CopiolCopiol

Privacy Policy

Last updated: 16 March 2025

1. Introduction

Copiol ("we", "our", or "us") is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have over your data. It applies to all users of the Copiol web application.

2. Data We Collect

2.1 Account data

When you create an account we collect:

  • Your email address
  • Your full name
  • Your chosen password (stored as a secure hash — we never store plain-text passwords)
  • The date and time you accepted our Terms of Service

2.2 Inventory and app data

All content you create inside the app, including:

  • Components, categories, suppliers, and storage locations
  • Projects, bills of materials, and purchase history
  • Wishlist items, stock movements, and activity logs
  • Uploaded files (component photos, datasheets, schematics)

2.3 Usage data

We may collect basic, anonymised usage information (e.g. page views, feature usage frequency) to help us understand how the app is used and where to focus improvements. This data is not linked to your identity.

3. How We Use Your Data

  • To operate the Service — authenticate your account, store your inventory data, and provide all app features.
  • To communicate with you — send password reset emails, confirmation links, and important service notices.
  • To improve the Service — analyse anonymised usage patterns to prioritise features and fix issues.
  • For legal compliance — retain records as required by applicable law, and respond to lawful requests from authorities.

We do not use your data for advertising purposes and we do not sell your personal data to any third party.

4. Data Storage and Security

Your data is stored in Supabase (a Postgres database hosted on AWS infrastructure). All data is isolated per user via Row Level Security (RLS) — no user can access another user's data. Workspace data is only accessible to members who have been explicitly invited.

Uploaded files (photos, datasheets, schematics) are stored in Supabase Storage with private access policies. Files are only accessible via short-lived signed URLs generated server-side for authenticated users.

All data is transmitted over HTTPS. Passwords are hashed using industry-standard algorithms. We take reasonable technical and organisational measures to protect your data from unauthorised access, loss, or disclosure.

5. Third-Party Services

We use the following third-party services to operate Copiol:

SupabaseDatabase, authentication, and file storage. Data is processed in accordance with Supabase's Privacy Policy.
VercelWeb application hosting and deployment. Vercel processes request logs in accordance with their Privacy Policy.
DigiKeyMPN product data lookups (manufacturer, package, datasheet, price). Queries contain only the MPN string — no personal data is sent.

6. Cookies and Sessions

Copiol uses cookies solely to maintain your authenticated session. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. Session cookies are essential for the app to function and cannot be disabled while using the Service.

7. Data Retention

Your account and all associated data are retained for as long as your account is active. If you delete your account via Settings → Delete Account, all your personal data and inventory data is permanently and irreversibly deleted from our systems within 30 days.

Anonymised, aggregated usage statistics that cannot be linked back to you may be retained indefinitely for product improvement purposes.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — request deletion of your account and all associated data. You can do this yourself via Settings → Delete Account.
  • Portability — export your inventory data as CSV at any time from the inventory page.
  • Objection — object to processing of your personal data in certain circumstances.

To exercise any of these rights, contact us at hello@copiol.com.

9. Children's Privacy

Copiol is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected data from a child, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes we will make reasonable efforts to notify you by email. Your continued use of the Service after changes are published constitutes your acceptance of the updated policy.

11. Contact

If you have any questions or concerns about this Privacy Policy or how your data is handled, please contact us at hello@copiol.com.