Privacy Policy

Last updated: June 6, 2026

CoverScore helps small businesses understand how insurable their employee handbook makes them. We collect as little as we can, and we tell you plainly what we keep and how to have it removed.

What we collect

• Your contact email — so we can send your score, your remediation memo, and (if you buy one) your audit and receipt.
• Basic business details — your U.S. state, industry, and rough employee count, used to tailor the readiness score.
• Your employee handbook — uploaded to be scored. It is redacted before scoring, so personal and any health-related information is stripped out and never stored with the score.
• Your policy renewal date — optional, only if you share it, to time guidance honestly.
• Anonymous usage identifiers — random IDs and campaign tags (an anonymous ID, a session ID, marketing UTM parameters, and a Google Analytics client ID) that let us measure which channels bring people to CoverScore. These are not your name.

How we use it

To deliver your free score and memo, to provide the $499 audit if you choose it, to time guidance around your renewal, and to measure how people find us so we can improve. We do not sell your data.

Who processes your data (sub-processors)

We rely on a small set of trusted providers to run CoverScore. Each receives only what it needs:

• PostHog — product analytics (how the app is used).
• Google Analytics 4 (GA4) — marketing analytics (how people find us).
• Stripe — payments for the $499 audit.
• Resend — sending your transactional emails.
• Neon — our database.
• Graphlit — extracting text from your uploaded handbook.
• Anthropic — the AI that scores the (redacted) handbook.
• Trigger.dev — running the background scoring jobs.
• Vercel — hosting and secure file storage for your upload.

Analytics retention & deletion

PostHog and GA4 receive anonymous identifiers (an anonymous ID and a Google Analytics client ID) and event data — never your name. We retain analytics data only as long as it is useful for measuring acquisition. When you request deletion (below), we also target your records for downstream removal: a person-delete in PostHog keyed to your anonymous ID, and a user-deletion in GA4 keyed to your Google Analytics client ID.

Your right to deletion

You can ask us to delete the personal data we hold about you — your email and the anonymous tracking identifiers tied to you (the anonymous ID, session ID, UTM parameters, and Google Analytics client ID) across your lead and purchase records. To request deletion, use our self-serve deletion page (we’ll email you a secure confirmation link), or email us at hello@coverscore.ai. Note that we keep non-identifying business and purchase records (for example, that an audit was bought and later refunded) for accounting and audit integrity, with your personal identifiers removed.

No protected health information

CoverScore is not a health service and does not store protected health information (PHI). Your handbook is redacted before scoring.

Payments

To take payment for the $499 audit, our payment processor (Stripe) collects and processes your email and card details directly, on its own secure checkout page and under its own privacy terms. The only information CoverScore attaches to the payment is an opaque business identifier and marketing tags — never your name or other personal details.

Questions

Email hello@coverscore.ai and we’ll help.