PRIVACY POLICY

Your data, handled with care.

This Privacy Policy explains what information COI DASH collects, how we use it, the choices you have, and the safeguards we apply when operating our website and vendor COI compliance platform. COI DASH is operated by OneSpring LLC, a Georgia-based company, and is intended for business users in the United States. This page follows a standard public-facing SaaS privacy notice structure tailored to the COI DASH product.

Effective April 16, 2026 Applies to website and platform use Questions: privacy@coidash.com

What we collect

Contact details, business information, account data, vendor compliance records, device information, and limited analytics data used to operate and improve the service.

Why we collect it

To provide the platform, respond to inquiries, maintain security, deliver product updates, and support legitimate business operations.

Your control

Depending on your state and applicable U.S. privacy law, you may request access, correction, deletion, or portability, or opt out of certain processing.

Our commitment to privacy

COI DASH is operated by OneSpring LLC, a Georgia limited liability company. In this notice, “COI DASH,” “we,” “us,” and “our” refer to OneSpring LLC.

Privacy matters to us because COI DASH is designed to centralize sensitive insurance and compliance workflows. We aim to collect only the information reasonably necessary to run the website, deliver the platform, support customers, and protect the integrity of our systems. When we ask for personal information, we do so in context and explain why it is needed.

This notice applies to information collected on our public-facing website, through product demos and waitlist forms, and inside the COI DASH application when customers, employees, contractors, vendors, and other authorized users interact with the platform.

Our role and customer data

COI DASH serves businesses, and our privacy responsibilities depend on the type of information involved.

For information we collect through our website, demos, waitlist and marketing forms, account sign-up, and account administration, OneSpring is the business responsible for that information.

The vendor compliance records a customer uploads or manages in the platform — such as vendor contacts, business details, and COI documents — are controlled by that customer. The customer decides how that information is used, is responsible for providing any required privacy notices and obtaining any necessary permissions, and controls access within its own workspace. We use that information only to provide and support the service, and we do not sell it or use it for unrelated purposes. If your personal information appears in a customer’s workspace and you want to exercise a privacy right, please contact that customer directly; we will support them in responding.

The information we collect

Depending on how you interact with COI DASH, we may collect the following categories of information:

  • Contact information: name, work email address, company name, job title, company phone number, and mailing address.
  • Account and operational data: login details, role-based permissions, activity logs, review history, and support communications.
  • Vendor compliance information: vendor names, business contacts, insurance requirements, COI-related documents, expiration dates, review outcomes, and audit notes entered into the platform.
  • Technical and usage data: IP address, browser type, device details, approximate location derived from IP, referring pages, and interactions with our website or application.
  • Marketing and preference data: form submissions, campaign engagement, email opt-in status, and cookie-based analytics preferences.

How we collect data

We collect information directly from you when you fill out forms, request a demo, subscribe to updates, correspond with us, create an account, upload documents, or manage vendor records through the platform.

We also collect some information automatically through cookies, server logs, and similar technologies that help us understand traffic, protect the site, troubleshoot issues, and improve product experience. Like many modern SaaS websites, we may use analytics, performance, and marketing technologies to understand what content is useful, how visitors move through the site, and how campaigns perform.

We may receive information from customers, implementation partners, service providers, or publicly available business sources when they provide vendor or user records to support onboarding, compliance review, or account management.

Cookies and tracking technologies

Our website uses cookies and similar technologies that fall into a few categories: essential cookies needed to run the site and keep it secure; analytics and performance cookies that help us understand how the site is used; and marketing cookies that help us measure campaigns.

You can control non-essential cookies through your browser settings or any cookie preference tool we provide, and opting out of analytics or marketing cookies will not affect essential site functions.

How we use information

We use personal information to operate COI DASH, provide requested services, and maintain a secure and reliable experience. These uses may include:

  • Providing the website, application features, account access, and customer support.
  • Managing vendor insurance workflows, document review processes, reminders, and compliance status reporting.
  • Communicating with you about your account, support requests, billing matters, product changes, and security notices.
  • Sending marketing communications when you have opted in or where otherwise permitted by applicable law.
  • Analyzing performance, improving usability, training internal teams, and developing new features.
  • Preventing fraud, misuse, unauthorized access, and other activity that could harm customers or the platform.
  • Complying with legal obligations and enforcing contractual rights.

We limit the use of any sensitive personal information to the purposes permitted by applicable law and as needed to provide the service.

How we share information

We do not sell your personal information, and we do not “share” it for cross-context behavioral (targeted) advertising, as those terms are defined under California and other U.S. state privacy laws. We may share information in limited circumstances such as:

  • With service providers and subprocessors that help us host the platform, analyze usage, process communications, or provide customer support — under contracts that restrict them to using the information only to perform services for us.
  • With customers and authorized users who use COI DASH to manage vendor compliance records and need access to the information entered into their workspace.
  • When required to comply with law, legal process, lawful requests, or to protect rights, safety, and security.
  • As part of a merger, financing, acquisition, restructuring, or other corporate transaction, subject to appropriate confidentiality protections.

Your privacy rights and choices

Depending on where you live and which law applies, you may have the right to request access to your personal information, correct inaccurate information, delete certain information, restrict or object to processing, obtain a portable copy of the information you provided, and opt out of the sale or sharing of personal information. Residents of California, Virginia, Colorado, Connecticut, and a growing number of other U.S. states may have some or all of these rights.

To exercise a right, contact us at privacy@coidash.com. Before acting on a request, we will verify your identity using information already associated with you, and we may be unable to fulfill a request we cannot reasonably verify. You may use an authorized agent where the law allows. We will acknowledge and respond within the timeframes required by applicable law, and we will not discriminate against you for exercising your rights. If we decline a request, we will explain why, and you may ask us to reconsider where applicable law provides an appeal right.

If you are an authorized user of a customer account, we may direct your request to the relevant customer, because that organization controls much of the data processed in the platform. You may also unsubscribe from promotional emails at any time by following the instructions in the message or by contacting us directly.

Children’s privacy

COI DASH is a business tool that is not directed to children, and we do not knowingly collect personal information from anyone under 16. If we learn that we have collected personal information from a child, we will delete it.

Where we operate

COI DASH is operated from the United States and is intended for use within the United States. If you access the service from outside the United States, you understand that your information will be processed in the United States, where privacy laws may differ from those in your location. Where our service providers process information outside the United States, we use contractual and other safeguards as required by applicable law.

Data retention and security

We retain information for as long as reasonably necessary to provide the service, fulfill the purposes described in this notice, resolve disputes, enforce agreements, and comply with legal obligations. Retention periods vary depending on the type of data, the sensitivity of the information, the customer relationship, and whether the information is needed for audit, security, or compliance reasons.

We use administrative, technical, and organizational safeguards designed to protect information against unauthorized access, disclosure, alteration, and destruction. These measures may include encryption, access controls, logging, environment segregation, least-privilege access, vendor reviews, and monitoring for unusual activity. No method of transmission or storage is perfectly secure, so we cannot guarantee absolute security.

Updates and contact information

We may update this Privacy Policy from time to time to reflect changes in our practices, product features, service providers, or legal obligations. When we make material changes, we will update the effective date above and, where appropriate, provide additional notice.

If you have questions about this Privacy Policy or want to exercise a privacy right, contact us at privacy@coidash.com.