PRIVACY POLICY

Your Privacy Rights

Effective Date: Oct 17, 2025

This Privacy Policy describes the types of information gathered by Cora Software LLC (collectively, “Company”, “us” or “we”) in the process of providing https://cora.computer/ (collectively, the “Site”), our portfolio company websites (as described below), our Model(s), and the data, services, information, tools, functionality, updates and similar materials (collectively, the “Service”), how we use it, with whom the information may be shared, what choices are available to you regarding collection, use and distribution of information and our efforts to protect the information you provide to us through the Service.

By using the Service, you hereby consent to allow us to process information in accordance with this Privacy Policy. Please also refer to our Terms of Service, https://cora.computer/terms, which are incorporated as if fully recited herein. Terms defined in the Terms of Service that are not defined herein shall have the same definition as in the Terms of Service.

This policy is subject to change. If our information retention or usage practices change, we will let you know by posting the Privacy Policy changes on the Service and/or otherwise making you aware of the changes. Your continued use of the Service following our notice of changes to this Privacy Policy means you accept such changes. Please refer to the “Effective Date” above to see when this Policy was last updated.

Territoriality

Regardless of where our servers are located, your personal data may be processed by us in the United States, where data protection and privacy regulations may or may not be to the same level of protection as in other parts of the world. BY VISITING THE SITE AND USING THE SERVICE, YOU UNEQUIVOCALLY AND UNAMBIGUOUSLY CONSENT TO THE COLLECTION AND PROCESSING IN THE UNITED STATES OF ANY INFORMATION COLLECTED OR OBTAINED BY US THROUGH VOLUNTARY SUBMISSIONS, AND, TO THE EXTENT POSSIBLE, THAT U.S. LAW GOVERNS ANY SUCH COLLECTION AND PROCESSING.

This Privacy Policy may be subject to the provisions of the EU General Data Protection Regulation (“EU GDPR”), the UK General Data Protection Regulation (“UK-GDPR”, and together with the EU GDPR, the “GDPR”), and other applicable privacy laws. Under the GDPR, we are a data “Controller”. If you are an individual who resides in the United Kingdom, the European Economic Area, or Switzerland (collectively, and for the purposes of this Privacy Policy, the “EEA”), you are a “Data Subject” with certain protected privacy rights concerning your “Personal Data.” We will take commercially reasonable steps to maintain compliance with GDPR. Your Personal Data, combined with any other information that may identify you as a person, may be referred to in this Privacy Policy as Personally Identifiable Information (collectively, “PII”)

Who Collects Your Information On Our Service?

We do. Under the GDPR, we are what is known as a “Controller” of the Personal Data that you provide us with. We collect information from you on the Service, and we are responsible for protection of your information.

What Information Do We Collect?
- Personal Information. We collect certain PII from you when you sign-up for the Service, when you complete a survey, when you create or update an account, when you use the Service, when you request services, when you link your account on the Service to your social media account(s) via our optional integration, or otherwise when you submit such information. The types of PII we collect and save include:
Name, email address; username; and other information collected through the optional social media integration.
Technical information collected in our logs. Such information may include standard web log entries that contain your device identifiers (including mobile devices, such as UDID, MEID, and IMEI); cookies (first-party, third-party, session, and persistent); IP address; web beacons; page URL; and timestamp.

You may provide us with information when you interact with us through email, read an email from us, online chat, messaging functions within the Service, or otherwise. We may retain such information in order to provide you with services, and you agree that we may share this information as needed with other users in order to resolve any issues that may arise between you and another user of the Service.

The Service may be integrated with third party social media platforms, such as Facebook and Instagram (“Platforms”). If you choose to interact with the Platforms through the Service, the Platforms may make additional PII about you available to us. The Service may use your mobile data plan in order to use certain features of the Service, such as communication with other users through the Service.

