Privacy Policy

1. Data Controller

Coral Group BV ("we", "us", "our"), with registered office in Belgium, is the data controller for all personal data processed through the CoralOS platform (app.coral-group.be).

• Email: privacy@coral-group.be
• Website: www.coral-group.be

2. Data We Collect

We collect only data necessary to provide our services:

3. Legal Basis (GDPR Art. 6)

• Contract performance — Processing necessary to provide the SaaS service
• Legitimate interest — Security, fraud prevention, service improvement
• Legal obligation — Tax and invoicing compliance (Belgian law)
• Consent — Marketing communications (opt-in only)

4. Data Storage & Security

• All data is stored in the EU (Neon PostgreSQL, Vercel Edge Network)
• Passwords are hashed using bcrypt — never stored in plaintext
• All connections use TLS 1.3 encryption
• Each tenant workspace is strictly isolated — no cross-tenant data access
• Sessions expire after 30 minutes of inactivity or 8 hours absolute maximum

5. Third-Party Processors

6. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

• Access — Request a copy of your personal data
• Rectification — Correct inaccurate or incomplete data
• Erasure — Request deletion of your data ("right to be forgotten")
• Portability — Receive your data in a machine-readable format
• Restriction — Limit how we process your data
• Objection — Object to processing based on legitimate interest

To exercise any of these rights, contact us at privacy@coral-group.be. We will respond within 30 days.

7. Data Retention

• Active accounts: data retained for the duration of the subscription
• Cancelled accounts: data retained for 30 days, then permanently deleted
• Invoicing data: retained for 7 years (Belgian tax law requirement)

8. Cookies

We use essential cookies only for authentication and session management. We do not use advertising or tracking cookies. No third-party analytics scripts are loaded.