CoPIMS Privacy Policy

Effective date: December 8, 2025

CoPIMS is committed to protecting the privacy and security of information collected through our services. Use the sections below to expand the details you need.

We collect several categories of information to operate the Service and deliver features. Below is a non-exhaustive list and examples of the types of data we process.

  • Account and identity data: name, business email, username, company name, job title, phone number and profile fields you provide when registering.
  • Authentication data: salted/hashed passwords, multi-factor authentication tokens and session metadata used to secure access.
  • Project and content data: BoQs, bills, plans, schedules, reports, attachments, drawings, and any files you or your organization upload to the platform.
  • Transactional & billing data: invoices, billing history and payment metadata. Payment card numbers and full payment account details are typically processed and stored by our third-party payment processors; we receive only tokenized or summary information necessary for billing and reconciliation.
  • Usage and diagnostic data: IP address, device and browser metadata, logs, feature usage, performance metrics and crash reports that help us maintain and improve the Service.
  • Support & communications: messages submitted to support, feedback, survey responses and any information contained in that correspondence.
  • Integrations data: information exchanged with third-party integrations you enable (for example, external storage, accounting systems, or SSO providers).

We do not generally collect sensitive personal information (such as health or government ID numbers) unless you provide it for a specific business purpose; if you do, we will treat it with additional safeguards and only as permitted by law.

We process information for the following purposes:

  • Provide core functionality: to create, host, display and manage projects, BoQs and related content.
  • Billing and payments: to issue invoices, reconcile payments, and detect fraudulent activity.
  • Support and account management: to respond to inquiries, resolve incidents, and provide training or onboarding.
  • Security and reliability: to detect abuse, secure the Service and perform forensic analysis after incidents.
  • Product improvement: to analyze aggregated usage trends, prioritize features and test product changes.

Where required by law, we rely on lawful bases such as contract performance, legitimate interests (e.g., security, service operation), consent (for optional features like marketing), or legal obligations.

We only share personal information in limited circumstances:

  • With your organization: administrators and users granted appropriate permissions can access data in accordance with your organization’s settings.
  • Service providers and subprocessors: cloud hosts, analytics, email delivery, and payment processors who act on our instructions and are contractually required to protect your data.
  • Legal disclosures: to comply with lawful requests, court orders, or to protect rights, safety, or property of CoPIMS, our users or the public.
  • Business transfers: in the event of a merger, sale, reorganization, or acquisition we may transfer data as part of that transaction, subject to confidentiality obligations.

We maintain a list of subprocessors and data transfers in our documentation; contact support for the most recent list specific to your account or region.

Security is a priority. Our measures include:

  • Encrypted transport (TLS) for data in transit and at-rest encryption for sensitive storage where applicable.
  • Access controls and role-based permissions to limit who can access data.
  • Periodic security reviews, vulnerability scanning and penetration testing by internal teams and third-party specialists.
  • Logging, monitoring and alerting to detect anomalous behavior and incidents.
  • Operational procedures for patching, incident response and disaster recovery.

If you suspect unauthorized access to your account or a data breach, notify us immediately at support@copims.com and provide relevant details (affected accounts, timestamps, screenshots).

Our retention principles:

  • Active account data: retained for as long as the account is active.
  • Deleted accounts: upon deletion we typically retain backups and limited metadata for up to 90 days for recovery and audit purposes, unless a longer retention is required by law.
  • Transactional records: billing and tax records are retained for a longer legal period (commonly 6–7 years, depending on jurisdiction).

To request deletion of your personal data, contact support with proof of identity. We will evaluate requests and comply where required by law; note that deleting account data may remove access to your content and cannot be undone.

Data subject rights vary by jurisdiction. Common rights include:

  • Access: request a copy of personal data we hold about you.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion of personal data where lawful.
  • Portability: request your data in a commonly used, machine-readable format.
  • Objection & restriction: object to certain processing or request restriction of processing.

To exercise rights, use account settings where available or contact support@copims.com with a clear description of your request. We'll verify your identity and respond within applicable legal timeframes (e.g., 30 days under GDPR, subject to lawful extensions).

Third-party links and integrations:

  • When you enable integrations (cloud storage, SSO, accounting connectors) we may exchange information with the third-party service. Those providers’ terms and policies apply to their processing.
  • We recommend reviewing third-party privacy notices and configuring integration permissions carefully.

Questions or requests regarding this policy: support@copims.com.

Data Protection Officer / Privacy contact: privacy@copims.com (for legal & compliance requests).

We may update this policy periodically; we will post the updated effective date and, where required by law, provide additional notice of material changes.

By using CoPIMS, you agree to the collection and use of information in accordance with this policy. For jurisdiction-specific rights (e.g., GDPR, CCPA) see our compliance documentation or contact privacy@copims.com.