This Privacy Policy describes how CauseConnect AI Solutions Pvt Ltd (CIN U62090KA2025PTC202597), operating under the brand "CORAA AI" ("Coraa", "we", "us", or "our") collects, uses, and protects personal data when you use our services. Our registered office is in Bellandur, Bangalore, India.
Who we are
Coraa operates the CORAA AI audit infrastructure, a software-as-a-service platform that supports chartered accountants and audit professionals in the conduct of statutory, tax, internal, and assurance engagements. The platform spans seven modules — Engagement Setup, Scrutiny, Reconciliation, Procedures, Working Papers, Findings, and Reporting — with connectors to Tally Prime, Zoho Books, SAP S/4HANA, Oracle NetSuite, Busy, Marg, SAP Business One, and Excel/CSV. All Client Data is hosted on the AWS Mumbai Region (India). For personal data forming part of audit engagements you upload, the client firm is the Data Fiduciary and Coraa is the Data Processor.
Our commitments at a glance
- Your data is yours. You retain all right, title, and interest in your Customer Data.
- We do not use Customer Data to train any machine learning models.
- You have a right to deletion. You can request deletion at any time.
- We comply with data subject rights requests. Contact privacy@coraa.ai.
Data we process
We act as a processor of Customer Data and a controller for our own operational data.
- Account data, names, emails, company information, user settings.
- Engagement data, ledgers, vouchers, GST/TDS returns, bank statements, working papers, and audit trails provided or generated in the service.
- Technical data, logs, device information, IP address, and diagnostics for security and performance.
- Support data, communications with our support and success teams.
How we use data
- Provide, secure, and improve the services.
- Operate automated outreach, document collection, validation, and reporting as instructed by you.
- Prevent abuse and maintain service reliability.
- Comply with law and enforce our agreements.
For EU or UK users, our legal bases include performance of a contract, legitimate interests, compliance with legal obligations, and consent where applicable.
Subprocessors and transfers
We use vetted sub-processors to deliver the service, such as cloud infrastructure, email delivery, and analytics providers. We enter data protection terms with sub-processors and apply appropriate safeguards for any international transfers. Our current sub-processor list, technical and organisational measures, and incident response procedures are published at trust.coraa.ai.
Security
We implement technical and organizational measures appropriate to the risk, including encryption in transit, access controls, and audit logging. We regularly review our controls and limit access to authorized personnel. We maintain ISO/IEC 27001 certification on an annual cadence, and SOC 2 Type II is on our security roadmap. Our sub-processor list and technical and organisational measures are published at trust.coraa.ai.
Retention
We retain Customer Data as long as your account is active or as necessary to provide the services and comply with legal obligations. Upon termination or your request, we will delete or return Customer Data according to your instructions and our agreements.
Your rights
Depending on your location, you may have rights to access, correct, delete, restrict, object to processing, or request portability of your personal data.
To exercise these rights, or to submit a data subject rights request, contact us at privacy@coraa.ai. We will verify and respond consistent with applicable law.
Your rights under the Digital Personal Data Protection Act, 2023 (India)
As a Data Principal under DPDPA 2023, you have the right to access information about your personal data, correct or update it, request erasure, withdraw consent you have previously given, nominate another individual to exercise your rights in case of incapacity or death, and seek grievance redressal. To exercise any of these rights, write to privacy@coraa.ai and we will respond within seven working days.
Grievance Officer
For grievances relating to the processing of your personal data, you may contact our Grievance Officer at privacy@coraa.ai. We acknowledge grievances within two working days and resolve them within seven working days. If you remain dissatisfied, you may escalate to the Data Protection Board of India.
Your responsibilities
You are responsible for the lawfulness of Customer Data that you submit to the service, including providing any required notices to and obtaining any necessary consents from the individuals you ask us to contact or process data about.
Children
Our services are intended for business use and are not directed to children under 18. We do not knowingly collect personal data from children, consistent with the Digital Personal Data Protection Act, 2023.
Changes to this policy
We may update this Privacy Policy to reflect operational, legal, or regulatory changes. We will post the updated policy with a new date and, if material changes are made, provide additional notice.
Contact
- Email, privacy@coraa.ai
- Support, audit@coraa.ai
- Address, CauseConnect AI Solutions Pvt Ltd, Bellandur, Bangalore, India
See our Terms of Use for additional legal terms.
Related policies
Privacy FAQ
Do you use Customer Data to train models?
No, we do not use Customer Data to train any machine learning models.
How can I request deletion?
You can email privacy@coraa.ai to request deletion. We will verify your request and delete data as required.
Where are you located?
CauseConnect AI Solutions Pvt Ltd, operating under the brand "CORAA AI". Registered office in Bellandur, Bangalore, India. All Client Data is hosted on the AWS Mumbai Region (India).