Privacy Policy

Last updated: April 7, 2026

Introduction

ClientCove (“we”, “us”, or “our”) operates client-cove.com and the ClientCove platform. This Privacy Policy explains how we collect, use, and protect information when you use our service.

This policy covers two groups of people: workspace owners — the freelancers and agencies who create accounts and use ClientCove to manage their work — and their clients, who access branded portals through magic links to view files, messages, invoices, and contracts.

By using ClientCove, you agree to the practices described in this policy. If you have questions, email us at [email protected].

Information We Collect

Account information. When you sign up, we collect your name and email address through Clerk, our authentication provider. You may also provide a workspace name, logo, and brand color during onboarding.

Client information. Workspace owners add client records containing names, email addresses, and optionally a company name and internal notes. Files uploaded by workspace owners or their clients are stored in Supabase Storage and are only accessible to the workspace owner and the specific client they belong to.

Payment information. Subscription payments are processed by Stripe. We never store your credit card number or full payment details on our servers. We do store Stripe customer and subscription IDs to manage your plan.

Usage data. We collect anonymized analytics data — page views, feature usage, and session duration — through Plausible Analytics. This data contains no personally identifiable information and is not tied to your account.

Cookies. Clerk uses essential cookies to maintain your authenticated session. We do not use advertising or tracking cookies. See the Cookies section below for full details.

How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the ClientCove platform and your client portals.
• Process subscription payments and invoice transactions through Stripe.
• Send transactional emails — portal invite links, invoice notifications, file request alerts, and contract signatures — through Resend. We do not send marketing email without your explicit opt-in.
• Power AI features. When you use an AI-assisted feature (such as drafting a status update, onboarding message, or contract), relevant context from your workspace is sent to the Claude API by Anthropic. This data is used solely to generate the requested output and is never used to train AI models.
• Monitor for errors and improve reliability using Sentry error tracking.
• Improve the product based on aggregated, anonymized usage patterns.

We do not sell your data to third parties. We do not use your data for advertising.

Third-Party Services

ClientCove relies on the following third-party services. Each service has its own privacy policy and data practices.

• Stripe — Payment processing for workspace subscriptions and client invoice payments. stripe.com/privacy
• Clerk — Authentication, session management, and user account data for workspace owners and team members. clerk.com/privacy
• Supabase — Database storage for all workspace, client, project, and message data, plus file storage for uploaded documents and assets. supabase.com/privacy
• Anthropic (Claude API) — AI-powered draft generation for status updates, onboarding messages, contracts, reply suggestions, and nudge emails. Data sent is used only for inference, not model training. anthropic.com/privacy
• Resend — Transactional email delivery for portal invitations, invoice notifications, and other system-triggered messages. resend.com/privacy
• Vercel — Hosting and deployment of the ClientCove application. vercel.com/legal/privacy-policy
• Plausible Analytics — Privacy-friendly website analytics. Plausible does not use cookies, does not collect personal data, and does not track users across sites. plausible.io/privacy
• Sentry — Error monitoring and performance tracking to help us identify and fix bugs. Error reports may include anonymized request context. sentry.io/privacy

Data Storage & Security

All workspace data is stored in a PostgreSQL database hosted by Supabase. Files are stored in Supabase Storage. Every table in our database has Row Level Security (RLS) enabled, which means each workspace can only access its own data — one workspace can never read or write another workspace's records.

All connections to ClientCove and its infrastructure are encrypted via TLS. File access uses time-limited signed URLs (valid for one hour), so shared links cannot be used to access files indefinitely.

While we take security seriously and follow industry best practices, no system is 100% secure. If you discover a security issue, please email us immediately at [email protected].

Data Retention

Active accounts. We retain your data for as long as your workspace account is active.

Deleted accounts. When you delete your workspace, your data is permanently removed from our systems within 30 days. During that window, you can contact us to reverse the deletion.

Client portal data. Files, messages, invoices, and contracts belonging to your clients are retained as long as your workspace account remains active. When your account is deleted, this data is deleted along with it.

Your Rights

You have the right to access, correct, or delete the personal data we hold about you. You can also request an export of your data at any time.

To exercise any of these rights, email [email protected] with the subject line “Data Request”. We will respond within 30 days.

If you are located in the European Economic Area, you have additional rights under the GDPR, including the right to lodge a complaint with your local supervisory authority.

Cookies

Authentication cookies. Clerk sets essential cookies to maintain your login session. These are strictly necessary for the platform to function and cannot be opted out of while using the service.

Analytics. We use Plausible Analytics, which is cookieless by design. No cookie is set for analytics purposes.

We do not use advertising cookies, retargeting cookies, or any third-party tracking cookies.

Children's Privacy

ClientCove is not directed at children under the age of 13, and we do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child under 13, please contact us and we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. For significant changes, we will notify workspace owners by email. Continued use of ClientCove after changes are posted constitutes acceptance of the updated policy.

Contact Us

If you have questions or concerns about this Privacy Policy or how we handle your data, please reach out:

ClientCove
Email: [email protected]
Website: client-cove.com