1. Non-Personal Information. “Non-Personal Information” is information which doesn’t identify you and/or anonymous information about you, including but not limited to links and materials posted, purchase history, the type of device you used and its operating system, browser information, the pages accessed most frequently, how pages are used, when and how you use the Service, search terms entered, and similar Non-Personal Information.

Automatically tracking Internet Protocol (IP) addresses is one method of automatically collecting information about your activities online and information volunteered by you. An IP address is a number that is automatically assigned to your device whenever you surf the internet. Further, the Service may utilize web beacons, pixel tags, cookies, embedded links, and other commonly used information-gathering tools. Through collecting your IP address, we may be able to approximate your geographic location, however, unless and until this is information is paired with your PII, it cannot be used to identify you. If Non-Personal Information is paired to any of your PII, we will treat the Non-Personal Information as if it was PII too.

1. Aggregate Information. We may also collect anonymous, non-identifying, and aggregate information, such as the date and time of any request, language preference, referring website, the pages you visit within our Site, the website you go to after visiting our Site, and the domain name of your Internet service provider.
  - Financial Information. Although it may appear that we collect financial information from you on the Service, it is actually collected and processed through a third-party service provider (“Payment Processor”) to process payments for the Service. The Payment Processor may collect financial information such as banking information or credit card number, name, CVV code or date of expiration, from you on the Service. We do not hold your financial information.
  - Google Data. We also have to access, collect, and process the Google Data relating to the Gmail account(s) with which you use our Service in order to read, archive, draft responses, create rules, store, generate summaries, and otherwise provide you with our Service.

Why Is My Information Being Collected?

We accept and gather information, including your Google Data, in an effort to provide the Service to you. We need to collect your PII so that we can respond to your requests for information or to be added to our email lists, to integrate with the Platforms, to process your payment for the Service and, to train, develop, and improve the artificial intelligence and/or machine learning models and algorithms that we develop and train (“Models”), if applicable. We may also collect aggregate information, to help us better design the Service, and log information, for monitoring purposes to help us to diagnose problems with our servers, administer the Service, calculate usage levels, and otherwise provide services to you.

How Do We Use the Information We Collect?

We use the PII you provide for the purposes for which you have submitted it including

Internal Uses. We may use your PII to respond to your inquiries, to fulfill your requests for information, track usage trends, conduct experiments, send you push notifications, develop and improve the Service and other offerings, and perform research and analytics.
Creating and Maintaining Your Account. We use your PII to create and maintain an account for you to allow you to purchase and use the Service, including those aspects that may be enabled or enhanced by artificial intelligence.
Paying for the Service. To the extent necessary, our payment information is collected by, and processed through, our Payment Processor.
AI Training. As mentioned above, we may use your PII and your Content to develop and improve the Service, including for the training of the Model(s) that power(s) our Services. However, neither we, nor any of the Third-Party AI Providers, will use your Google Data to train our respective Model(s).
Communicating With You About Our Services. We may use your PII to send you information about new services and other items that may be of interest to you.
Social Media Integration. We may use your PII to integrate your social media accounts with the Service, and to provide to you the social media features of the Service.
Sending Administrative and Promotional Emails. We may use your PII to send you emails to: (a) confirm your account information and your other PII; (b) process your transactions to purchase our Service; (c) provide you with information regarding the Service; (d) inform you of changes to this Privacy Policy, our Terms of Service, or our other terms, conditions, or policies; or (e) provide you with information on our other services and products, or promotions related to the Service or our other services and products.
Serve You Targeted Advertisements. We may use your PII to serve you advertisements with the Service that are targeted to your interests.
Sharing Information. We may disclose your PII with third parties as described below.
We may use anonymous information that we collect to improve the design and content of our Service, and to enable us to personalize your internet experience. We also may use this information in the aggregate to analyze how our Site is used, as well as to offer you programs or services. We may use any anonymous, aggregate information, of which your information may be a part of or the basis of, without restriction.
Do We Share Your PII?

