Skip to content
CORAZ
Product Founders Consulting Philosophy Pricing About Contact
Request access → Try the demo →
Product Founders Consulting Philosophy Pricing About Contact
Request access → Try the demo →
LEGAL

Privacy Policy.

VERSION 1.0 · EFFECTIVE 9 JUNE 2026 · Coraz PTY LTD ACN 696 741 885
This policy complies with the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth). It will be reviewed by a solicitor before the platform enters general availability. If you have questions in the meantime, contact legal@coraz.ai.

1. About This Policy

Coraz Pty Ltd ACN 696 741 885 ABN 57 696 741 885 ("Coraz", "we", "us") is committed to handling personal information in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth).

This policy explains what personal information we collect, why we collect it, how we use and disclose it, and how you can access, correct, or complain about our handling of it.

This policy applies to our website (coraz.ai), the Coraz platform (the SaaS operating system), and Coraz Consultancy services.

2. Personal Information We Collect

We collect the following categories of personal information:

Account and identity information

  • Name, email address, business name, role or title
  • Password (stored as a one-way cryptographic hash — we cannot recover or view it)
  • Contact details for authorised users on your tenant account

Business and operational data (Tenant Data)

Data you upload, input, or generate through the Platform may include personal information about your clients, employees, or counterparties. You are the controller of that data; Coraz processes it on your behalf as a data processor. Our obligations as processor are set out in our Data Processing Agreement.

Usage and technical data

  • Log data: pages visited, features used, queries submitted, AI interactions, timestamps
  • Device type, browser, IP address, session identifiers

Communications

  • Emails and messages you send to us, including via hello@coraz.ai, security@coraz.ai, or legal@coraz.ai

We collect only the personal information that is reasonably necessary for our functions and activities (APP 3).

3. How We Collect Personal Information

We collect personal information:

  • when you register for an account, join the waitlist, or submit a contact or enquiry form;
  • when you use the Platform (directly and through automated technical logging);
  • when you communicate with us by email or other means;
  • when you engage Coraz Consultancy; and
  • from third parties where you have authorised them to share your information with us.

We will take reasonable steps to notify you of collection at or before the time of collection, or as soon as practicable afterwards (APP 5).

4. Why We Collect and Use Personal Information

We collect and use personal information for the following purposes:

  • Operating the Platform — creating and managing your account; processing queries and delivering AI outputs; providing technical support.
  • Providing Consultancy Services — scoping, delivering, and following up on advisory engagements.
  • Billing and administration — invoicing, payment processing, subscription management.
  • Security and compliance — detecting and preventing unauthorised access, fraud, and abuse; meeting legal obligations; maintaining audit logs.
  • Service improvement — aggregated, de-identified usage analysis to improve Platform features. We do not use identifiable Tenant Data to train AI models.
  • Communications — responding to enquiries; sending essential service notices; and (with your consent, or where otherwise permitted) product news and updates.

We will not use your personal information for a purpose materially different from the above without your consent or where otherwise required or permitted by law (APP 6).

5. Who We Share Personal Information With

We share personal information only as necessary for our operations:

Infrastructure and hosting providers

Our Platform and data are hosted in Australian data centres. Our infrastructure providers process data under binding agreements consistent with Australian privacy standards. We do not transfer production data outside Australia for storage.

Anthropic PBC (AI processing)

The Platform uses AI capabilities provided by Anthropic PBC, a company incorporated in the United States. When you use AI features of the Platform, queries and associated context (which may include personal information within Tenant Data) are transmitted to and processed by Anthropic's systems in the United States. See Section 6 for how we manage this cross-border disclosure.

Professional advisers

We may share personal information with our lawyers, accountants, and auditors, who are bound by confidentiality obligations.

Law enforcement and regulators

Where required by Australian law, a court order, or a lawful direction from a regulator.

We do not sell personal information to third parties, and we do not disclose personal information to third parties for their own marketing purposes.

