Privacy Policy

Welcome to Coral ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").

By using Coral, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2.1 Information You Provide

• Account Information: When you create an account, we collect your email address, name, and profile picture through your authentication provider (Google or Apple).
• Voice Data: When you use voice commands, your audio is temporarily processed to convert speech to text. Audio recordings are not permanently stored on our servers.
• Tasks and Notes: Content you create including tasks, notes, and their associated metadata (titles, descriptions, due dates, priorities, tags, recurrence settings).

2.2 Information Collected Automatically

• Device Information: Device type, operating system, unique device identifiers, and mobile network information.
• Usage Data: How you interact with the app, features used, voice command counts, and performance metrics.
• Voice Usage Quota: The number of voice commands you use each day to enforce plan-based daily limits.
• Activity Data: An immutable log of productivity actions (e.g., tasks completed, notes created) used solely to calculate in-app streaks and engagement metrics.
• Push Notification Tokens: Device tokens required to send you reminders and notifications.

2.3 Subscription and Billing Data

When you purchase a subscription, we collect and store your subscription plan, trial status, subscription expiry date, and a RevenueCat customer identifier. Payment transactions are processed entirely by the Apple App Store or Google Play Store — we never receive or store your payment card details.

We use your information to:

• Provide, maintain, and improve the Service
• Process your voice commands and convert them into actions
• Create, store, and manage your tasks and notes
• Send push notifications for reminders and updates you've requested
• Generate daily briefings and productivity insights
• Enforce subscription plan limits and manage your subscription status
• Calculate streaks and in-app engagement metrics
• Respond to your inquiries and provide customer support
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations

Coral uses artificial intelligence to understand your voice commands and natural language queries. Here's how this works:

• Speech-to-Text: Your voice recordings are sent to Groq's Whisper API for transcription. Audio is processed in real-time and is not permanently stored.
• Intent Processing: The transcribed text is analyzed by AI language models to understand your intent (e.g., creating a task, taking a note). This processing primarily uses Cerebras's language models, with Groq's language models as a fallback.
• Semantic Search: Voyage AI generates text embeddings (numerical representations) from your text to enable intelligent matching and search across your notes and tasks. Only the text content is sent; no personal identifiers are included.
• Data Minimization: We only send the minimum necessary information to each AI service to fulfill your request. Audio, text, and embeddings are processed in real-time and are not stored by these providers.

We may share your information with:

5.1 Service Providers

• Supabase: Database hosting and authentication services
• Groq: Voice transcription (Whisper API) and fallback language model processing
• Cerebras: Primary AI language model for understanding your voice commands
• Voyage AI: Text embeddings for semantic search and intelligent matching
• RevenueCat: Subscription management and in-app purchase verification
• Expo: Push notification delivery
• PostHog: Product analytics (feature usage events; no voice content or note content is sent)
• Sentry: Error tracking and crash reporting (optional; error context only, no personal content)

5.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

We implement appropriate technical and organizational measures to protect your personal information:

• All data is transmitted using TLS/SSL encryption
• Database access is protected by Row Level Security (RLS) policies
• Authentication tokens are securely stored and regularly rotated
• We use industry-standard security practices and regular security audits

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

We retain your personal information for as long as your account is active or as needed to provide you with our services. You can delete your account at any time through the app settings, which will permanently delete all your data including:

• All tasks and notes
• Task reminder settings
• Activity and streak data
• Voice usage records
• Push notification tokens
• All other personal data associated with your account

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate personal information
• Deletion: Request deletion of your personal information
• Portability: Request a copy of your data in a portable format
• Objection: Object to certain processing of your information
• Withdrawal of Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us at privacy@coral.app.

Our Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using our Service, you consent to the transfer of your information to these countries.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

• Email: privacy@coral.app
• Support: support@coral.app