1. Who We Are
Coplain is a product of Price Legacy Group LLC, an Oklahoma limited liability company ("we," "us," or "our"). We operate the Coplain platform, an AI-powered manufacturing documentation tool accessible at coplain.com and its subdomains.
If you have questions about this Privacy Policy or our data practices, you can reach us at support@coplain.com.
2. Information We Collect
A. Information You Provide
- Account information: When you create an account we collect your name, email address, and a password. Passwords are hashed using bcrypt via Supabase Auth and are never stored in plain text. We never have access to your password in cleartext.
- Payment information: Payments are processed by Stripe, Inc. We never see, receive, or store your full credit card number, CVV, or raw banking information. We receive only a Stripe customer ID and the last four digits of your card for display purposes.
- Documents you upload: When you use Coplain's AI processing features, you upload documents such as work instructions, procedures, and quality records. See Section 4 for details on how those documents are handled.
- Support communications: If you contact us via email, we retain the content of that correspondence in order to respond and maintain a history of your support interactions.
B. Information Collected Automatically
- Usage data: We log which modules you use (job aid generation, auditing, translation, etc.), generation counts, and timestamps. This data is used for billing, rate limiting, and service improvement.
- Analytics: We use Google Analytics to collect aggregated data about page views, session duration, referral sources, and feature usage. Google Analytics data is anonymized and subject to Google's own privacy policy.
- Log data: Our servers automatically collect IP addresses, browser type and version, referring URLs, and error logs. This information is used for security monitoring and debugging.
- Cookies: We use essential cookies for session management and authentication, and analytics cookies via Google Analytics. See Section 11 for details.
C. Information We Do NOT Collect
- We do not store the content of documents you upload beyond the time needed to process your request. Documents are processed in memory and discarded after your session ends and the result is returned to you.
- We do not use your document content to train, fine-tune, or improve any AI models, including third-party models.
- We do not purchase, receive, or incorporate third-party data profiles about you.
3. How We Use Your Information
We use the information we collect for the following purposes:
- Providing the service: Processing your documents, returning results, managing your subscription and account.
- Billing and payments: Managing your subscription, processing charges through Stripe, and sending receipts.
- Transactional communications: Sending password reset emails, account confirmations, subscription notices, and security alerts. These are not marketing emails and you cannot opt out of them while maintaining an active account.
- Usage monitoring: Enforcing rate limits, detecting unusual activity, and generating usage statistics for billing.
- Fraud and abuse prevention: Detecting unauthorized access attempts, circumvention of billing, and violations of our Terms of Service.
- Service improvement: Analyzing aggregated, de-identified usage patterns to improve features and performance.
- Legal compliance: Complying with applicable laws, regulations, and valid legal process.
4. AI Processing Disclosure
Coplain uses third-party AI services to process the documents you submit. This is a core function of the service. When you submit a document for processing, its content is transmitted to Anthropic PBC's API infrastructure for AI analysis and generation.
- Anthropic's data handling: Anthropic PBC processes your document content pursuant to their own Privacy Policy, available at anthropic.com/privacy. By default, Anthropic's API does not use submitted data to train or improve their models. We recommend you review Anthropic's policy independently.
- No retention after processing: We do not store your document content on our own servers after a processing request is complete. The document is passed through to the AI API and the result is returned to you.
- Documents you should NOT upload: You are responsible for ensuring that documents you submit comply with applicable law and your organization's data handling policies. Do not upload documents containing personally identifiable information (PII) of third parties, protected health information (PHI) subject to HIPAA, classified government information, or technical data subject to export control regulations (ITAR/EAR) without first determining whether such use is permitted.
- No BAA or ITAR agreements in place: Coplain does not have a HIPAA Business Associate Agreement (BAA) in place with Anthropic or its other sub-processors. Coplain is not registered or certified to handle ITAR-controlled technical data. Do not use Coplain to process PHI or export-controlled data unless you have independently verified that your use case is compliant.
5. Data Sharing and Sub-Processors
We share data with the following categories of third parties in order to operate the service:
- Anthropic PBC — AI processing of document content submitted through Coplain's modules.
- Stripe, Inc. — Payment processing, subscription management, and fraud prevention.
- Supabase, Inc. — Database storage, authentication, and row-level access control.
- Google LLC — Analytics via Google Analytics (anonymized usage data).
- Railway Corp — Hosting and compute infrastructure for the application.
We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. We do not share your data with advertisers.
We may disclose your information if required by law, subpoena, court order, or other valid legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
6. Data Retention
- Account data: Retained while your account is active. Upon account deletion, account data is deleted or anonymized within 30 days, except where retention is required by law.
