Privacy Policy

At Coalesc ("Coalesc," "we," "us," or "our"), we are committed to protecting your privacy. This Privacy Policy describes how we collect, use, store, and share personal information in connection with our document management and automation platform, our websites, and any related services we provide (collectively, the "Services"). It covers personal data you submit to us, data processed through our platform, and other information we collect in the course of operating our business.

By accessing or using Coalesc's Services, you agree to the terms of this Privacy Policy.

1. Who We Are

Coalesc Inc. ("Coalesc," "we," "us," or "our") provides a platform that centralizes and organizes your documents by:

• (i) retrieving attachments directly from your email inbox,
• (ii) accepting manual uploads from your device, and
• (iii) syncing files from authorized third-party sources (e.g., Google Drive, Dropbox).

We help users streamline their workflows by enabling search, reconciliation, and export functions across these files.

Our headquarters is located at 950 Av. Beaumont, Montréal, QC H3N 1V5. You can reach us at hello@coalesc.xyz.

2. Information We Collect

Coalesc collects various types of personal and usage information in order to operate, secure, and improve our platform and services. We collect this data directly from users, through their use of our Services, and from authorized third-party integrations.

2.1 Account Data

When you create or manage a Coalesc account, we collect the following information:

• Name and email address used for registration
• Login credentials, such as hashed passwords
• Basic identifiers (e.g., display name, profile image) from third-party accounts (e.g., Gmail, Microsoft 365) you connect via OAuth
• Workspace information such as team names and member roles

We use this data to authenticate users, associate them with the correct workspace, and personalize the experience within the platform.

2.2 Payment Data

If you subscribe to a paid Coalesc plan, we collect limited billing-related data:

• Billing contact details (e.g., name, billing address, tax ID)
• Payment method information (e.g., last four digits and expiration of your card) via our third-party payment processor (such as Stripe)

We do not store full payment card numbers. All transactions are processed through PCI-compliant providers. Payment data is used solely to process payments, issue invoices, and manage subscriptions.

2.3 Communication Data

When you interact with Coalesc through support channels or feedback mechanisms, we collect:

• Support messages and email correspondence
• Live chat transcripts and submitted forms (e.g., contact or bug reports)
• Feedback from surveys, webinars, or promotions

This data helps us respond to inquiries, troubleshoot issues, and improve user experience and product quality.

2.4 User Content

User Content refers to all documents, data, and materials you upload, generate, or sync within the Coalesc platform. This includes:

• Manual uploads from your device
• Documents retrieved from connected services (e.g., PDFs, spreadsheets, Word files from Gmail, Dropbox, OneDrive, etc.)

We also collect limited metadata from connected accounts such as:

• Sender, recipient, subject lines, timestamps (email metadata)
• File names and types

This content is stored securely, encrypted, and processed in line with source platform terms (e.g., Google's Limited Use Policy, Microsoft Graph Terms). We do not use User Content for advertising or unrelated analytics, and we never sell or share it outside your workspace.

2.5 Technical Data

We use cookies and similar technologies (such as local storage, session storage, and pixels) to operate, secure, and improve our Services.

Types of cookies we use include:

• Essential Cookies: Required for core functionality like authentication, session management, and security.
• Performance and Analytics Cookies: Help us understand how users interact with our Services, including page load times, feature usage, and error tracking. For example, we may use tools like Vercel Analytics or Supabase logging.
• Functionality Cookies: Enable personalized features and preferences, such as remembering your workspace selection.

Examples of data we collect using cookies:

• Device and browser information (e.g., IP address, user agent)
• Login and session state (e.g., msal.interaction.status, wos-session)
• Feature usage logs and timestamps

Where required by law (e.g., in the EU or certain provinces), we will request your consent before placing non-essential cookies. You may also manage your cookie preferences through your browser settings. Disabling certain cookies may affect your ability to use key features of the platform.

2.6 Social Media

Coalesc maintains a presence on third-party social media platforms, including but not limited to LinkedIn, X (formerly Twitter), and YouTube. When you interact with our official pages on these platforms—such as by liking, commenting, following, or messaging us—we may receive personal information that you choose to provide, including your name, profile handle, and public messages.

In addition, the social media platforms may provide us with aggregated analytics and engagement metrics about how users interact with our content.

How We Collect This Information:

• Directly from you when you engage with our posts or messages
• From the social media platforms themselves (e.g., through insights dashboards or analytics tools)

How We Use This Information:

• To operate, monitor, and improve our Services and brand presence
• To respond to inquiries or comments you make on our posts
• To understand engagement trends and develop better content
• To communicate updates or promotions related to Coalesc
• To maintain the security and integrity of our Services
• For legal, regulatory, or compliance purposes as required

How We May Disclose This Information:

• To our trusted service providers (e.g., marketing or social media tools)
• In connection with business transactions (e.g., mergers or acquisitions)
• To comply with legal obligations or respond to lawful requests
• To affiliated companies or partners that help us deliver the Services
• To other third parties when you intentionally interact or share information (e.g., public comments or mentions)

Please note that your activity on third-party platforms is governed by their respective privacy policies and terms of use. We encourage you to review those policies before engaging with us on social media.

