Last updated · 6 May 2026
Privacy Policy
CoheraWork Systems Inc. ("CoheraWork", "we") provides enterprise behavioural calibration software. This policy explains what we collect, why we collect it, and the rights you have over your personal data.
1. Data we collect
- Account data: name, work email, organisation, role.
- Programme data: responses to calibration scenarios, scores, certificates.
- Operational data: audit events (logins, role changes), usage telemetry.
- Billing data: handled by Stripe; we never store card numbers.
2. What we do not collect
See the Trust Center for the full list. We do not collect biometric, health, location, or GDPR Article 9 special-category data.
3. Why we process it
- To deliver the programme your organisation purchased (contractual necessity).
- To meet legal and audit obligations (legal obligation).
- To improve calibration quality in aggregate, never identified (legitimate interest).
4. Sub-processors
Lovable Cloud (Supabase, EU/US), Stripe, Cloudflare, Resend (email), Lovable AI Gateway. Full list with regions available on request to privacy@cohera.work.
5. Your rights
Access, rectification, erasure, portability, objection — see Trust Center §3. Contact privacy@cohera.work.
6. Retention
Account data: lifetime of contract + 30 days. Audit events: 7 years. Programme content: per Data Processing Agreement with your organisation.
7. International transfers
Standard Contractual Clauses (SCCs) apply where data leaves the EEA / UK.
8. Contact
CoheraWork Systems Inc., Delaware, USA. Privacy enquiries: privacy@cohera.work. DPO: dpo@cohera.work.
This policy will be expanded by counsel before live commercial use. Material changes will be notified by email and posted here with a revised "last updated" date.