Privacy Notice

Last updated: 2026-02-04

Scope

This Privacy Notice explains how ClaimHarbor Analytics collects, uses, and shares personal information when you visit crala.digital, request a demo, or use our cloud workspaces. It applies to visitors, registered users, and administrators acting on behalf of organizations. If you interact with us solely as an employee of a customer, your employer’s instructions may also govern how we process certain identifiers. Where Korean law provides additional rights, those rights apply concurrently with the practices described here.

Use of Data

We use personal data to operate the services, authenticate users, provide support, improve reliability, and send transactional notices. Analytics cookies, when allowed, help us understand feature adoption in aggregate. We do not sell personal data. Marketing communications are sent only with consent or existing business relationships as permitted by law. Automated decisions that produce legal or similarly significant effects are not performed without human review unless explicitly disclosed in a separate agreement.

Data Collected

We collect account details (name, email, organization), usage logs (timestamps, IP address, device type), support correspondence, and content you upload to workspaces. Payment metadata may be processed by our processors; we do not store full payment card numbers. Integrations you enable may synchronize additional fields according to the permissions you grant. You should avoid uploading highly sensitive categories of data unless a data protection impact assessment supports that choice.

Contact

Questions about this notice may be directed to [email protected] or by postal mail to the address listed in the site footer. We aim to acknowledge requests within five business days. If you are located in the European Economic Area and we offer services there, you may also contact our representative where appointed. For security-sensitive reports, please use the coordinated disclosure channel referenced in our documentation hub.

Retention

We retain account data for the life of the subscription plus a reasonable wind-down period for backups and audits, typically not exceeding ninety days unless law requires longer. Usage logs rotate on a schedule designed to balance troubleshooting with minimization. You may request deletion of personal data subject to legal exceptions; deletion from active systems may precede removal from encrypted backups. Archived legal holds may extend retention when required.

Rights

Depending on your jurisdiction, you may have rights to access, rectify, erase, restrict, or port personal data, and to object to certain processing. Korean residents may exercise rights under the Personal Information Protection Act through the contact channel above. We verify requests to prevent unauthorized disclosure. If we decline a request, we explain the rationale and outline appeal paths where available. You may lodge a complaint with a supervisory authority where applicable law permits.

Third Parties

We use subprocessors for hosting, email delivery, error monitoring, and customer support tooling. An up-to-date list is available to administrators upon request. Subprocessors are contractually required to protect data and process it only on our instructions. If we transfer personal data outside Korea or the EEA, we rely on appropriate safeguards such as standard contractual clauses. We are not responsible for the privacy practices of third-party sites linked from our documentation.