Effective date: 23 May 2026

Privacy Policy

This policy explains what data Korrali collects, why we collect it, how we use and share it, and the rights you have over it. It applies to korrali.com and the Korrali application.

1. Who we are

Korrali is operated by Korrali LLC, a Wyoming limited liability company with registered address 30 N Gould St, Ste N, Sheridan, WY 82801, United States. For privacy questions, contact privacy@korrali.com.

2. Information we collect

We collect the minimum information needed to operate the service:

• Account information: email address, name (if provided), and authentication identifiers from Google OAuth (when you sign in via Google).
• Organization data: company name, knowledge base entries (system details, security controls, AI usage, policies), questionnaires you upload, and answers we generate.
• Usage data: pages viewed, features used, error logs, and approximate location derived from IP address. Collected via PostHog.
• Billing information: handled by our merchant of record, Paddle. Korrali does not store full payment card numbers.
• Communications: emails you send us, and our replies.

3. How we use information

• To provide the Korrali service — generate answers, store your knowledge base, deliver exports.
• To send transactional emails (account notifications, billing receipts, magic-link login codes).
• To improve the product — diagnose bugs, measure feature usage, identify performance issues.
• To comply with legal obligations (tax, accounting, lawful requests).

We do not sell your data, and we do not use customer-uploaded knowledge bases or questionnaire content to train AI models.

4. AI processing

When you generate answers, Korrali sends relevant portions of your knowledge base and the question text to a third-party large language model provider (Anthropic, with OpenAI as fallback). These providers have agreed in their API terms not to retain your data beyond the request, and not to train their models on it. See our AI Usage Disclosure for details.

5. Subprocessors

We use a small set of third-party services to run Korrali. The current list is maintained at korrali.com/subprocessors. We update it when we add or remove a subprocessor.

6. Where data is stored

Application data is stored on Amazon Web Services in the United States (us-east-1 region). Backups are encrypted at rest. Data in transit is encrypted with TLS 1.2 or higher.

7. How long we keep data

We keep your data while your account is active. If you delete your account, we delete personal data within 30 days, except where we are required to keep records (e.g., invoices for tax purposes — typically up to 7 years).

8. Your rights

Depending on your location, you may have rights to access, correct, export, or delete your personal data. You can exercise most of these directly inside the app, or by emailing privacy@korrali.com. We respond to verified requests within 30 days.

9. Cookies

Korrali uses essential cookies for authentication and a small number of analytics cookies (PostHog) to understand product usage. We do not use third-party advertising cookies.

10. Security

We follow industry-standard practices to protect data: TLS in transit, AES-256 at rest, principle of least privilege for access. See our Security Overview. No system is 100% secure, and we do not promise that. If we detect a security incident affecting your data, we will notify you without undue delay.

11. Children

Korrali is a B2B product for businesses. It is not intended for children under 16, and we do not knowingly collect data from them.

12. Changes to this policy

We may update this policy when our practices change. We will post the updated version here and update the "Effective date" above. Material changes will be communicated by email to active customers.

13. Contact

Privacy questions or requests: privacy@korrali.com.