Last updated: April 29, 2026
Who we are
Coverage IQ is operated by Josh Dowis ("we", "us", "our"). We act as the data controller for personal data we collect about you when you use the Service.
Personal data we collect
- Account data — email address, authentication identifiers, and (if you sign in with Google) your name and profile picture.
- Policy content — the text extracted from policy PDFs you upload, plus optional risk profile inputs and competing-quote notes you provide.
- Usage data — analyses you have run, timestamps, and IP/device information collected for security and abuse prevention.
- Support communications — any messages you send us.
Payment data (card details, billing address, tax information) is collected directly by our payment provider, Paddle, and is not stored by us.
How we use your data and our legal bases
- Provide the Service (contract performance) — authenticate you, run AI analyses, store your account, deliver reports.
- Security and fraud prevention (legitimate interests) — detect abuse, rate-limit, and protect the Service.
- Improve the Service (legitimate interests) — diagnose errors and improve product quality.
- Customer support (legitimate interests / contract) — respond to your messages.
- Comply with law (legal obligation) — meet tax, accounting, and regulatory requirements.
Who we share your data with
- Service providers / subprocessors — hosting, database, authentication, AI inference, and analytics providers we use to operate the Service.
- Merchant of Record (Paddle) — for sale of the product, subscription management, payments, tax compliance, and invoicing.
- Professional advisers — legal and accounting advisers when reasonably necessary.
- Authorities — where required by law, court order, or to protect our rights.
We do not sell your personal data.
International transfers
Our service providers may process data outside your country, including in the United States and the EEA/UK. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.
Data retention
We keep account data for as long as your account is active. Uploaded policy text and analysis results are retained while needed to provide the Service and may be deleted on request. Logs and security data are retained for a limited period appropriate to their purpose. Data we are required to keep for legal or accounting reasons is retained for the required period and then deleted or anonymized.
Your rights
Depending on your location, you may have rights to access, correct, delete, restrict, port, or object to our processing of your personal data, and to withdraw consent where processing is based on consent. UK/EEA users have these rights under GDPR, including the right to lodge a complaint with a supervisory authority. To exercise any right, contact the operator.
Security
We use appropriate technical and organisational measures — including encryption in transit, access controls, and database row-level security — to protect your personal data. No method of transmission or storage is fully secure, however, and we cannot guarantee absolute security.
Cookies
We use only essential cookies and storage required for authentication and to make the Service work. We do not use marketing cookies.
Children
The Service is not directed to children under 18 and we do not knowingly collect their data.
Contact
For privacy questions or to exercise your rights, contact the operator: Josh Dowis.