Privacy Policy
Effective date: September 26, 2025
1. Overview
This Privacy Policy explains how CopEntry LLC ("CopEntry," "we," "our," or "us") collects, uses, discloses, and safeguards personal data when you interact with the CopEntry platform, visit our websites, communicate with our teams, or participate in CopEntry-sponsored events. This policy supplements any contractual privacy commitments we have executed with your agency and applies to both online and offline interactions with CopEntry.
Our privacy program is anchored to principles of privacy by design, data minimization, and agency control. We continuously evaluate how investigative data flows through the platform, restrict internal access to real business need, and document privacy impact assessments whenever we introduce new features or integrations.
- Privacy engineering. Designers and engineers collaborate on threat modeling, secure defaults, and safeguards before code ships.
- Governance cadence. Executive reviews, legal oversight, and third-party counsel ensure our policies stay aligned with CJIS-inspired requirements and regional privacy laws.
- Auditability. Immutable logging, data catalogs, and retention schedules support agency audits and demonstrate accountability.
2. Categories of Personal Data
Depending on your relationship with us, we may collect the following categories of personal data:
- Identity and contact data. Name, rank or title, email address, phone number, postal address, agency affiliation, badge number, and authentication identifiers.
- Professional information. Role, assignment, division, shift, certifications, and training history provided by you or your agency.
- Account and usage data. User IDs, login timestamps, feature usage, configuration preferences, event logs, and telemetry necessary to operate the Services.
- Content data. Narrative text, structured fields, attachments, multimedia, and annotations that you enter into the Services.
- Billing and transactional data. Subscription tier, payment status, invoice history, tax IDs, and limited payment details processed through designated payment processors.
- Communications. Support tickets, call recordings (with notice), chat transcripts, feedback surveys, and status updates exchanged with CopEntry.
3. Sensitive & Special Category Data
The Services may process sensitive data (for example, criminal justice information, biometric identifiers contained in attachments, or health-related details contained within case narratives). CopEntry processes such data solely as a service provider and implements heightened safeguards in alignment with applicable law-enforcement standards, including access logging, encryption, and role-based permissions. Agencies should avoid uploading sensitive data unless necessary and in accordance with their internal policies.
4. Information from Third Parties
We receive personal data from third parties, including:
- Agency administrators. Provisioned accounts, role assignments, and directory synchronization details.
- Identity and access providers. Authentication responses from single sign-on (SSO) systems, multi-factor tools, or Active Directory integrations.
- Integration partners. Records exchanged with RMS, evidence systems, or analytics platforms when you enable integrations.
- Public records & data vendors. Business contact enrichment and sanction screening data used for compliance checks.
5. Cookies & Tracking Technologies
CopEntry uses cookies, local storage, beacons, and similar technologies to operate, secure, and improve the Services:
- Essential cookies. Maintain login sessions, enforce security settings, store user preferences, and power core functionality.
- Performance cookies. Provide de-identified usage analytics, error diagnostics, and latency measurements to ensure stability.
- Preference cookies. Remember user choices, such as language, theme, or display settings, where available.
- Third-party scripts. Limited integrations (for example, customer support widgets) may deploy cookies subject to their own policies.
You can control cookies through browser settings. Disabling essential cookies may disrupt access to the Services. Where required by law, we request consent for non-essential cookies.
6. Telemetry & Performance Analytics
We collect telemetry data—such as API response times, browser type, device identifiers, crash reports, error codes, and cursor interactions—to monitor service quality and improve user experience. Telemetry is generally aggregated or anonymized and is not used to profile individual users for marketing purposes.
7. How We Use Information
We use personal data to:
- Provide, configure, and maintain the Services, including personalized feature layouts and workflow templates;
- Authenticate users, detect fraudulent activity, correct defects, and enforce platform security;
- Deliver customer support, onboarding assistance, training, and product updates;
- Process payments, manage subscriptions, conduct accounting, and send transactional communications;
- Conduct research and development, including improving AI-assisted drafting while applying safeguards to protect sensitive content;
- Comply with lawful requests, audits, investigations, or legal processes; and
- Enforce the Terms of Service and other applicable agreements.
8. Legal Bases for Processing
When required under applicable law (for example, GDPR), CopEntry relies on the following legal bases:
- Contract. Processing necessary to perform agreements with Customers, including providing the Services.
- Legitimate interests. Operating, securing, and improving the Services without unduly impacting individual privacy.
- Consent. Processing for certain communications, optional features, or customer references when you opt in.
- Legal obligation. Meeting regulatory requirements, responding to subpoenas, tax filings, or law-enforcement demands.
9. Sharing & Disclosure
We disclose personal data only as described below:
- Service providers. Cloud infrastructure, authentication, payment processing, email delivery, analytics, and support vendors acting under our instructions.
- Agency administrators. Users with administrative privileges may view certain logs, configuration settings, or user activity necessary for oversight.
- Professional advisors. Legal counsel, auditors, or accountants under confidentiality obligations.
- Business transfers. In the event of a merger, acquisition, or asset sale, personal data may be transferred as part of the transaction.
- Legal requests. Courts, law-enforcement agencies, or regulatory bodies when disclosure is required by law or necessary to protect rights and safety.
10. Agency Administrator Access
Agency administrators may configure role-based permissions, review audit logs, export reports, or access Agency Data in accordance with agency policy. CopEntry is not responsible for internal access decisions made by agency administrators.
11. Service Providers & Subprocessors
CopEntry engages subprocessors to support the Services. Core subprocessors include, but are not limited to:
- Netlify. Hosting and CDN services for static assets.
- Supabase. Authentication, managed PostgreSQL, storage, and role-based access enforcement.