- Document content: Not retained after processing is complete. Documents exist in memory only during the request lifecycle.
- Payment records: Retained for 7 years as required by applicable tax and accounting regulations.
- Usage logs: Retained for 90 days for security monitoring and debugging purposes, then deleted.
- Support emails: Retained for as long as reasonably necessary to maintain the support relationship, typically 3 years.
7. Your Rights and Choices
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request that we correct inaccurate or incomplete data.
- Deletion: Request that we delete your personal data (right to erasure). Note that some data may be retained as required by law.
- Data portability: Request that we provide your data in a portable, machine-readable format.
- Objection: Object to certain types of processing, such as direct marketing.
- Analytics opt-out: You can opt out of Google Analytics by adjusting your browser settings, using the Google Analytics opt-out browser add-on, or enabling Do Not Track in your browser.
To exercise any of these rights, please contact us at support@coplain.com. We will respond within 30 days.
8. California Residents — CCPA
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
- Right to know: You have the right to know what categories of personal information we collect, the purposes for which it is used, and with whom it is shared.
- Right to delete: You have the right to request deletion of your personal information, subject to certain exceptions.
- Right to correct: You have the right to request correction of inaccurate personal information.
- Right to opt out of sale or sharing: We do not sell or share your personal information as those terms are defined under the CCPA. We do not use your personal information for cross-context behavioral advertising.
- Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.
To submit a CCPA request, contact us at support@coplain.com. We may need to verify your identity before processing a deletion or access request.
9. EU and EEA Residents — GDPR
If you are located in the European Union or European Economic Area, the following additional provisions apply.
Legal Bases for Processing
- Contract performance (Article 6(1)(b)): Processing your account data, documents, and usage data is necessary to provide the Coplain service pursuant to your agreement with us.
- Legitimate interests (Article 6(1)(f)): Security monitoring, fraud prevention, abuse detection, and aggregate analytics are based on our legitimate interest in operating a secure and reliable service, balanced against your privacy interests.
- Legal obligation (Article 6(1)(c)): Retaining payment records and complying with valid legal requests.
- Consent (Article 6(1)(a)): Where we send optional marketing communications, we rely on your consent, which you may withdraw at any time.
International Transfers
Your personal data is processed in the United States, where Price Legacy Group LLC is based. When we transfer data from the EU/EEA to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as a lawful transfer mechanism. For EU customers who require a Data Processing Agreement, please see our DPA page.
Data Protection Rights
In addition to the rights described in Section 7, EU/EEA residents have the right to lodge a complaint with their local data protection authority (DPA) if they believe we have processed their data unlawfully.
10. Security
We implement industry-standard security measures to protect your personal data, including encryption in transit (TLS 1.3 enforced on all connections), encryption at rest (AES-256 via Supabase/AWS), row-level security on all database tables, bcrypt password hashing, and rate limiting on all authenticated and unauthenticated API endpoints. Access to production systems is restricted to authorized personnel.
Despite these measures, no system is completely secure. In the event of a data breach affecting your personal data, we will notify affected users as required by applicable law and within 72 hours of our discovery of the incident where technically feasible. See our Security page for additional details.
11. Cookies
We use the following types of cookies:
- Essential cookies: Required for authentication, session management, and core platform functionality. These cookies cannot be disabled without impairing the service.
- Analytics cookies: Google Analytics sets cookies to track page views, session duration, and navigation patterns. This data is aggregated and anonymized.
You can opt out of analytics cookies at any time by adjusting your browser settings to block third-party cookies, using the Google Analytics opt-out browser extension, or enabling a Do Not Track signal. You can also manage your cookie preferences through the banner displayed on your first visit to Coplain.
12. Children's Privacy
Coplain is not directed at individuals under the age of 13, and we do not knowingly collect personal data from children under 13. If we learn that we have inadvertently collected data from a child under 13, we will delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at support@coplain.com.
13. Changes to This Policy
We may update this Privacy Policy from time to time as our practices evolve or as required by law. For material changes — such as changes to how we share data, the categories of data we collect, or your rights — we will provide prominent notice either by emailing the address associated with your account or by posting a notice on the Coplain platform before the changes take effect. Your continued use of Coplain after the effective date of any updated policy constitutes your acceptance of the changes.
Non-material changes (such as correcting typos or clarifying existing practices without substantive effect) will be updated without individual notice.
14. Contact
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Price Legacy Group LLC
Yukon, Oklahoma, United States