Privacy Policy

1. Introduction

Catalyst Operations Partners, LLC ("Company," "we," "our," or "us") operates CORA — Catalyst Operations Resource Assistant — an AI-powered executive virtual assistant platform accessible at cora.catalystoperationspartners.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Service. Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

2. Information We Collect

We collect information in the following categories:

2.1 Information You Provide Directly

When you create an account, subscribe to a plan, or contact us, we may collect your name, email address, company name, job title, billing information (processed securely by Stripe), and any content you submit through the Service such as tasks, calendar events, uploaded documents, and chat messages.

2.2 Information Collected Automatically

When you access the Service, we automatically collect certain technical information including your IP address, browser type and version, operating system, referring URLs, pages viewed, time spent on pages, and session identifiers. This information is used to operate, maintain, and improve the Service.

2.3 Information from Third-Party Integrations

If you choose to connect third-party services (such as Gmail or Google Calendar), we collect only the data necessary to provide the requested functionality — for example, email metadata and calendar event details. We do not store the full content of your emails beyond what is necessary to deliver AI triage and briefing features. You may revoke these integrations at any time through your account settings.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service and its AI-powered features
• Process transactions and manage your subscription through Stripe
• Personalize your experience and improve CORA's responses over time
• Send transactional communications such as receipts, account notices, and security alerts
• Respond to your inquiries and provide customer support
• Monitor and analyze usage patterns to improve the Service
• Detect, prevent, and address technical issues, fraud, or abuse
• Comply with applicable legal obligations

We do not sell your personal information to third parties. We do not use your data to train general-purpose AI models that are shared with other organizations.

4. Data Sharing and Disclosure

We may share your information in the following limited circumstances:

4.1 Service Providers

We engage trusted third-party vendors to help us operate the Service, including Stripe (payment processing), Manus (hosting infrastructure), and AI model providers for natural language processing. These providers are contractually bound to protect your data and may only use it to perform services on our behalf.

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency).

4.3 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service prior to your data being transferred and becoming subject to a different privacy policy.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. If you cancel your account, we will delete or anonymize your personal data within 90 days, except where we are required to retain it for legal, tax, or regulatory purposes. AI-generated content (briefings, task summaries, chat history) associated with your account is deleted upon account termination.

6. Security

We implement industry-standard technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include encrypted data transmission (TLS/HTTPS), access controls, and regular security reviews. However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data, subject to legal retention requirements
• Portability: Request a machine-readable export of your data
• Objection: Object to certain processing activities, including direct marketing
• Withdrawal of Consent: Where processing is based on consent, withdraw it at any time

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

8. Cookies and Tracking Technologies

The Service uses session cookies to maintain your authenticated state. We do not use third-party advertising cookies or cross-site tracking technologies. Analytics data is collected in aggregate to understand usage patterns and improve the Service. You may disable cookies in your browser settings; however, doing so may affect the functionality of the Service, including your ability to remain logged in.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information promptly. If you believe we have inadvertently collected information from a child, please contact us immediately.

10. International Data Transfers

The Service is operated in the United States. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located and our central database is operated. By using the Service, you consent to the transfer of your information to the United States.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of any material changes by posting the new policy on this page with an updated effective date, and where appropriate, by sending you an email notification. Your continued use of the Service after any changes constitutes your acceptance of the revised policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: