Legal
Privacy Policy
Last updated: 10 April 2026
This policy explains what data Coveroff collects, why, how it is stored, and what rights you have over it.
Who we are
Coveroff is a regulatory information management system developed and operated by Coveroff Ltd., designed and built in California. Data is stored on EU infrastructure with EU data residency. We can be reached at privacy@coveroff.com.
We operate as a data processor for the regulatory workflow data you store in Coveroff, and as a data controller for the account and usage data we collect in order to run the service.
What data we collect
- Account data
- Name, work email address, company name, and job title. Collected when you create an account or join an organisation on Coveroff.
- Regulatory workflow data
- Submissions, dossier content, registrations, formulations, substances, studies, tasks, and all other data you enter into Coveroff. This data belongs to you. We process it solely to operate the service.
- Usage data
- Page views, feature interactions, and session metadata. Collected via server-side logging and used to understand how the product is used and where it can be improved. No third-party behavioural tracking scripts.
- Support communications
- Emails and messages you send to our support or sales team. Retained to resolve queries and improve the product.
How we use your data
We use the data we collect to:
— Operate and deliver the Coveroff service — Authenticate users and enforce access controls — Send transactional emails (invitations, password resets, system alerts) — Respond to support requests — Understand product usage to prioritise development — Comply with our legal obligations
We do not sell your data. We do not use your regulatory workflow data to train AI models or share it with third parties outside of the subprocessors listed below.
Data storage and residency
Coveroff stores all application data in the European Union. Our database infrastructure runs on Neon (Postgres), configured to use EU data centres. Application servers run on Vercel's edge network; EU data residency is available and enabled by default for paid plans.
Data is encrypted at rest (AES-256) and in transit (TLS 1.2+).
Subprocessors
Data retention
Account and workflow data is retained for the duration of your subscription and for 90 days after cancellation, during which you can export your data. After 90 days, data is permanently deleted from production systems and backups.
Support communications are retained for 3 years. Usage logs are retained for 12 months.
Your rights under GDPR
If you are based in the EU or EEA, you have the following rights:
— **Access** — you may request a copy of the personal data we hold about you — **Rectification** — you may correct inaccurate data — **Erasure** — you may request deletion of your personal data — **Portability** — you may request your data in a machine-readable format — **Objection** — you may object to processing based on legitimate interests — **Restriction** — you may request we limit how we process your data
To exercise any of these rights, email privacy@coveroff.com. We will respond within 30 days. You also have the right to lodge a complaint with your local EU supervisory authority.
Cookies
Coveroff uses a single session cookie to maintain your authenticated session. We do not use advertising cookies, cross-site tracking cookies, or third-party analytics cookies. No cookie consent banner is shown because we do not set non-essential cookies.
Changes to this policy
We will notify customers by email at least 14 days before any material change to this policy takes effect. The date at the top of this page reflects the most recent update.
Contact
For privacy-related questions: privacy@coveroff.com For general enquiries: hello@coveroff.com Postal: Coveroff Ltd., California, USA
This policy applies to Coveroff as of 10 April 2026. It is governed by California law. GDPR obligations apply where required.