Skip to content

Privacy

Privacy policy

Last updated: April 26, 2026.

Who we are

This policy describes how CoverHolder.io ("we," "us") handles information when you use our website, vendor workflows, and related services. For privacy requests, use our contact page.

Information we collect

Depending on how you use the site, we may process:

  • Account and vendor workflow data. If you sign in or submit a listing or claim, we process identifiers such as your email address and information you submit in forms (for example company name, website, and descriptions), plus related status in our systems.
  • Engagement and lead-attribution metadata. We log events such as profile views, outbound link clicks, comparison activity, and search usage so vendors can understand interest in their listings. Events may include page or category context, referrer, and a short-lived session identifier stored in sessionStorage in your browser to correlate requests. We may also accept optional organization context you provide with an event when that field is offered.
  • Technical data. We derive a salted hash of the network address we see for an event for abuse prevention and coarse attribution. We do not store raw IP addresses for lead attribution in the lead-event pipeline described here.
  • Analytics and product telemetry. When enabled, we use third-party analytics (for example Vercel Analytics and, if configured, PostHog) that may set cookies or use local storage and process usage data under their terms.
  • Support and correspondence. If you email or message us, we retain messages as needed to respond and operate the service.

How we use information

We use the categories above to:

  • Operate, secure, and improve the marketplace and editorial surfaces.
  • Authenticate vendor accounts and fulfill listing, claim, and billing workflows.
  • Provide vendors with analytics scoped to their own listings and enforce access controls.
  • Detect abuse, rate-limit automated traffic, and protect platform integrity.
  • Comply with law, enforce our terms, and resolve disputes.

What we show vendors

Vendors should only see analytics and lead context for listings they are authorized to manage. Unpaid vendors do not receive full buyer or company-level lead attribution unless we explicitly change that rule and update this policy. Product surfaces may show aggregate counts before showing row-level detail, and tier controls may evolve as features ship.

Sharing and subprocessors

We use service providers to host and operate the product, including for example:

  • Hosting and edge infrastructure (such as Vercel).
  • Database and authentication (such as Supabase).
  • Email delivery (such as Resend).
  • Payments and billing (such as Stripe).
  • Analytics vendors when their integrations are enabled (such as PostHog).

These providers process data on our behalf under contractual terms. They may be located in the United States or other countries where they operate.

Retention

We retain information for as long as needed to provide the service, comply with law, resolve disputes, and enforce agreements. Retention periods vary by data category; we delete or de-identify information when it is no longer needed for those purposes, subject to technical backups and legal holds.

Security

We use administrative, technical, and organizational measures appropriate to the nature of the service. No method of transmission or storage is completely secure; we work to protect accounts, secrets, and vendor boundaries as described in our engineering practices.

Your choices

You may use browser controls to block or clear cookies and storage; doing so may limit sign-in or analytics features. You may contact us to request access, correction, or deletion of personal information we hold, subject to applicable law and legitimate business needs (for example billing records or security logs).

International users

We are oriented toward United States operations. If you access the site from other regions, you consent to processing and transfer of information in the United States and other locations where we or our providers operate, which may have different data rules than your home jurisdiction.

Children

The service is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe we have collected a child's information, contact us so we can delete it.

Changes

We may update this policy from time to time. We will post the revised version on this page and adjust the "Last updated" date. Material changes may also be communicated through the product or by email where appropriate.

This policy summarizes our practices for a general audience. It is not an exhaustive legal document for every jurisdiction. For vendor listings, corrections, and editorial standards, see our editorial and data policy and terms of use.