We will not share your PII except: (a) for the purposes for which you provided it; (b) with your consent, such as other users of the Service; (c) as may be required by law or as we think necessary to protect our organization or others from injury (e.g., in response to a court order or subpoena, in response to a law enforcement agency request, or when we believe that someone is causing, or is about to cause, injury to or interference with the rights or property of another); or (d) with persons or organizations with whom we contract to carry out internal operations or business activities, including but not limited to our co-branded partner(s), as described in Section 11 below. We will also share your Google Data with the Third-Party AI Providers (defined below) for purposes of providing you with our Service, and to Google, because this is a requirement of Google in order for our software to interact with Google’s systems.

To the extent necessary to provide the Services that you request, we may have to share your Content and/or PII with one or more companies that provide certain technology tools and services (“Third-Party AI Providers”). Our current Third-Party AI Providers are as follows: OpenAI (https://openai.com/policies/business-terms/ - https://openai.com/policies/privacy-policy/); Anthropic (https://www.anthropic.com/legal/commercial-terms - https://www.anthropic.com/legal/privacy); Gemini (https://ai.google.dev/gemini-api/terms - https://policies.google.com/privacy). Neither our Privacy Policy, nor our Terms of Service, apply to the services that our Third-Party AI Providers provide in relation to you. You agree and acknowledge that the actions taken by such Third-Party Providers will be subject to, and governed by, their own terms and policies, including, but not limited to their privacy policy. Please review the terms of the Third-Party AI Providers before using our Service. You hereby consent to our sharing your Content and/or PII with the Third-Party AI Providers as necessary to provide the parts of our Service that you request.

We may also share aggregate information with others, including affiliated and non-affiliated organizations.

Finally, we may transfer your PII to a third party, or an actual or potential successor-in-interest, in relation to, or in the event of, an actual or potential merger, acquisition, sale of all or substantially all of our assets, reorganization, bankruptcy, or other change of control. After such disclosure or transfer, the third party or successor in interest may use the information in accordance with applicable law.

Are There Other Ways My Personal Data Could Be Shared?

You may elect to share certain personal information with individuals or with the public via your use of the Service. In this case, you will control such sharing via settings that we provide. For example, the Service may make it possible for you to publicly share information via Platforms such as Facebook, or Instagram. Be aware that when you choose to share information with friends, or with the public at large, you may be disclosing sensitive information, or information from which sensitive information can be inferred. Always use caution when sharing information through the Service. You understand and agree that we are not responsible for any consequences of your sharing of information through and beyond the Service.

How Can You Access And Control Your Information?

After becoming a user of the Service, you may revise or edit your information by sending an email to privacy@cora.computer. For instructions on how you can further access your PII that we have collected, or how to correct errors in such information, please send an e-mail to privacy@cora.computer. We will also promptly stop using your information and remove it from our servers and database at any time upon your e-mail request. Furthermore, you may opt out of the use of information by the Service to send you promotional emails by sending an email to privacy@cora.computer with “Opt-Out” in the subject line. To protect your privacy and security, we will take reasonable steps to help verify your identity before granting access, making corrections or removing your information.

