Privacy Policy
This Privacy Policy describes how Coppice, operated by Zhan Capital LLC ("we," "us," or "our"), collects, uses, discloses, and safeguards your information when you use the Coppice platform, including our website at coppice.ai, associated subdomains, and any related services (collectively, the "Service").
By accessing or using the Service, you agree to the collection and use of information in accordance with this Policy. If you do not agree with the terms of this Policy, please do not access the Service.
1. Information We Collect
1.1 Information You Provide
- Account Information: When you create an account, we collect your name, email address, and organization name. We use Google OAuth for authentication and do not store your Google password.
- Business Data: Information you input into the platform, including leads, contacts, documents, communications, and other business records necessary for the Service to function.
- Communications: Messages, emails, and other content you create, send, or receive through the Service, including interactions with AI agents.
- Payment Information: If you subscribe to a paid plan, payment details are processed by our third-party payment processor (Stripe). We do not store full credit card numbers on our servers.
1.2 Information Collected Automatically
- Usage Data: How you interact with the Service, including features used, pages visited, and actions taken.
- Device Information: Browser type, operating system, IP address, and device identifiers.
- Cookies: We use essential cookies for authentication and session management. We do not use third-party advertising cookies.
1.3 Information from Third-Party Services
When you connect third-party accounts (such as Google Workspace, Gmail, Google Calendar, or Google Drive), we access only the data necessary to provide the specific features you have enabled:
- Gmail: Reading and sending emails on your behalf when you use email-related agent features.
- Google Calendar: Reading calendar events to schedule and manage meetings through the platform.
- Google Drive: Reading and creating documents and files when you use document-related features.
1.4 Mobile App Permissions (iOS)
The Coppice iOS app requests the following device permissions, each used only for the stated feature and only when you take an action that needs them:
- Camera: To capture reference images, receipts, and property photos you attach to tasks, feedback, or chats. Images stay on your device and are uploaded to your tenant workspace only when you submit them.
- Microphone: To record voice notes and meeting audio you initiate. Audio is transcribed via the Service and stored against your account; we do not listen in the background.
- Photo Library (read): To let you pick existing photos to attach to tasks, chats, or feedback. We never scan your library; you pick the specific images.
- Photo Library (save): To save reports and agent-generated images to your library when you explicitly ask.
- Location (when in use): For Property Scout and on-site job reporting. Used only when you are actively in those features; we do not track background location.
- Face ID / Touch ID: To unlock your agent workspace on-device. Biometric data never leaves your device; iOS handles verification locally.
- Push Notifications: To alert you about approvals, task updates, meeting starts, and important agent activity. You can disable these at any time in iOS Settings.
You can grant, revoke, or change any of these permissions at any time in iOS Settings › Privacy & Security, or iOS Settings › Coppice.
2. How We Use Your Information
- Service Delivery: To operate, maintain, and deliver the Coppice platform, including AI-powered business operations, lead management, document generation, and communication tools.
- AI Processing: Your business data may be processed by AI models (including Anthropic's Claude) to generate responses, insights, and recommendations. AI-processed data is used solely to provide the Service and is not used to train third-party AI models.
- Account Management: To create and manage your account, authenticate your identity, and provide customer support.
- Communications: To send you service-related notices, security alerts, and support messages.
- Improvement: To analyze usage patterns and improve features, performance, and user experience.
- Security: To detect, prevent, and address fraud, abuse, security issues, and technical problems.
- Legal Compliance: To comply with applicable laws, regulations, and legal processes.
3. Data Sharing and Disclosure
We do not sell your personal information.
We may share your information only in the following circumstances:
- AI Service Providers: We transmit data to AI model providers (such as Anthropic) to process your requests. These providers do not use your data to train their models.
- Infrastructure Providers: Cloud hosting and infrastructure services that process data on our behalf under strict contractual obligations.
- Payment Processors: Payment information is shared with Stripe to process transactions.
- Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.
- With Your Consent: We may share information with third parties when you have given explicit consent.
4. Data Retention
We retain your information for as long as your account is active or as needed to provide the Service. When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law or for legitimate business purposes.
AI conversation logs are retained for the duration of your subscription. You may request deletion of specific conversation data at any time.
5. Data Security
We implement appropriate technical and organizational measures to protect your information, including:
- Encryption of data in transit (TLS/HTTPS) and at rest
- Access controls and authentication mechanisms
- Regular security assessments and monitoring
- Secure coding practices and dependency management
While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We will promptly notify affected users in the event of a data breach in accordance with applicable law.
6. Your Rights and Choices
Depending on your jurisdiction, you may have the following rights:
| Right | Description |
|---|---|
| Access | Request a copy of the personal information we hold about you. |
| Correction | Request correction of inaccurate or incomplete personal information. |
| Deletion | Request deletion of your personal information, subject to legal retention requirements. |
| Portability | Request your data in a structured, commonly used, machine-readable format. |
| Restriction | Request restriction of processing of your personal information. |
| Objection | Object to the processing of your personal information for certain purposes. |
| Withdraw Consent | Withdraw consent at any time where processing is based on consent. |
To exercise any of these rights, contact us at privacy@coppice.ai. We will respond within 30 days.
7. Google API Services — Limited Use Disclosure
Coppice's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements:
- We only use Google user data to provide and improve the specific features you have authorized.
- We do not transfer Google user data to third parties except as necessary to provide the Service, comply with applicable laws, or as part of a merger or acquisition with adequate data protection.
- We do not use Google user data for serving advertisements.
- We do not allow humans to read Google user data unless we have your affirmative consent, it is necessary for security purposes, to comply with law, or the data is aggregated and anonymized for internal operations.
8. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete such information promptly.
9. International Data Transfers
Your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. By using the Service, you consent to such transfers. We ensure that appropriate safeguards are in place to protect your information in accordance with this Policy.
10. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
- The right to know what personal information we collect, use, and disclose.
- The right to request deletion of your personal information.
- The right to opt out of the sale of personal information. We do not sell personal information.
- The right to non-discrimination for exercising your privacy rights.
11. European Privacy Rights (GDPR)
If you are located in the European Economic Area, United Kingdom, or Switzerland, our legal bases for processing include:
- Contract Performance: Processing necessary to provide the Service you have requested.
- Legitimate Interests: Processing for our legitimate business interests, such as improving the Service and ensuring security.
- Consent: Processing based on your explicit consent, which you may withdraw at any time.
- Legal Obligation: Processing necessary to comply with applicable laws.
You may lodge a complaint with your local data protection authority if you believe your rights have been violated.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date. Your continued use of the Service after any changes constitutes acceptance of the revised Policy.
13. Contact Us
If you have any questions about this Privacy Policy or our data practices:
Email: privacy@coppice.ai
Website: coppice.ai