This Data Protection Policy describes how CauseConnect AI Solutions Pvt Ltd (CIN U62090KA2025PTC202597), operating under the brand "CORAA AI" ("Coraa", "we", "us", or "our") protects personal data across our services. Our registered office is in Bellandur, Bangalore, India.
Objective
The objective of this policy is to ensure that all personal data collected, processed, stored, or transmitted by Coraa is handled in accordance with applicable data protection laws, including the Singapore Personal Data Protection Act (PDPA), the EU General Data Protection Regulation (GDPR), and India's Digital Personal Data Protection Act (DPDPA). We are committed to safeguarding the privacy and rights of individuals whose data we process.
Scope
This policy applies to all personal data processed by Coraa, whether collected from customers, employees, vendors, website visitors, or other individuals. It covers all processing activities, including collection, storage, use, transfer, and deletion, across all systems, applications, and services operated by Coraa.
Policy statement
Coraa is committed to protecting personal data by adhering to the following principles and practices.
- Personal data is processed lawfully, fairly, and in a transparent manner.
- We collect personal data only for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.
- We limit collection to data that is adequate, relevant, and necessary for the intended purpose.
- We take reasonable steps to ensure personal data is accurate and kept up to date.
- We do not retain personal data longer than necessary for the purpose for which it was collected.
- We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, or damage.
Principles for processing personal data
Lawfulness, fairness, and transparency
We process personal data only when we have a lawful basis, such as the performance of a contract, a legitimate interest, compliance with a legal obligation, or the consent of the data subject. We provide clear information about our processing activities through this policy, our Privacy Policy, and any applicable notices.
Purpose limitation
Personal data is collected for specific, stated purposes and is not used for unrelated activities. When we act as a data processor on behalf of our customers, we process data only in accordance with their documented instructions.
Data minimization
We collect and process only the minimum amount of personal data required to achieve the stated purpose. We review our data collection practices regularly to ensure we are not collecting more data than necessary.
Accuracy
We take reasonable steps to ensure that personal data is accurate and, where necessary, kept up to date. Individuals can request correction of inaccurate data by contacting us.
Storage limitation
Personal data is retained only for as long as it is needed to fulfil the purpose for which it was collected or as required by law. See our Data Retention Policy for specific retention periods. Data Retention Policy.
Integrity and confidentiality
We implement technical and organizational measures to ensure the security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage. See our Encryption Policy for details on our encryption practices. Encryption Policy.
Accountability
We maintain records of our processing activities and can demonstrate compliance with applicable data protection laws. We conduct periodic reviews and audits of our data processing practices.
Security of personal data
We protect personal data through a combination of technical and organizational measures, including but not limited to:
- Encryption of data in transit using TLS 1.2 or higher.
- Encryption of data at rest using AES-256 or equivalent algorithms.
- Role-based access controls with the principle of least privilege.
- Multi-factor authentication for administrative access.
- Regular security assessments, vulnerability scans, and penetration testing.
- Logging and monitoring of access to systems containing personal data.
- Incident response procedures to detect, investigate, and respond to data breaches.
- Employee training on data protection and information security.
Data subject rights
Depending on your location and applicable law, you may have the following rights with respect to your personal data:
- Access, request a copy of the personal data we hold about you.
- Rectification, request correction of inaccurate or incomplete personal data.
- Erasure, request deletion of your personal data when it is no longer needed.
- Restriction, request that we restrict processing of your personal data in certain circumstances.
- Portability, request a copy of your personal data in a structured, commonly used, machine-readable format.
- Objection, object to processing based on legitimate interests or direct marketing.
- Withdraw consent, where processing is based on consent, you can withdraw consent at any time.
To exercise any of these rights, contact us at privacy@coraa.ai. We will verify your identity and respond within the timeframes required by applicable law.
Contact
- Email, privacy@coraa.ai
- Support, audit@coraa.ai
- Address, CauseConnect AI Solutions Pvt Ltd, Bellandur, Bangalore, India
See our Privacy Policy and Data Retention Policy for related information.