How Do We Store and Protect Your Information?
After receiving your PII, we will store it on our servers for future use. We have physical, electronic, and managerial procedures in place to safeguard and help prevent unauthorized access, maintain data security, and correctly use the information we collect. Unfortunately, no data transmission over the internet or data storage solution can ever be completely secure. As a result, although we take industry-standard steps to protect your information (e.g., strong encryption), we cannot ensure or warrant the security of any information you transmit to or receive from us or that we store on our, our service providers’, or the Third-Party AI Providers’, systems.
If you are visiting the Site from outside of the USA, you understand that your connection may be through and to servers located in the USA, and the information you provide will be securely stored in our servers and internal systems located within the USA.
Retention. We store your PII until you request us to remove it from our servers, however, we may store our logs and other technical records, and any information entered into our Model(s), indefinitely. We will employ the methods described above to minimize the risk of your information becoming the subject of unauthorized access, use, or disclosure. We and the Third-Party AI Providers use a zero data retention policy with respect to your Google Data. This means that once we use the Google Data for a specific task, it is deleted by us and the Third-Party AI Providers. Any Google Data that we share with Google will be retained by Google for the life of your activity on the relevant Google Account(s) plus twelve (12) months.
How Do We Use Cookies And Other Network Technologies?
To enhance your online experience with us, our web pages may presently or in the future use “cookies.” Cookies are text files that our web server may place on your hard disk to store your preferences. Cookies, by themselves, do not tell us your e-mail address or other PII unless you choose to provide this information to us. Once you choose to provide PII, however, this information may be linked to the data stored in the cookie. Although it may be possible to turn off the collection of cookies through your device or browser, certain features of the Services may not function properly without the aid of cookies.
We may also utilize Posthog, provided by Posthog Inc., 2261 Market Street #4008, San Francisco, CA 94114, for the collection and analysis of visitor statistics on our Site so that we can better understand user behavior. For more information on the privacy practices of PostHog, please visit their privacy policy at: https://posthog.com/privacy.
Our Service may use Google Analytics, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 (“Google”). Google Analytics uses cookies and similar technologies to collect and analyze information about use of the Services and report on activities and trends. Google may collect information regarding the use of other websites, apps and online resources. For more information on how Google uses data when you use our Site or Service, please follow this link: https://policies.google.com/technologies/partner-sites. You may be able to opt-out of some or all of Google Analytics features by downloading the Google Analytics opt-out browser add-on, available at, https://tools.google.com/dlpage/gaoptout. For more information about interest-based ads, or to opt out of having your web browsing information used for behavioral advertising purposes, please visit http://optout.aboutads.info.
We or its service providers may also use “pixel tags,” “web beacons,” “clear GIFs” or similar means (collectively, “Pixel Tags”) in connection with some of our Site pages and HTML-formatted email messages for purposes of, among other things, compiling aggregate statistics about website usage and response rates. A Pixel Tag is an electronic image, often a single pixel (1x1), that is ordinarily not visible to website visitors and may be associated with cookies on visitors’ hard drives. Pixel Tags allow us and our service providers to count users who have visited certain pages of our Site, to deliver customized services, and to help determine the effectiveness of promotional or advertising campaigns. When used in HTML-formatted email messages, Pixel Tags can inform the sender of the email whether and when the email has been opened.
As you use the internet, you leave a trail of electronic information at each website you visit. This information, which is sometimes referred to as “clickstream data”, can be collected and stored by a website’s server. Clickstream data can reveal the type of computer and browsing software you use and the address of the website from which you linked to our Site. We may use clickstream data as a form of non-personally identifiable information to determine how much time visitors spend on each page of our Site, how visitors navigate through the Site, and how we may tailor our web pages to better meet the needs of visitors. We may use this information to improve our site.
Do Not Track. At present, the Site does not specifically respond to browser do-not-track signals.
Collection of Information by Others.

Our Terms of Service document may identify certain third-party websites to which we may provide links, and that you may click on our Site or in our Service. Please check the privacy policies of these other websites to learn how they collect, use, store and share information that you may submit to them or that they collect.

Co-branded Site(s).

We may partner with Every Studio, LLC to provide you with content or Services on a joint or “co-branded” basis. At a co-branded site, you will see both our logo and the logo of Every Studio displayed on your screen. In the instance of a co-branded site, we will still be the entity collecting your information, and our Privacy Policy will apply to that information as well. You should read the individual privacy policies of our co-branding partner, available here, https://every.to/legal,as they may differ in some respects from ours. Reading these policies will help you to make an informed decision about whether to provide your information to a given site.

‘EEA’ Privacy Rights.

If you currently reside in the EEA, the GDPR applies to your PII and you are a Data Subject. The GDPR requires that we, in our capacity as a Controller, have a legal basis to process your PII.

