PRIVACY POLICY FOR CORIOLIS IDP
Effective Date: August 1, 2025
Last Updated: August 1, 2025
Coriolis Technologies Pvt. Ltd., a company incorporated under the laws of India ("Coriolis," "Company," "we,"
"us," or "our"), operates the Coriolis IDP software-as-a-service platform ("Service"). This Privacy Policy
describes how we collect, use, process, store, share, and protect your information when you use our Service.
Important: By accessing or using Coriolis IDP, you acknowledge that you have read, understood,
and agree to be bound by this Privacy Policy. If you do not agree with our practices, please do not use our
Service.
1. Scope and Application
This Privacy Policy applies to all users of the Coriolis IDP Service, including:
- Individual users who create accounts
- Organization administrators and end users
- Visitors to our website
- Anyone who interacts with our Service
This policy does not apply to third-party websites, applications, or services that may be linked to or integrated
with our Service.
2. Information We Collect
2.1 Information You Provide Directly
- Account Information: When you register for an account, we collect your name, email address,
organization name (if applicable), and password.
- Profile Information: Any additional information you choose to provide in your user profile,
such as job title, department, or contact preferences.
- User Content: Documents, text, images, videos, and other materials you upload, create, or
submit through the Service.
- Communications: Information you provide when you contact us for support, feedback, or other
inquiries.
- Payment Information: If you purchase a paid subscription, we collect billing information
(processed securely through third-party payment processors).
2.2 Information We Collect Automatically
- Usage Data: Information about how you interact with the Service, including features used,
pages visited, time spent, and user actions.
- Device Information: Details about your device, including IP address, browser type and
version, operating system, device identifiers, and screen resolution.
- Log Information: Server logs that may include IP addresses, access times, pages viewed, and
other diagnostic data.
- Cookies and Similar Technologies: We use cookies, web beacons, and similar technologies to
enhance your experience and collect usage information.
2.3 Information from Third Parties
- Integration Data: Information from third-party services you choose to connect with
Coriolis IDP (with your permission).
- Organization Information: If you join Coriolis IDP through an organization, we may receive
information about you from your organization's administrator.
3. How We Use Your Information
We process your information for the following purposes:
3.1 Service Provision and Operation
- Provide, operate, maintain, and improve the Coriolis IDP Service
- Process and store your User Content
- Enable core functionality including document management, analysis, and collaboration features
- Process AI Analysis requests as detailed in Section 4
Legal Basis: Contract performance, legitimate interests
3.2 Communication and Support
- Respond to your inquiries and provide customer support
- Send service-related announcements and updates
- Notify you about changes to our Service or policies
- Send administrative messages and account notifications
Legal Basis: Contract performance, legitimate interests, consent (for marketing)
3.3 Improvement and Analytics
- Analyze usage patterns to improve Service functionality
- Conduct research and development for new features
- Monitor Service performance and troubleshoot issues
- Generate anonymized usage statistics and insights
Legal Basis: Legitimate interests
3.4 Security and Compliance
- Protect against fraud, abuse, and security threats
- Comply with legal obligations and enforce our terms
- Investigate and respond to violations of our policies
- Maintain audit logs for security purposes
Legal Basis: Legal obligation, legitimate interests
4. AI Analysis Feature and Third-Party Processing
4.1 How AI Analysis Works
When you use the AI Analysis feature to generate training materials, multiple-choice questions, or other
educational content from your uploaded documents, the following data processing occurs:
- Content Transmission: Your selected documents are securely transmitted to third-party
AI services (such as OpenAI's ChatGPT or similar providers)
- Processing: The AI service processes your content to generate customized materials for
your organization
- Results Delivery: Generated content is returned to Coriolis IDP and made available
exclusively within your tenant environment
- No Cross-Contamination: Results are never shared with other Coriolis IDP users or
organizations
4.2 Your Consent and Control
Explicit Consent Required: By using the AI Analysis feature, you provide explicit, informed
consent for your documents to be processed by third-party AI services.
Granular Control: You can choose which specific documents to include in AI Analysis requests.
Not all your content is automatically processed.
Withdrawal of Consent: You may withdraw your consent at any time by discontinuing use of the AI
Analysis feature.
4.3 Third-Party AI Service Providers
We currently use or may use the following types of AI services:
- OpenAI (ChatGPT) - for natural language processing and content generation
- Other leading AI providers as we expand our capabilities
Important Limitations:
- We do not control the data handling practices of third-party AI providers
- Your content will be subject to the privacy policies and terms of service of these providers
- We cannot guarantee the confidentiality of data once transmitted to third-party services
- We recommend reviewing the privacy policies of AI service providers before using this feature
4.4 Data Minimization
We implement the following measures to minimize data exposure:
- Only content you specifically select for AI Analysis is transmitted
- We strip unnecessary metadata before transmission when technically feasible
- We do not retain copies of your content on third-party AI service servers (subject to their own retention
policies)
5. Information Sharing and Disclosure
We respect your privacy and do not sell your personal information. We share information only in the following
circumstances:
5.1 With Your Consent
We may share your information when you explicitly consent, such as when using the AI Analysis feature or
integrating with third-party services.
