Privacy Policy

Who we are

Coraa is an enterprise software platform that automates vendor onboarding and compliance workflows. We coordinate outreach, document collection, approvals, and reporting across email, chat, and voice.

Our commitments at a glance

• Your data is yours. You retain all right, title, and interest in your Customer Data.
• We do not use Customer Data to train any machine learning models.
• You have a right to deletion. You can request deletion at any time.
• We comply with data subject rights requests. Contact privacy@coraa.ai.

Data we process

We act as a processor of Customer Data and a controller for our own operational data.

• Account data - names, emails, company information, user settings.
• Workflow data - vendor contacts, messages, files, questionnaires, approvals, and audit trails provided or generated in the service.
• Technical data - logs, device information, IP address, and diagnostics for security and performance.
• Support data - communications with our support and success teams.

How we use data

• Provide, secure, and improve the services.
• Operate automated outreach, document collection, validation, and reporting as instructed by you.
• Prevent abuse and maintain service reliability.
• Comply with law and enforce our agreements.

For EU or UK users, our legal bases include performance of a contract, legitimate interests, compliance with legal obligations, and consent where applicable.

Subprocessors and transfers

We use vetted subprocessors to deliver the service, such as cloud infrastructure, email delivery, and communications providers. We enter data protection terms with subprocessors and use appropriate safeguards for international transfers, such as standard contractual clauses.

Security

We implement technical and organizational measures appropriate to the risk, including encryption in transit, access controls, and audit logging. We regularly review our controls and limit access to authorized personnel.

Retention

We retain Customer Data as long as your account is active or as necessary to provide the services and comply with legal obligations. Upon termination or your request, we will delete or return Customer Data according to your instructions and our agreements.

Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, object to processing, or request portability of your personal data.

To exercise these rights, or to submit a data subject rights request, contact us at privacy@coraa.ai. We will verify and respond consistent with applicable law.

Your responsibilities

You are responsible for the lawfulness of Customer Data that you submit to the service, including providing any required notices to and obtaining any necessary consents from the individuals you ask us to contact or process data about.

Children

Our services are intended for business use and are not directed to children under 16. We do not knowingly collect personal data from children.

Changes to this policy

We may update this Privacy Policy to reflect operational, legal, or regulatory changes. We will post the updated policy with a new date and, if material changes are made, provide additional notice.

Contact

• Email - privacy@coraa.ai
• Support - support@coraa.ai
• Address - Cause Connect Pte. Ltd., 68 Circular Road, #02-01, 049422, Singapore

See our Terms of Use for additional legal terms.

Privacy FAQ