Clear disclosure for what Corral collects, why it is collected, and how it is handled.
Corral sells trust, so this page is written to be specific. It covers what we collect on corral-ai.app, how we use it, which third parties process it, and what happens when you use a Corral workflow that stores documents or decision traces.
We do not currently target EU users. This policy was last reviewed on March 23, 2026 and was drafted internally based on the systems we run today.
March 23, 2026
Last reviewed date for this version of the policy.
We collect analytics, lead details, contact-form submissions, and product workflow data when you use Corral services.
PostHog analytics may use both cookies and localStorage to understand repeat visits and page behavior.
Each customer receives dedicated infrastructure for product data. We do not mix one customer's product data with another customer's data.
Scope
This policy applies to corral-ai.app, our marketing site, inbound lead forms, contact requests, and product workflows that Corral operates directly. If a customer runs Corral inside their own systems, their internal privacy obligations may also apply.
We keep this page focused on the data practices that are true today. If a claim here stops being true, the policy needs to change before the product story does.
Section 1
Information We Collect
We collect a small number of categories, but we do collect them intentionally and for real operational reasons.
Site analytics
When you browse corral-ai.app, we use PostHog to record page views, page leaves, CTA clicks, demo-link clicks, and returning-visitor identifiers stored in cookies and localStorage.
Lead capture
If you join a waitlist or request updates, we collect your email address, UTM parameters such as source or campaign, and the page where the form was submitted.
Contact requests
If you use the contact form, we collect your name, email address, message content, and page path so we can respond with the right context.
Product and workflow data
If you use a Corral product that accepts prompts, documents, or workflow evidence, we store that material so the product can run, trace decisions, and return results. Each customer gets dedicated infrastructure for product data, and we do not co-mingle one customer's product data with another customer's data.
Section 2
How We Use Your Information
We use collected data to run the site, communicate with interested teams, and improve how Corral performs in real workflows.
Respond to you
We use contact and lead information to answer questions, schedule demos, follow up on inbound requests, and send product updates when you asked for them.
Improve the site and product
We review analytics and workflow signals to understand what pages are useful, what calls to action convert, and where the site or product experience is confusing.
Operate Corral responsibly
We use account, workflow, and support data to run the service, investigate issues, protect the system, and keep an audit trail around what Corral shipped, narrowed, or blocked.
Section 3
Third-Party Processors
These vendors help us run Corral. They process data only as part of providing infrastructure, analytics, storage, or communications for our service.
Convex
Database and lead management
We use Convex to store lead records and related operational data used to manage inbound interest and follow-up work.
Resend
Email delivery
We use Resend to send transactional and follow-up email related to contact requests, product updates, and lead communication.
PostHog (United States)
Website analytics
We use PostHog to process analytics events and visitor identifiers so we can understand page usage, CTA engagement, and site performance.
DigitalOcean
Infrastructure hosting
We use DigitalOcean to host corral-ai.app and related services that keep the site and product infrastructure available.
Section 4
Data Retention
We keep data only as long as we need it to run the site, support an active relationship, or maintain a sensible operational history. Current working ranges are below.
About 12 months
Contact form submissions
We keep contact inquiries long enough to respond, manage follow-up, and keep a workable history of past conversations.
Until you unsubscribe or after 24 months of inactivity
Lead emails
If you asked for updates, we keep the lead record until you opt out or it goes inactive long enough that it is no longer useful.
About 12 to 24 months rolling
Analytics events
We keep analytics data long enough to compare traffic, campaigns, and site changes over time.
Until you delete them or ask us to remove them
Uploaded documents and workflow data
Documents processed through Corral or Hallucination Guard stay on infrastructure assigned to your account until deletion. When deleted, associated processed derivatives are removed as part of that deletion flow.
If you need retention details for a specific workflow or dataset, email privacy@corral-ai.app.
Section 5
Your Rights
Depending on where you live, you may have privacy rights around access, deletion, correction, or export. We will work from verified requests and reply in plain language.
Access and correction
You can ask what personal data we hold about you and request corrections if it is inaccurate or incomplete.
Deletion and portability
You can ask us to delete your information or provide a copy that is reasonably portable, subject to verification and any legal or operational need to keep records.
Marketing controls
You can unsubscribe from product-update emails at any time. Operational messages about an active request may still be sent when needed.
To make a request, email privacy@corral-ai.app. We may need to verify the request before we act on it.
Section 7
Cross-Product Data
Corral manages leads centrally across its properties, so data collected on one Corral property may be visible from another Corral property for the limited purpose of lead management.
Data collected on corral-ai.app may be accessed from other Corral properties for lead management. In practice, that means an email address or contact history collected here can be reviewed by the same Corral team through shared internal tools when we are following up on an inquiry or managing a relationship.
That cross-property visibility applies to lead and relationship data, not to one customer's private product documents being mixed with another customer's environment. Product data remains isolated to the infrastructure assigned to the relevant customer account.
Section 8
Changes to This Policy
If our data practices change, this page should change with them. We use the review date below to show which version you are reading.
We may update this policy as Corral's products, vendors, or operating practices change. When we make a material update, we will revise the review date on this page and publish the updated language here.
Last reviewed: March 23, 2026. This version was drafted internally and should be revisited before Corral takes on more complex enterprise contracting or regulatory commitments.
Section 9
Contact
Questions, access requests, deletion requests, or concerns about this policy should come directly to us.
Privacy contact
privacy@corral-ai.appIf you would rather send context through the site, you can also use the contact page and mention that your note is a privacy request.
Go to contact pagecontact