CoVision

Privacy Policy

Last updated: June 2026. This policy describes how CoVision handles personal information when you use our platform.

CoVision ("we", "us", or "our") provides a workshop ideation platform for organisations. This Privacy Policy explains what information we collect, how we use it, and the choices available to you.

Information we collect

Organisation users (owners and admins)

When you sign in with a magic link, we receive your email address and basic account metadata from our authentication provider. Organisation owners may provide billing details through Stripe Checkout; payment card data is processed by Stripe and is not stored on our servers.

Workshop participants

Participants join events without creating accounts. We may store an optional display name, a browser fingerprint hash to prevent duplicate submissions, session identifiers, sketch uploads, written descriptions, and AI-generated outputs linked to that session.

Contact and support

If you submit our contact form, we collect the information you provide (such as name, email, company, subject, and message) to respond to your enquiry.

How we use information

We use personal information to:

  • Provide and operate the CoVision platform
  • Authenticate organisation users and manage memberships
  • Process payments and grant access entitlements
  • Generate AI outputs requested during workshops
  • Facilitate live workshop features (projector, funding, reports)
  • Respond to support and sales enquiries
  • Maintain security, prevent abuse, and improve reliability

AI processing

Sketch images and text descriptions may be sent to third-party AI providers (such as OpenAI, Google Gemini, and Fal.ai) solely to generate workshop outputs you request. We do not use participant content to train public models on your behalf. Organisation event data remains private to authorised users of that organisation.

Storage and security

Data is stored in Supabase (PostgreSQL) and private object storage. Assets are accessed via short-lived signed URLs after authorisation checks. We apply row-level security, encryption in transit, and least-privilege access for operational systems.

Data retention

Organisation and event data is retained while your account or event remains active. Organisation owners and admins may delete events; deletion is soft-delete first with immediate access lock, followed by asset cleanup. Contact form submissions are retained as needed to handle enquiries and legitimate business records.

Sharing with third parties

We share data with service providers who help us run CoVision, including Supabase (auth, database, storage), Stripe (payments), Resend (transactional email), and AI inference providers. We do not sell personal information.

Your rights

Depending on your location, you may have rights to access, correct, delete, or restrict use of your personal information. Organisation owners should contact us for participant data tied to their events. Individuals may contact us at our contact page to exercise applicable rights.

International transfers

Our processors may store or process data in countries other than your own. We rely on appropriate safeguards where required by law.

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the date at the top of this page.

Contact

Questions about privacy? Reach us via the contact form.