Third-Party Services
- VIN Decoding: Vehicle specifications from public VIN databases
- Recall Information: Safety recall data from NHTSA (National Highway Traffic Safety Administration)
- AI Processing: Text analysis results from OpenRouter API (text only, no images or personal documents)
3. How We Use Your Information
| Purpose |
Data Used |
Legal Basis |
| Warranty Management |
Product info, receipts, warranty terms |
Contract Performance |
| Vehicle Tracking |
VIN, vehicle specs, service records |
Contract Performance |
| Recall Monitoring |
VIN numbers, vehicle information |
Legitimate Interest (Safety) |
| AI-Powered Features |
Extracted text from documents |
Consent |
| App Improvement |
Anonymous usage analytics |
Legitimate Interest |
| Customer Support |
Error logs, usage patterns |
Contract Performance |
4. Data Storage and Security
4.1 Local Storage
- On-Device Processing: OCR (text extraction) is performed entirely on your device using Apple's VisionKit
- Local Database: Your data is stored locally on your device using Apple's Core Data framework
- Face/Touch ID: Optional app-level security using your device's biometric authentication
4.2 Cloud Storage (Optional)
- iCloud Private Database: If enabled, your data syncs via Apple's CloudKit using end-to-end encryption
- Encryption: All cloud data is encrypted both in transit and at rest
- Access Control: Only you can access your CloudKit data - we cannot see or access it
4.3 Third-Party Services
- OpenRouter API: Only extracted text is sent for AI analysis (no images, no personal documents)
- VIN/Recall Services: Only VIN numbers are sent to decode vehicle information and check recalls
- Data Retention: Third-party services do not permanently store your data
5. Data Sharing and Disclosure
We do not sell, rent, or share your personal data with third parties for marketing purposes.
5.1 Limited Sharing
We may share your information only in the following circumstances:
- Service Providers: With trusted third-party services (OpenRouter, VIN decoders) only for processing specific requests
- Legal Requirements: If required by law, court order, or government request
- Safety: To protect rights, property, or safety of users or the public
- Business Transfer: In connection with a merger, acquisition, or sale of assets (with notice to you)
5.2 User-Initiated Sharing
- Export Features: When you export or share data (PDF reports, claim packets)
- Email/Messages: When you choose to send information via email or messaging
- Cloud Storage: When you enable iCloud sync (data remains private to you)
6. Your Privacy Rights
6.1 Access and Control
- Data Access: View all your data within the app at any time
- Data Export: Export your data in PDF, CSV, or JSON formats
- Data Deletion: Delete individual items or all data from within the app
- Account Deletion: Complete account and data deletion available in app settings
6.2 Privacy Settings
- iCloud Sync: Enable or disable cloud synchronization
- AI Features: Opt-out of AI-powered features
- Analytics: Disable anonymous usage analytics
- Notifications: Control warranty and recall notifications
6.3 California Privacy Rights (CCPA)
If you are a California resident, you have additional rights:
- Right to know what personal information is collected and how it's used
- Right to delete personal information
- Right to opt-out of the sale of personal information (we don't sell data)
- Right to non-discrimination for exercising privacy rights
6.4 European Privacy Rights (GDPR)
If you are in the European Union, you have these rights:
- Right to access your personal data
- Right to rectify inaccurate data
- Right to erase your data
- Right to restrict processing
- Right to data portability
- Right to object to processing
7. Children's Privacy
Coverly is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.
8. International Data Transfers
Your data is primarily processed and stored:
- Locally: On your device and in your personal iCloud account
- United States: OpenRouter API servers (text analysis only)
- Globally: Apple's iCloud infrastructure with end-to-end encryption
When data is transferred internationally, we ensure appropriate safeguards are in place to protect your privacy rights.
9. Data Retention
- Local Data: Retained until you delete it or uninstall the app
- Cloud Data: Retained in your iCloud account according to Apple's policies
- Analytics: Anonymous usage data retained for up to 2 years for app improvement
- Third-Party Services: Data not permanently stored by external services
10. Security Measures
- Encryption: All data encrypted in transit and at rest
- Access Controls: Biometric authentication and app-level security
- Data Minimization: We collect only necessary data for functionality
- Regular Updates: Security patches and improvements delivered via app updates
- Third-Party Audits: External services vetted for security compliance
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make changes:
- We will notify you through the app or via email
- The updated policy will be posted on our website
- Material changes will require your consent
- You can review the current version anytime in the app settings