2.7 Publicly Available Data

We may collect and use publicly available information such as:

• Company names and business addresses
• Information published on public websites or registries

This data is used for account verification, service personalization, or to enhance our product capabilities (e.g., auto-tagging or enrichment).

2.8 Google & Microsoft API Data Disclosures

Google API Limited-Use Disclosure

Our use and transfer of information received from Google APIs (including Gmail and Google Drive) adheres to the Google API Services User Data Policy, including its Limited Use requirements. This means:

• We access, process, and store data only to deliver features explicitly requested by the user.
• We do not use Google user data for advertising.
• We never sell or share Google user data with third-party marketers.

Microsoft API Data Use Disclosure

Our use and transfer of information obtained through Microsoft Graph APIs (e.g., Outlook Mail, OneDrive, and Microsoft 365 services) complies with the Microsoft API License Terms and the Microsoft 365 Developer Terms. We access, process, and store data:

• Only to deliver Coalesc features initiated by the user
• Never for advertising purposes
• Never for resale or unrelated third-party use

Manual Uploads and Other Sources

Files uploaded directly from your device, or synced from other authorized integrations, are used exclusively to provide the Coalesc service. We do not use this content for advertising and only disclose it as described in Section 4: Disclosure of Information.

2.9 Third-Party Integrations & Consent

To deliver key features of the Coalesc platform—such as automatic document retrieval, synchronization, and reconciliation—we support integrations with select third-party services (e.g., Google Workspace, Microsoft 365, Dropbox, and others).

We will never connect to any third-party account or retrieve files from your external services without your explicit consent. This means:

• We will request your permission before linking any integration.
• You will be clearly informed of the types of data we access (e.g., attachments, metadata) and how it will be used.
• Integration is opt-in, and no connection is made automatically when you create a Coalesc account.
• You may revoke these connections at any time from your Coalesc dashboard under Dashboard → Email or Integrations.

3. How We Use Information

We use the personal information we collect for the following purposes:

• To operate and provide the Coalesc platform: We use your data to deliver core services such as file organization, document search, reconciliation, and data export. This includes processing your uploads, linking connected accounts, and maintaining access control for your workspace.
• To support you and respond to inquiries: We use your information to troubleshoot issues, provide customer support, and communicate with you about technical problems or account-related questions. Our support team will only access your files with your explicit consent.
• To improve and enhance our platform: We use your information to analyze usage patterns, ensure the accuracy and reliability of our features, and support ongoing development. This includes conducting internal research, optimizing performance, and using de-identified or pseudonymized data to refine functionality and guide innovation. AI tools (e.g., for metadata extraction or file renaming) are used to enhance file organization, but your content is never used to train external models.
• To ensure security and prevent misuse: We use your information to maintain the security and integrity of the Service, including preventing fraud, unauthorized access, or other forms of abuse. We monitor anonymized system logs for errors and retain them for 30 days to maintain uptime and performance.
• For legal and compliance purposes: We may use or retain information to comply with Canadian laws, such as tax record retention requirements under the Income Tax Act, or other valid legal obligations.

We do not sell or share your personal information for advertising. Coalesc does not sell your data or use it for targeted marketing. We also do not share your personal information with third parties for cross-contextual or behavioral advertising.

4. Disclosure of Information

Coalesc Technologies Inc. discloses personal information only when necessary, with appropriate safeguards in place, and in accordance with Canadian privacy laws. Below are the specific situations where disclosure may occur:

4.1 Service Providers and Subprocessors

We engage carefully vetted third-party service providers ("Subprocessors") to help operate and improve our Services. These vendors may access personal information only to perform tasks on our behalf and are contractually bound to protect it.

Types of Subprocessors include:

• Cloud infrastructure and hosting providers (e.g., Vercel, AWS, Supabase)
• Analytics and monitoring tools
• Support and automation platforms

Safeguards include:

• Binding confidentiality agreements
• Security and privacy practices aligned with or exceeding PIPEDA (e.g., encryption, access restrictions)
• Data localization preferences, favoring Canadian or U.S. storage locations where possible

We do not permit our Subprocessors to use your personal data for their own purposes.

4.2 Business Transfers

In the event of a corporate transaction (e.g., merger, acquisition, restructuring, or asset sale), your personal information may be transferred to a successor entity. In such cases:

• You will be notified via email or in-app message, if required by law.
• The acquiring party must agree to maintain equivalent data protection obligations and honor existing user rights.

