Privacy Policy
Effective July 2, 2026
Introduction
This Privacy Policy explains how EF International Advisors, LLC (“we,” “us,” or “our”) collects, uses, and shares information when you use Corra Community and the applications it provides sign-in and access for (together, the “Service”).
Information we collect
We collect information you provide directly, including:
- Account information: name, email address, and password (stored hashed) or the identifier provided by an OAuth sign-in provider (Google, GitHub).
- Organization and profile information you or an administrator enters — organization name, role, team memberships, and address or billing details entered for invoicing.
- Payment information: subscription and billing details are collected and processed by our payment processor, Stripe. We do not store full card numbers ourselves.
- Usage information: sign-in activity, actions taken in the dashboard, and — where you or your organization enable AI agent features — the agent tasks you approve and their execution records.
- Technical information: IP address, browser type, and log data generated automatically as part of operating the Service.
How we use information
We use the information above to:
- Provide, maintain, and secure the Service, including authentication and access control.
- Process subscriptions, invoices, and payments.
- Execute AI agent tasks that you or a member of your organization explicitly approve, and maintain the audit trail of those actions.
- Send account, security, invitation, and billing notifications.
- Detect, investigate, and prevent fraud, abuse, and security incidents.
- Comply with legal obligations.
AI agent processing
When you or your organization enable an AI agent task, the content of that task is sent to Anthropic (our AI provider) to generate the agent’s response. Anthropic does not use API inputs to train its models by default. Agent actions are gated behind explicit human approval unless your organization has configured otherwise, and every agent action is recorded in an audit trail visible to your organization’s administrators.
Service providers and sub-processors
We use the following providers to operate the Service, each of whom processes information on our behalf under their own data protection commitments:
- Supabase — database, authentication, and session management.
- Render — application hosting.
- Cloudflare — DNS, domain verification, and transactional email delivery.
- Stripe — subscription billing and payment processing.
- Anthropic — AI processing for approved agent tasks (see above).
Cookies
The Service currently sets only strictly necessary cookies required for sign-in and security — we do not use optional analytics or advertising cookies at this time. See our Cookie Preferences page for details.
Data retention
We retain account and organization data for as long as your account is active. Historical relationships — such as a past membership, delegation, or approval — are end-dated rather than deleted, so that audit and access history remains accurate; the same principle means an end-dated relationship never grants ongoing access. You may request deletion of your personal data as described below, subject to legal or legitimate business requirements (for example, financial records we must retain).
Security
We use encryption in transit, role-based access controls, and row-level database security to protect information. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
Your privacy rights
Depending on where you live, you may have rights to access, correct, export, or delete your personal information, or to object to or restrict certain processing. To exercise any of these rights, contact us at support@lovecorra.com. We will verify your request and respond consistent with applicable law.
International data transfers
Our service providers may process information in countries other than your own. Where required, we rely on appropriate safeguards for these transfers.
Children
The Service is not directed at children, and we do not knowingly collect personal information from children. If we learn we have collected a child’s information, we will delete it.
Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be reflected by updating the effective date above.
Contact
Questions about this Privacy Policy or your data can be sent to support@lovecorra.com.