Bag Carriers
Privacy Policy
Effective Date: June 1, 2026 · Last Updated: June 1, 2026
This Privacy Policy describes how Bag Carriers ("we," "us," or "our") collects, uses, shares, and protects information when you use the Bag Carriers agent portal application (the "App") and related services. The App is an internal business tool available exclusively to authorized Bag Carriers sales representatives, partners, and administrators.
1. Information We Collect
When you use the App, we collect the following types of information:
1.1 Account & Profile
- Authentication data: Email address, hashed password, and Sign in with Google / Sign in with Apple identifiers if used.
- Profile information: Your full name, role, and optional avatar image.
1.2 Business Activity
- Lead and prospect records you create — including business name, contact name, phone, email, address, vertical, deal value, stage, notes, follow-up dates, close probability.
- Activity history for each lead — stage changes, notes, meeting bookings, communications.
- Client enrollment data — agreement terms, billing types, monthly amounts, NMI subscription identifiers.
- Campaign, payout, and earnings data related to your work.
1.3 Cope AI Assistant Data
When you use the Cope AI assistant features:
- Conversation transcripts — both text messages and voice transcriptions are stored to maintain context across sessions and devices.
- Voice audio — when you use voice mode, audio is captured by your device microphone and sent to OpenAI's Whisper API for transcription. Audio recordings are not retained after transcription completes.
- AI-extracted memories — Cope generates short summarized statements ("memories") about you, your work patterns, family, prospects, and preferences, used to personalize responses in future conversations. You can view, edit, or archive any memory at any time through the in-app Notebook.
- Calendar access (optional) — if you connect a Google Calendar or iCloud calendar feed, we read upcoming events to ground Cope's briefings. We do not write to or modify your calendar.
1.4 Device & Technical
- Push notification tokens — APNs (iOS) or web push subscriptions, used to deliver scheduled briefings and pipeline alerts.
- Device and version information — device type, operating system version, app version, used for support and debugging.
2. How We Use Your Information
We use the information we collect solely to operate the App, including to:
- Authenticate your access and protect your account
- Manage your sales pipeline, leads, meetings, campaigns, payouts, and client enrollments
- Provide the Cope AI assistant — including conversation continuity, memory recall, voice features, scheduled briefings, and calendar-aware suggestions
- Deliver push notifications you have opted in to receive
- Process payment-related metadata (subscription IDs and customer vault IDs through NMI) on behalf of enrolled clients
- Send email outreach blasts to leads you have explicitly selected, through our email delivery provider
- Support, debug, and improve the App
We do not use your data to train any third-party machine learning models, sell your data, or use it for advertising.
3. Third-Party Services (Sub-Processors)
We share specific data with the following service providers, only as necessary to operate the App. Each provider is contractually obligated to protect your data and use it only to perform their service.
| Provider | Purpose | Data Shared |
|---|
| Supabase | Database, authentication, file storage | All account and business data |
| Netlify | Application hosting, function execution | Encrypted in transit only |
| Anthropic | Cope AI assistant (Claude) | Conversation text, memory context, your message — sent for response generation; not retained by Anthropic for training per their API terms |
| OpenAI | Voice transcription (Whisper) | Voice audio for transcription only; not retained beyond the request |
| ElevenLabs | Cope voice synthesis | Text of Cope's responses for speech output |
| Google Cloud (optional) | Google Calendar API | OAuth tokens and calendar event data, only if you connect your Google account |
| iCloud (optional) | iCloud public calendar feeds | Calendar URL only; we fetch publicly-shared events |
| Apple Push Notification service | iOS push delivery | Device token and notification payload |
| NMI | Payment processing for enrolled clients | Subscription and customer vault identifiers |
| Resend | Outbound email delivery | Recipient address and message content for blasts you initiate |
4. Data Storage and Security
Your data is stored in Supabase's managed cloud infrastructure. We use industry-standard security including:
- HTTPS / TLS encryption for all data in transit
- Encryption at rest for sensitive integration credentials (AES-256-GCM)
- Row-level security policies that limit access to your own data
- Admin-only access for cross-user data (e.g., team management features)
- Service role credentials kept server-side; never exposed to the client
5. Microphone and Speech Recognition
The App requests microphone access when you activate Cope's voice mode. Audio is captured locally on your device and transmitted over HTTPS to OpenAI's Whisper API for transcription. We do not retain the original audio after transcription. You can decline microphone permission and continue using the App's text features.
6. Push Notifications
The App uses Apple Push Notification service (APNs) on iOS and standard Web Push (VAPID) in browsers to deliver scheduled briefings and pipeline alerts. You may disable notifications at any time through your device settings or the in-app Notebook.
7. Your Rights — Access, Correction, Deletion
You have the right to:
- Access your personal data — most of it is visible within the App itself
- Correct your data through the App's editing features
- Delete your account from within the App at any time via Settings → Delete Account. Account deletion is permanent and removes your authentication credentials, profile, and personally-attributable activity records within 30 days. Business records (leads, campaigns) you created may be retained in anonymized form for business operations and legal compliance.
- Export your data on request
- Withdraw consent for optional integrations (calendar, push notifications)
To exercise any of these rights, use the in-app controls or contact us at the address below.
8. Data Retention
We retain your account and activity data for as long as you are an active user of the App. After account deletion, we permanently delete personally-attributable data within 30 days, except where retention is required by law. Aggregated, anonymized statistics may be retained indefinitely.
9. Children's Privacy
The App is intended exclusively for adult use in a professional business context. We do not knowingly collect personal information from anyone under the age of 13.
10. International Users
The App is operated from the United States. By using the App, you consent to the transfer and processing of your information in the United States, which may have different data protection laws than your country of residence.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. Material changes will be communicated through the App.
12. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact us: