Data Retention Policy

Objective

The objective of this policy is to ensure that data is retained only for as long as it is needed to fulfil the purposes for which it was collected, to comply with legal and regulatory obligations, and to support the legitimate business needs of Coraa and its customers. Data that is no longer required is securely deleted or anonymized in a timely manner.

Scope

This policy applies to all data processed by Coraa, including Customer Data (data provided by or generated on behalf of customers in the course of using the services), operational data, and employee data. It covers data in all formats - electronic, paper, and any other medium.

Policy statement

• Data is retained only for as long as necessary to fulfil the purpose for which it was collected or as required by applicable law.
• Retention periods are defined for each category of data and reviewed annually.
• When the retention period expires, data is securely deleted or irreversibly anonymized.
• Backup copies follow the same retention schedule and are purged accordingly.
• Legal hold requirements override standard retention schedules when applicable.

Data retention and deletion guidelines

The following guidelines apply to the main categories of data we process.

Customer Data

• Retained for the duration of the customer's active subscription or service agreement.
• Upon termination of the agreement or at the customer's request, Customer Data is deleted within 90 days, unless a longer period is required by law or a specific contractual obligation.
• Customers may request earlier deletion by contacting privacy@coraa.ai.

Account and user data

• Account information (names, email addresses, company details) is retained while the account is active.
• After account closure, account data is retained for up to 12 months to support re-activation requests and resolve any outstanding issues, then securely deleted.

Technical and log data

• System logs, access logs, and diagnostic data are retained for up to 12 months for security monitoring, debugging, and performance analysis.
• Security event logs may be retained for up to 24 months to support incident investigation and compliance requirements.

Support and communications data

• Support tickets and related communications are retained for up to 24 months after the ticket is resolved.
• Marketing communications and consent records are retained for as long as the consent is valid, plus a reasonable period to demonstrate compliance.

Financial and contractual records

• Invoices, payment records, and contracts are retained for the period required by applicable tax, accounting, and corporate laws - typically 7 years.

Deletion and anonymization

• Deletion is performed using industry-standard secure deletion methods appropriate to the storage medium.
• Where full deletion is not technically feasible (for example, in aggregated analytics), data is irreversibly anonymized so that it can no longer be linked to any individual.

Your rights

Depending on your location, you may have the right to request deletion of your personal data, to access the data we hold about you, and to object to or restrict certain processing activities.

To exercise any of these rights or to request information about retention periods applicable to your data, contact us at privacy@coraa.ai.

Contact

• Email - privacy@coraa.ai
• Support - support@coraa.ai
• Address - Cause Connect Pte. Ltd., 68 Circular Road, #02-01, 049422, Singapore

See our Privacy Policy and Data Protection Policy for related information.