- Stripe. Payment processing, subscription management, and invoicing.
- Mailgun or equivalent. Transactional email delivery.
- Helpscout or equivalent. Customer support ticketing.
All subprocessors are contractually required to maintain confidentiality, implement appropriate security measures, and process personal data only for authorized purposes. A current list of subprocessors is available upon request.
12. Data Retention & Deletion
We retain personal data only for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Customer-controlled retention policies dictate how long Agency Data remains active. Backup copies are generally overwritten within thirty (30) days, though audit logs may be retained longer for security, billing, or legal compliance purposes.
Upon contract termination or verified deletion request, CopEntry will delete or anonymize personal data within 60 days unless retention is required by law, court order, or legitimate business interest (for example, records of transactions, security logs, or dispute documentation).
13. Security Safeguards
CopEntry maintains administrative, technical, and physical controls to protect personal data and investigative content throughout its lifecycle. Safeguards are mapped to industry frameworks and informed by CJIS-style requirements so agencies can evidence compliance during audits and accreditation reviews.
- Technical safeguards. Encryption in transit (TLS 1.2+) and at rest (AES-256), key management with rotation, network segmentation, hardened service accounts, and continuous vulnerability scanning.
- Access governance. Zero-trust policies, role-based access control, multi-factor authentication for privileged users, immutable audit logs, and quarterly entitlement reviews.
- Operational discipline. Secure SDLC checkpoints, penetration testing, red-team exercises, background screening (where lawful), security awareness training, and vendor risk assessments.
- Data minimization. Collection limited to what agencies need to operate, configurable retention schedules, and workflows to purge exports or attachments when no longer required.
If we become aware of unauthorized access to personal data, we will notify affected Customers without undue delay, share available details, deliver remediation steps, and cooperate with agency-led investigations, subject to lawful restrictions.
14. International Transfers
CopEntry is headquartered in the United States. When personal data is transferred from the European Economic Area, United Kingdom, or Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions. Customers may request copies of executed transfer mechanisms by contacting us through the 24/7 support channel or emailing support@copentry.com.
15. Automated Decision-Making
CopEntry does not engage in solely automated decision-making that produces legal or similarly significant effects on individuals. AI-assisted features provide recommendations intended to support human decision makers; Authorized Users retain ultimate responsibility for review and finalization of content.
16. Children’s Privacy
The Services are designed for professional use and are not directed to children under 16. We do not knowingly collect personal data from children. If we learn that we have inadvertently processed children’s data, we will prompt the Customer to remove it or delete it ourselves, subject to applicable law.
17. Your Rights & Choices
Depending on your jurisdiction, you may have the right to:
- Access, correct, update, or delete personal data we hold about you;
- Object to or restrict certain processing activities;
- Port data you provided to us in a structured, commonly used format;
- Opt out of direct marketing communications;
- Withdraw consent where processing is based on consent; and
- Appeal decisions regarding your privacy requests.
18. How to Exercise Your Rights
You may submit privacy requests via the in-app support portal or by emailing support@copentry.com. Please provide sufficient information to verify your identity (for example, name, agency affiliation, and contact details). We will respond within the timelines required by applicable law. If we cannot comply with your request, we will explain the basis for denial and provide instructions for appeal where available.
19. Controller & Processor Roles
For most Services, Customer acts as the data controller (or equivalent term under privacy law) with respect to Agency Data, and CopEntry acts as a data processor or service provider. CopEntry processes Agency Data only on Customer’s documented instructions, subject to the Data Processing Addendum. For personal data collected directly by CopEntry for its own purposes (for example, marketing contacts, billing records), CopEntry acts as a controller.
20. Responsibilities of Agency Customers
Agency Customers are responsible for providing legally adequate privacy notices to individuals whose personal data they submit, obtaining necessary consents, and ensuring that data uploads comply with applicable privacy, employment, and evidentiary requirements. Agencies must configure retention controls, manage user permissions, and promptly notify CopEntry of suspected misuse or unauthorized access.
21. AI Governance & Model Training
CopEntry uses machine learning to improve drafting assistance and other features. Unless prohibited by contract, we may analyze de-identified or aggregated content to enhance model accuracy, mitigate bias, and improve safety filters. We do not use Agency Data to train publicly available models or disclose Agency Data to third parties for independent model training. Customers may opt out of certain analytics-based improvements by contacting CopEntry support, subject to feature limitations.
22. Regional Disclosures
California (CCPA/CPRA). California residents may request disclosure of categories of personal information collected, purposes of collection, sources, and third parties receiving personal information. CopEntry does not sell or share personal information for cross-context behavioral advertising.
European Economic Area & United Kingdom. Individuals have rights under the GDPR, including the right to lodge complaints with a supervisory authority. CopEntry relies on Standard Contractual Clauses for cross-border transfers and, where applicable, may appoint an EU or UK representative to facilitate communications.
Canada (PIPEDA). Canadian residents may request access to personal information, challenge accuracy, and withdraw consent subject to legal restrictions. Complaints may be lodged with the Office of the Privacy Commissioner of Canada.
23. Data Protection Officer & Representatives
CopEntry’s Data Protection Officer can be reached via support@copentry.com. Where required, CopEntry appoints regional representatives to facilitate communication with supervisory authorities and individuals; contact details are available upon request.
24. Changes to this Policy
We may update this Privacy Policy to reflect operational, legal, or regulatory changes. Material updates will be communicated via email, in-app notifications, or administrator dashboards at least 30 days before they take effect unless immediate changes are required by law or security needs. The "Effective date" above indicates the latest revision.
25. Contact
If you have questions or concerns about this Privacy Policy or our data practices, contact us through the 24/7 support chat or email support@copentry.com.