Effective date: September 30, 2025
This Privacy Policy explains how we collect, use, and safeguard information when you interact with Cora ("we," "our," or "us") and the services we provide (the "Services"). By using the Services, you consent to the data practices described below.
When you create an account or authenticate via an identity provider, we collect your name, email address, organization, and profile details provided by the identity provider.
To render Terraform visualizations, you may upload state files or connect to our ingestion pipeline. These files can include resource metadata, relationships, and configuration details. You remain the owner of this infrastructure data.
We collect information about how you interact with the Services, such as access times, feature usage, browser type, and IP address. This helps us monitor performance and improve reliability.
Depending on your location, we process personal data under one or more of the following legal bases: your consent, performance of a contract, compliance with legal obligations, and our legitimate interests in operating and securing the Services.
We do not sell personal information. We may share data with trusted service providers who assist with hosting, authentication, analytics, or customer support. These providers access data solely to perform tasks on our behalf and under obligations consistent with this policy.
We may disclose information if required by law, legal process, or to protect the rights and safety of Cora, our users, or the public. In the event of a merger or acquisition, we will provide notice before personal information is transferred.
We retain personal information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. You may request deletion of your data by contacting [email protected].
We implement technical and organizational measures to protect information against unauthorized access, alteration, disclosure, or destruction. These include encryption at rest, access controls, and network monitoring. No method of transmission over the internet is completely secure, so we cannot guarantee absolute security.
The Services may be operated from the United States or other countries. Where required by applicable law, we ensure appropriate safeguards for transferring personal data outside of your jurisdiction.
Depending on your location, you may have rights regarding your personal data, including the rights to access, correct, delete, restrict processing, and port your information. To exercise these rights, contact [email protected]. We may request verification of your identity before fulfilling requests.
The Services are not directed to individuals under 16. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us so we can delete it.
We may update this Privacy Policy to reflect changes in our practices or legal requirements. When we make changes, we will update the "Effective date" above. We will notify you of material changes through the Services or by email.
If you have questions about this Privacy Policy or our privacy practices, contact us at [email protected]. You can also reach us by mail at:
Cora Legal Team