5.2 Service Providers and Partners
We share information with trusted third-party service providers who assist us in operating our Service,
including:
- Cloud hosting and infrastructure providers (e.g., AWS, Google Cloud)
- Payment processors for billing and subscription management
- Customer support and communication platforms
- Analytics and performance monitoring services
- Security and fraud prevention services
These providers are contractually obligated to protect your information and use it only for specified purposes.
5.3 Legal Requirements and Protection
We may disclose your information when required by law or when we believe disclosure is necessary to:
- Comply with legal obligations, court orders, or government requests
- Protect our rights, property, or safety, or that of our users or the public
- Investigate potential violations of our terms of service
- Respond to claims of intellectual property infringement
5.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the
transaction. We will provide notice before your information is transferred and becomes subject to different
privacy practices.
5.5 Anonymized and Aggregated Data
We may share anonymized, aggregated, or de-identified information that cannot reasonably be used to identify you
for research, analytics, or business purposes.
6. Data Security and Protection
6.1 Security Measures
We implement comprehensive security measures to protect your information, including:
- Encryption: Data encryption in transit (TLS/SSL) and at rest
- Access Controls: Role-based access controls and multi-factor authentication
- Infrastructure Security: Secure cloud hosting with industry-standard protections
- Regular Audits: Security assessments and vulnerability testing
- Employee Training: Regular security awareness training for our team
- Incident Response: Procedures for detecting and responding to security incidents
6.2 Data Breach Notification
In the unlikely event of a data breach that poses a risk to your privacy or security, we will:
- Investigate and contain the breach promptly
- Notify affected users within 72 hours when feasible
- Report to relevant authorities as required by applicable law
- Provide regular updates on our investigation and remediation efforts
6.3 Limitations
While we employ industry-standard security measures, no method of electronic transmission or storage is 100%
secure. We cannot guarantee absolute security of your information.
7. Your Privacy Rights
Depending on your location and applicable laws, you may have the following rights regarding your personal
information:
7.1 Access and Portability
- Right to Access: Request a copy of the personal information we hold about you
- Data Portability: Receive your data in a structured, commonly used format
7.2 Correction and Updates
- Right to Rectification: Correct inaccurate or incomplete information
- Account Updates: Update your profile and account information at any time
7.3 Deletion and Restriction
- Right to Erasure: Request deletion of your personal information (subject to legal
limitations)
- Right to Restriction: Request that we limit how we process your information
7.4 Consent and Objection
- Withdraw Consent: Withdraw consent for processing based on consent at any time
- Right to Object: Object to processing based on legitimate interests
7.5 Exercising Your Rights
To exercise these rights, please contact us using the information in Section 12. We will respond to your request
within 30 days and may require verification of your identity.
8. Data Retention
We retain your information only as long as necessary for the purposes described in this Privacy Policy or as
required by law.
| Data Type |
Retention Period |
Reason |
| Account Information |
Duration of account + 2 years |
Service provision, legal compliance |
| User Content |
Duration of account + 90 days |
Service functionality, user convenience |
| Usage and Log Data |
2 years |
Security, analytics, legal compliance |
| Support Communications |
3 years |
Customer service, dispute resolution |
| Payment Information |
As required by tax law (typically 7 years) |
Legal and regulatory compliance |
8.1 Deletion Process
When retention periods expire or when you request deletion:
- We will securely delete or anonymize your information
- Some information may be retained in anonymized form for analytics
- Legal obligations may require longer retention in some cases
- Backup systems may retain data for additional recovery periods
9. International Data Transfers
Your information may be transferred to and processed in countries other than your own, including India and other
locations where we or our service providers operate.
When we transfer personal information internationally, we ensure appropriate safeguards are in place, such as:
- Standard contractual clauses approved by relevant authorities
- Adequacy decisions by competent authorities
- Certification schemes and codes of conduct
10. Cookies and Tracking Technologies
10.1 Types of Cookies We Use
- Essential Cookies: Required for basic Service functionality
- Performance Cookies: Help us understand how you use the Service
- Functionality Cookies: Remember your preferences and settings
- Targeting Cookies: Used for personalized content and advertising (with consent)
10.2 Your Cookie Choices
You can control cookies through your browser settings. However, disabling certain cookies may limit Service
functionality.
11. Children's Privacy
Coriolis IDP is not intended for use by children under 13 years of age. We do not knowingly collect personal
information from children under 13. If we become aware that we have collected such information, we will take
steps to delete it promptly.
If you are a parent or guardian and believe your child has provided us with personal information, please contact
us immediately.
12. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal
requirements, or other factors.
12.1 Notification of Changes
When we make material changes to this Privacy Policy, we will:
- Update the "Last Updated" date at the top of this policy
- Notify you via email or through the Service
- Provide prominent notice for significant changes
- Request your consent for material changes where required by law
12.2 Your Acceptance
Your continued use of the Service after changes become effective constitutes acceptance of the revised Privacy
Policy.
Effective Date: This Privacy Policy is effective as of the date listed at the top of this
document.