We process your PII under one or more of the following legal bases:
Processing is necessary for our legitimate interests;
To perform the contract that we are about to enter with you (e.g., our MSA);
To comply with a legal obligation; and/or
With your consent to do so, which may be revoked at any time.
Under the GDPR, as a Data Subject you have certain rights. They are:
The right to be informed. This is your right to be informed about what we are processing, why, and who else the data may be passed to.
The right of access. This is your right to see what data about you is held by us.
The right to rectification. This is the right to have your data corrected or amended if what is held is incorrect in some way.
The right to be forgotten. This is the right to have your personal data to be deleted in the event that such data is no longer required for the purposes it was collected for, your consent for the processing of the data is withdrawn, or the data is being unlawfully processed.
The right to restrict processing. This is the right to ask for a temporary halt to processing of your personal data, such as in the case where a dispute or legal case has to be concluded, or the data is being corrected.
The right to data portability. This is the right to ask for your personal data to be provided to you in a structured, commonly used, and machine-readable format.
The right to object. This is the right to object to further processing your personal data if such processing is inconsistent with the primary purposes for which it was collected.
Right in relation to automated decision making and profiling. This is the right to not be subject to a decision based solely on automated processing. The Service does not engage in automated decision making or profiling.

You can find instructions for enforcing some of these rights elsewhere in this Privacy Policy. Otherwise, if you wish to find out more about these rights, please contact us at privacy@cora.computer.

To contact our privacy team, please email us at privacy@cora.computer.

Children and Young People’s Information.

We do not knowingly collect any information from any minors, and we comply with all applicable privacy laws including the GDPR, the Children’s Online Privacy Protection Act (“COPPA”), and associated Federal Trade Commission (“FTC”) rules for collecting personal information from minors. Please see the FTC’s website (www.ftc.gov) for more information. If you have concerns about this Site, wish to find out if your child has accessed our Services, or wish to remove your child’s PII from our servers, please contact us at privacy@cora.computer. Our Site will not knowingly accept PII from anyone under 13 years old in violation of applicable laws, without consent of a parent or guardian. In the event that we discover that a child under the age of 13 has provided PII to us, we will make efforts to delete the child’s information in accordance with the COPPA. If you believe that your child under 13 has gained access to our Site without your permission, please contact us at privacy@cora.computer.

California Privacy Rights.

California law allows California residents to request information regarding our disclosures in the prior calendar year, if any, of their personally identifiable information to third parties. To make such a request, please contact us at privacy@cora.computer with “Request for Privacy Information” in the subject line. Please include enough detail for us to locate your file; at a minimum, your name, email, and username, if any. We will attempt to provide you with the requested information within thirty (30) days of receipt. We reserve our right not to respond to requests sent more than once in a calendar year, or requests submitted to an address other than the one posted in this notice. Please note that this law does not cover all information sharing. Our disclosure only includes information covered by the law.

Nevada Privacy Rights.

If you are a Nevada resident, we do not “sell” your “covered information” as such terms are defined in the Nevada Privacy of Information Collected on the Internet from Consumers Act as amended by Nevada Revised Statutes Chapter 603A (“Nevada Privacy Law” or “NPL”). Though we do not sell your covered information, as someone that is subject to the NPL, you have a right of access in relation to the covered information of yours that we have or process, including why we process it, and other parties with whom we may share such information. If you would like to tell us not to sell your information in the future, please email us at privacy@cora.computer with your name, postal address, telephone number, and email address with “Nevada Do Not sell” in the subject line.

Contact Information.

If you have any questions or suggestions regarding our Privacy Policy, please contact us at:

Cora Software LLC

920 Broadway, Floor 15

New York, NY 10010

ATT: Privacy Officer

privacy@cora.computer

Copyright © Cora Software LLC. All rights reserved. The Service is our property, and is protected by United States and international copyright, trademark, and other applicable laws. This includes the content, appearance, and design of the Service, as well as the trademarks, product names, graphics, logos, service names, slogans, colors, and designs.