1. Scope
This policy applies to personal information processed by CoSkip, Inc. (“CoSkip”, “we”, “us”, or “our”) through our websites (including coskip.com), any waitlist or pilot forms, and pre-release or pilot versions of the CoSkip mobile and headset apps (collectively, the “Services”).
Where we provide our Services to a business customer (your employer or contracting company), CoSkip generally acts as a processor/service provider and processes personal information on their instructions. In those cases, your employer's privacy policy governs first, and CoSkip's role is described in our data processing agreement with that customer.
2. Information We Collect
2.1 Information You Provide
- Account & contact details (name, work email, phone, company, role) when you join the waitlist, request a pilot, or contact us.
- Operational inputs in pilot or app use, such as spoken commands, checklists, inspection notes, photos/videos for proof of work, timestamps, and signatures. Where enabled, these may be processed on-device by default.
- Feedback (support requests, survey responses, product feedback).
2.2 Information Automatically Collected
- Device & usage (app version, device model/OS, browser type, pages viewed, referring/exit pages, date/time). We use this to improve reliability and performance.
- Approximate location (from device or IP) for features like region settings, language, and service availability. Precise GPS is off by default and only used if you grant permission.
- Cookies and similar technologies on our website (see “Cookies” below).
2.3 Information From Third Parties
- Single Sign-On (SSO/SAML/OIDC) details from your organization's identity provider.
- Integrations you connect (e.g., work order systems, ticketing, storage) per your admin's configuration.
- Lead/referral data from partners or conference signups.
3. How We Use Information
- Provide and improve the Services, including voice guidance, optional AR overlays, and automated proof-of-work capture.
- Operate pilots and early access, including onboarding, product communications, and support.
- Security and integrity, including detecting abuse, debugging, auditing, and incident response.
- Business operations, such as analytics (in privacy-preserving form where possible), billing (for paid customers), and planning.
- Marketing communications (waitlist updates, pilot invitations) with your consent where required. You can opt out at any time.
- Compliance with legal obligations and enforcing our terms.
4. Legal Bases (EEA/UK)
Where GDPR/UK GDPR applies, we rely on the following legal bases: performance of a contract (to deliver the Services), legitimate interests (to secure and improve the Services, prevent abuse, and communicate with you about our relationship), consent (for certain marketing/cookies), and legal obligations.
6. Data Retention
We retain personal information for as long as necessary to provide the Services, operate pilots, comply with legal obligations, resolve disputes, and enforce agreements. In many cases, pilot data is retained for the pilot's duration and then deleted or returned per customer instructions. Where available, admins can enable zero-retention options for certain features (e.g., discard server copies after on-device processing completes).
7. Security
We use administrative, technical, and physical safeguards designed to protect personal information, including encrypted transport, hardened infrastructure, access controls, and monitoring. No method of transmission or storage is 100% secure, but we continually improve our safeguards. If you believe your account has been compromised, contact us immediately.
Report a security issue: [email protected]
8. International Data Transfers
We may process and store information in the United States and other countries. Where required, we use appropriate safeguards for cross-border transfers, such as Standard Contractual Clauses (SCCs) or equivalent mechanisms, and implement supplementary measures as appropriate.
9. Your Rights & Choices
Depending on your region, you may have rights to access, correct, delete, or port your personal information, object to or restrict processing, and withdraw consent. To exercise these rights, email us at [email protected]. If we process your information on behalf of a business customer, we will redirect your request to that customer.
- Marketing opt-out: use the unsubscribe link in emails or contact us.
- Cookies: see “Cookies” below for preference controls. Cookie Preferences
- Do Not Track: we currently do not respond to DNT signals.
- Appeals/Complaints: EEA/UK users can contact their data protection authority; US residents may have appeal rights under state law.
11. AI & Model Processing
- On-device by default: Where supported, voice guidance and recognition run on the device or at the edge to minimize data leaving the worksite.
- Zero-retention options: Admins can enable settings that avoid storing transient audio or images after processing completes.
- Third-party models: If certain features require cloud models (e.g., AR object recognition), we use vetted providers under contractual data-protection terms and, where available, no-retention modes.
- Human review: We do not use your content for model training or human review without permission. Pilot feedback you submit may be used to improve the product.
12. Children's Privacy
Our Services are intended for business use and not for children. We do not knowingly collect personal information from children under 13 (or the applicable age of consent in your region).
13. Changes to This Policy
We may update this policy to reflect operational, legal, or regulatory changes. If we make material changes, we will post a notice on this page and update the “Last updated” date above. Continued use of the Services after the changes take effect constitutes acceptance.
14. Contact Us
CoSkip, Inc.
New York, NY, USA
[email protected] · +1 (718) 208-4790
15. California Notice (CPRA/CCPA)
California residents have the right to know, access, correct, and delete certain personal information we collect, and to opt out of sales or sharing for cross-context behavioral advertising. CoSkip does not sell personal information or share it for cross-context behavioral advertising. You may designate an authorized agent to make requests on your behalf. To exercise rights, contact [email protected].
Categories we may collect include identifiers (e.g., name, email), commercial information (pilot participation), internet activity (site/app usage), geolocation (approximate), and professional information (role/company). We use this information for the purposes described above and retain it as outlined in “Data Retention”.
Do Not Sell or Share My Personal Information (link available if required by your deployment).
15.1 CPRA Notice at Collection
| Category | Examples | Purpose | Retention |
|---|---|---|---|
| Identifiers | Name, email, phone, company, role | Account, contact, pilot onboarding, security | Life of account/pilot + legal requirements |
| Internet/Usage | Device, browser, pages, app events | Reliability, performance, security | Rolling 12-24 months (aggregated thereafter) |
| Geolocation (approx.) | Region, country (no precise GPS by default) | Localization, availability, fraud prevention | As needed for stated purposes |
| Professional | Company, role, pilot participation | Pilot operations, support, product planning | Life of account/pilot + legal requirements |
| Audio/Visual (pilot/app) | Voice commands, proof photos/videos | Guidance, verification, compliance | Pilot term or per admin setting (supports zero-retention) |
We do not sell personal information or share it for cross-context behavioral advertising.
16. EEA/UK Contacts
Data Protection Officer: Not currently appointed; contact [email protected].