4.3 Legal and Regulatory Compliance

We may disclose personal information when necessary to:

• Comply with applicable laws, regulations, or lawful requests by public authorities
• Enforce our Terms of Service or protect our rights, privacy, or property
• Prevent or address fraud, misuse, or security threats
• Protect the safety of any individual

4.4 Aggregated or De-identified Data

We may share data that has been aggregated or de-identified so that it cannot reasonably be used to identify an individual. This data may be used for:

• Platform improvement and feature development
• Security benchmarking and operational metrics
• Marketing or business development (e.g., showing usage trends without revealing identities)

4.5 With Your Consent

In situations not covered above, we will only disclose your personal information with your express consent.

5. Data Retention

We retain your personal information only as long as necessary to provide the Coalesc service, fulfill the purposes outlined in this Privacy Policy, or comply with legal and regulatory requirements. The specific retention period depends on the type of data and its purpose:

Additional Notes:

• Legal obligations: Certain data may be retained beyond deletion requests to comply with legal requirements (e.g., Canada Revenue Agency's 6-year recordkeeping rule under the Income Tax Act).
• Security & integrity: We may temporarily retain data to investigate security incidents or misuse, including fraud or unauthorized access.
• Complaint handling: If there is an active dispute or complaint, relevant data may be preserved until it is resolved.

We will securely delete or anonymize data when it is no longer needed. If you request account deletion, we will remove your data from our systems within 30 days, unless we are legally required to retain it longer.

6. Your Rights & Choices

At Coalesc, we respect your privacy and give you meaningful control over your personal information. Depending on your location and applicable laws, you may have the right to:

• Access the personal information we hold about you
• Correct inaccurate or outdated information
• Delete your personal data from our systems
• Request data portability, where technically feasible

You can exercise these rights at any time by contacting us at hello@coalesc.xyz. We will respond in accordance with applicable legal requirements.

Managing Integrations and Connections

You can disconnect any linked email or service integration at any time via your Coalesc workspace:

Go to Dashboard → Email to manage or remove connected accounts.

Please note that deleting your account or disconnecting a service may affect your ability to access certain features.

7. Links to Other Websites

Our Services may include links to third-party websites, applications, or social media platforms that are not operated or controlled by Coalesc. We are not responsible for the privacy practices, content, or security of these external sites.

If you choose to visit their third-party services, we encourage you to review their privacy policies and terms of use before providing any personal information. Your interaction with those services are governed solely by their respective policies.

8. Security

At Coalesc, we take data security seriously and implement industry-standard safeguards to protect your personal information from loss, misuse, unauthorized access, disclosure, alteration, or destruction.

8.1 Technical and Organizational Measures

• Authentication: We use secure OAuth 2.0-based login via trusted identity providers such as Google Cloud Platform and Microsoft Entra ID. Authentication is managed through WorkOS, ensuring compliance with enterprise-grade security protocols.
• Encryption in Transit: All data transmitted between your device and our platform is encrypted using TLS 1.2 or higher, enforced by our infrastructure providers (Vercel and Supabase).
• Encryption at Rest: Data stored within our platform is secured using AES-256 encryption, handled through our cloud service providers.

Hosting and Infrastructure: Our systems run on enterprise-grade platforms including:

• Vercel (for secure front-end hosting),
• Supabase (for encrypted databases and file storage),
• WorkOS (for secure and scalable authentication).

For additional information, please refer to the security documentation provided by these vendors.

8.2 User Responsibility

While we take appropriate steps to secure your data, no method of electronic transmission or storage is 100% secure. You are responsible for protecting your login credentials, limiting access to your devices, and signing out of your account after use.

9. Children

The Service is intended for individuals who are 18 years of age or older. We do not knowingly collect, use, or disclose personal information from anyone under the age of 18 without the consent of a parent or legal guardian, where required by applicable law.

If we become aware that we have collected personal information from a minor without appropriate consent, we will take steps to delete the information promptly and ensure compliance with applicable privacy laws.

If you are a parent or legal guardian and believe your child has provided us with personal information without your consent, please contact us at hello@coalesc.xyz.

10. Changes

We may update this Privacy Policy from time to time. When we make material changes, we will post the updated version with a revised "Effective Date" at the top of this page. If required by applicable law, we will provide additional notice (such as via email or in-app notification).

Your continued use of the Service after any changes have been posted constitutes your acceptance of those changes. We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information.

11. Contact

If you have any questions, concerns, or complaints about how we collect, use, or store your personal information—or if you wish to exercise your privacy rights—please contact us using the details below:

Email: hello@coalesc.xyz