Privacy Policy

Information you provide. When you sign up, you provide your name, email address, organization name (if applicable), and password. If you upgrade to a paid plan, we collect billing information (processed by our payment processor; we never store full card numbers).

Information you create. As you use Copera, you create messages, documents, tasks, files, comments, recordings, transcripts, voice clips, and other content (collectively, "Your Content"). We host and process Your Content to deliver the Service.

Information from your use. We log usage events such as feature interactions, page views, browser type, IP address, device information, and approximate location for analytics, abuse prevention, and reliability. We use cookies and similar technologies to keep you signed in and to operate the Service.

AI inputs and outputs. When you use Copera AI, Bankai, transcription, or other AI features, we process the prompts, voice clips, and contextual data needed to generate a response. Outputs and request metadata (model used, credits consumed) are stored in your workspace.

Sensitive personal data. Copera is not designed for collecting special categories of personal data, but the Service is general-purpose and you may, at your discretion, submit sensitive personal data through messages, documents, files, or signed contracts. By doing so, you consent to our processing of that data as described in this Privacy Policy. If you require special handling of sensitive data, contact privacy@copera.ai before submitting it.

We use the information we collect to provide, maintain, secure, and improve the Service; process payments, manage subscriptions, and send invoices; communicate with you about your account, transactions, and support requests; send service announcements, security notices, and (with your permission) product news; detect, prevent, and respond to abuse, fraud, or security incidents; and comply with legal obligations, enforce our Terms, and protect our rights.

We do not sell your personal data, and we do not use Your Content for advertising or AI training.

AI requests are routed through Copera's proprietary AI router, which chooses an appropriate model for each task. The router calls third-party AI providers under contracts that prohibit using your data for training, require providers to discard request data after the response is delivered (or within their stated retention window), and restrict access to what is needed to serve the request.

Within Copera, AI features run inside your workspace. The AI never has access to data outside your workspace, and it follows the same member-level permissions as the rest of the Service. No data flows between workspaces.

A list of the AI subprocessors we use, including their roles and locations, is available on request and updated when subprocessors change. We will give reasonable advance notice of material changes for paid customers.

Subprocessors. Cloud hosting providers, payment processors, email-delivery providers, AI model providers, and similar service providers, all under data-processing agreements that limit their use of the data to performing the contracted service.

Within your workspace. Members of a workspace can see content and activity within that workspace according to permissions set by the workspace owner. Personal inboxes and direct messages remain visible only to participants.

Business transfers. If Copera is acquired or merged, your information may be transferred under the same privacy commitments.

Legal reasons. We may disclose information when required by law, subpoena, or court order, or to protect rights, property, or safety. Where lawful, we will notify affected customers.

We do not sell personal information.

Data is stored in secure cloud infrastructure with encryption in transit (TLS 1.3) and at rest (AES-256). Access to production systems is limited, audited, and protected by SSO and MFA.

Where supported, customers may select data residency in the United States, the European Union, or Brazil for content storage. Some operational data (logs, billing) may be processed in our headquarters region. We are working toward SOC 2 Type II and other compliance certifications. Material security and compliance updates are published at copera.ai/security.

Backups and operational copies. To protect your data against accidental loss and to provide reliable Service, we maintain encrypted backups of production systems. When you delete content from your workspace, it is removed from active systems immediately, but residual copies may persist in encrypted backups for up to 90 days while they age out of rotation. Backups are not used to restore individual deleted records and are protected by the same access controls as production data.

We retain Your Content for as long as your workspace is active. When a workspace is deleted, we retain its data for 30 days to allow for recovery and export, and then permanently delete it from active systems, except where retention is required by law (for example, billing records).

Signed e-signature documents are subject to a separate retention policy because of legal and audit obligations. Documents completed through Copera's signature flow are retained for the duration required by their category: 6 years for general contracts, 6 years for healthcare-related documents, and 7 years for financial documents, calculated from the date of completion. Documents flagged as demo or test documents have no retention requirement and can be deleted at any time. During the retention period, signed documents cannot be deleted by users or by us — even if the workspace owner requests workspace deletion. Once the retention period ends, signed documents follow the standard deletion path.

If your workspace contains signed documents under retention, deleting the workspace will not remove those documents. We will retain the minimum data needed to preserve the legal validity of the signature (the document, signature audit trail, and signer identity records) until the retention period ends, and we will delete everything else.

You can request an export of your data, or accelerate deletion of items not under legal retention, by writing to privacy@copera.ai or through your workspace settings.

Depending on your location, you may have rights to access, correct, or update your personal data; request deletion; object to or restrict certain processing; request a portable export; and withdraw consent where we rely on it.

For users in the EU/EEA and the UK, GDPR rights apply. For users in Brazil, LGPD rights apply. For California residents, CCPA/CPRA rights apply, including the right to know, the right to delete, and the right to opt out of certain sharing.

To exercise any of these rights, write to privacy@copera.ai. We will respond within the time required by applicable law.

We use cookies and similar technologies for session management, security, preferences, and analytics. We use a small number of trusted analytics providers; we do not allow third-party advertising cookies on our marketing site. You can manage cookies through your browser settings; disabling essential cookies may prevent certain features from working.

Copera is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us information, please contact privacy@copera.ai and we will delete it.

If you are located outside the country where your data is processed, your information may be transferred across borders. Where applicable, we rely on Standard Contractual Clauses, adequacy decisions, or equivalent safeguards.

We may update this Privacy Policy from time to time. For material changes, we will notify you by email or in-app notice at least 30 days before they take effect. The effective date at the top of this policy is always current.

For privacy questions, requests, or complaints, write to privacy@copera.ai. Our postal address and Data Protection Officer contact (where applicable) are available on request.