6. Overseas Disclosure

APP 8 — Cross-border disclosure Before disclosing personal information to Anthropic, Coraz takes reasonable steps to ensure that Anthropic does not breach the Australian Privacy Principles in relation to that information. Anthropic is contractually bound by data processing obligations consistent with applicable privacy law, including the EU–US Data Privacy Framework and its standard contractual commitments. By using AI features of the Platform, you acknowledge that queries (and any personal information they contain) will be processed by Anthropic in the United States.

If you do not wish personal information to be processed by Anthropic, do not include personal information in AI queries. AI features can be used with de-identified or anonymised data.

Analytics and tracking (planned)

We currently use no third-party analytics or tracking tools on coraz.ai. We intend to add analytics in the future. Before activating any analytics or advertising tools, we will update this policy and provide any required notification and opt-out mechanisms. If any such tool involves overseas disclosure, it will be disclosed here.

7. Data Security

Coraz implements technical and organisational security measures appropriate to the sensitivity of the personal information we hold (APP 11):

  • All data in transit is encrypted using TLS 1.2 or higher.
  • Data at rest is encrypted at the storage layer.
  • Row-level security (RLS) is enforced at the database: no tenant can access another tenant's data, even in the event of an application defect.
  • Tenants in regulated verticals (financial planning, medical) receive additional logical isolation by default — not as a paid upgrade.
  • All operator actions, AI interactions, and database writes are recorded in an append-only audit log.
  • SOC 2 Type II readiness is in progress; certification is expected in 2026.

If we become aware of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches scheme in the Privacy Act 1988 (Cth).

8. Data Retention

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, or as required or permitted by law (APP 11.2):

Category Retention period
Account and identity data Duration of account + 2 years after closure
Tenant Data Duration of subscription + 30 days post-termination, then deleted on request or after the retrieval window
Usage and log data 12 months from collection
Communications (email, support) 3 years from the date of the communication
Financial records 7 years (required by the Corporations Act 2001 (Cth) and taxation law)

9. Your Rights

Under the Australian Privacy Principles, you have the right to:

Access (APP 12)

Request access to personal information we hold about you. Contact us at legal@coraz.ai with your request. We will respond within 30 days. We may charge a reasonable fee to cover the cost of providing access, and will advise of any fee before proceeding.

Correction (APP 13)

Request correction of personal information that is inaccurate, out of date, incomplete, or misleading. Contact us at legal@coraz.ai. We will correct the information or add a notation within 30 days. If we disagree that correction is warranted, we will explain our reasons.

Opt-out of direct marketing

If we send you marketing communications (with your consent or where otherwise permitted), you may opt out at any time by following the unsubscribe link in the communication or contacting us at hello@coraz.ai. We will process opt-outs within 5 business days.

10. Cookies and Analytics

Website (coraz.ai): We currently use no cookies, analytics, or tracking tools on our public website.

Platform (aios.coraz.ai): The Platform uses session cookies strictly necessary for authentication, security, and session management. These are not used for tracking, profiling, or advertising purposes and cannot be disabled without preventing login.

Future analytics: Before adding any analytics or third-party tracking to the website, we will update this policy and provide required notification.

11. Complaints

If you believe we have mishandled your personal information or breached the Australian Privacy Principles:

  1. Email our Privacy Officer at legal@coraz.ai with a description of your concern.
  2. We will acknowledge receipt within 5 business days and aim to resolve the complaint within 30 days. Complex matters may take longer; we will advise you if so.
  3. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or on 1300 363 992.

12. Contact and Privacy Officer

For all privacy enquiries, access requests, corrections, or complaints:

Privacy Officer
Coraz Pty Ltd ACN 696 741 885
Sydney, New South Wales, Australia
legal@coraz.ai

This policy may be updated periodically. The effective date at the top of this page reflects when the current version was published. We will notify active account holders of material changes.

Privacy Officer: legal@coraz.ai · OAIC complaints: oaic.gov.au