Privacy Policy

1. International Jurisdiction & Global Users

Corrath is engineered to be compliant with global privacy frameworks. Our operations conform to the requirements of:

• European Union & UK: General Data Protection Regulation (GDPR) and UK GDPR.
• United States: California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA), and other state-level privacy statutes.
• India: Digital Personal Data Protection Act, 2023 (DPDP Act).
• Other Regions: We handle data processing transparently according to national requirements in our global service jurisdictions.

2. Data Collected & Minimization Principles

We apply strict data minimization standards. We only collect details essential to authenticate your account, compute platform statistics, and protect gateway integrity:

• Account Credentials: Name, work email, and hashed credentials supplied during registration.
• Billing Data: Processed strictly via secure payment partners (Stripe). We do not store credit card numbers on our servers.
• Telemetry Logs: Platform traffic characteristics, including threat classification counts, latency distributions, and proxy endpoint load.

3. Cross-Border Data Transfers

To maintain sub-5ms operational routing, Corrath structures computing instances in various international edge regions (including the EU, UK, US, and India). Consequently, personal data may be transferred to and processed outside of your home country. For transfers of EU or UK personal data, we utilize European Commission-approved Standard Contractual Clauses (SCCs) to establish equivalent safeguards.

4. User Rights & Data Governance

Regardless of your physical location, Corrath guarantees user-level data rights. You have the right to:

• Access & Portability: Request a structured export of all database entries associated with your account ("Export My Data").
• Rectification: Modify your profile settings, email addresses, and preferences.
• Deletion: Exercise your "Right to be Forgotten" and erase your profile ("Delete My Account") and related analytics history.
• Withdrawal of Consent: Decline non-essential communication or opt out of notification preferences at any time.

These features are directly accessible through your account Dashboard Settings under the Privacy & Compliance panel.

5. Data Retention Scheduler

We retain account identifiers for the duration of your active subscription. Operational threat logs and billing invoice summaries are kept for a maximum of seven (7) years to satisfy security audit trails, tax compliance, and legal verification guidelines. Dynamic credential keys stored in the Vault are retained only until deleted by you.

6. Third-Party Services

We coordinate with selective infrastructure providers to manage platform operations:

• Payment Operations: Stripe, Inc. (subscription authorization).
• Email Services: Resend.com (transactional alert broadcasts).
• Routing Nodes: Multi-cloud edge nodes (routing API gateways securely).

These vendors operate under strict data processing agreements and are barred from using your details for direct advertising.

7. Security Practices

Corrath enforces end-to-end data encryption. Dynamic keys and API credentials stored in our key vaults are encrypted at rest using AES-256-CBC, with internal routing tokens protected by secure HMAC verification loops. Active login sessions are protected with secure, SameSite, HttpOnly-equivalent authentication structures to defend against cross-site scripting (XSS) and request forgery (CSRF) vectors.

8. Contact & Data Protection Officer

For privacy, compliance, legal, GDPR, security, and data protection inquiries, contact us at: