How Coline handles your data.

Coline is a workspace-first productivity platform. We collect information needed to create accounts, operate workspaces, store content, power collaboration, run the public API, support Kairo, and keep the service reliable and secure.

• Provide, operate, secure, debug, and improve Coline.
• Authenticate users, maintain sessions, verify emails, and enforce workspace access controls.
• Create and manage files, messages, taskboards, calendars, apps, notifications, integrations, API keys, OAuth clients, and billing.
• Power search, indexing, Kairo, summaries, memories, automations, realtime collaboration, presence, typing indicators, calls, and desktop or in-app notifications.
• Detect abuse, prevent fraud, investigate security incidents, enforce agreements, and comply with legal obligations.

When you use Kairo or other AI features, Coline processes your prompts, conversation history, selected workspace context, attached files, generated outputs, model choices, tool calls, reasoning or output metadata, usage information, memories, summaries, embeddings, execution logs, and feedback or errors.

Depending on the model or feature you choose, this information may be processed by AI infrastructure providers such as AWS Bedrock, Azure AI Foundry, Cloudflare Workers AI, Google Vertex, or similar providers used to fulfill your request.

Coline does not use private workspace content to train Coline-owned public models. AI providers process data to provide the requested AI functionality, subject to their applicable service terms and Coline's agreements with them.

Coline uses cookies and similar technologies for authentication, sessions, security, preferences, analytics, and product functionality. For example, Coline uses secure session cookies to keep you signed in.

We share information only where needed to operate Coline, support features you choose, comply with law, or protect the service.

• Service providers that host, store, process, secure, analyze, transmit, or monitor data for Coline.
• Authentication, infrastructure, database, object storage, realtime, email, CDN, payment, analytics, error-monitoring, and AI providers.
• Connected integrations and third-party apps that you or your workspace authorize.
• Workspace members and administrators according to workspace permissions and sharing settings.
• Legal, regulatory, safety, security, merger, acquisition, or financing contexts where disclosure is necessary.

If you use Coline through a workspace owned or managed by an organization, that organization may control the workspace content, members, roles, permissions, integrations, retention settings, exports, API keys, OAuth clients, app installations, billing, and related administrative settings.

Workspace owners and administrators may be able to access, export, delete, restrict, or manage workspace content and member data. Other workspace members may see your profile, email visibility setting, messages, files, comments, reactions, presence, and activity depending on workspace configuration and permissions.

Public links, published files, invites, shared files, connected integrations, and installed apps can make information available outside your workspace according to the settings you choose.

Coline uses technical and organizational safeguards designed to protect information, including TLS, secure cookies, token hashing or encryption, encrypted secrets, workspace-scoped access checks, rate limits, CSRF and same-origin protections, input validation, structured logging, sandboxed code execution, restricted network access for execution environments, and access controls.

Some deleted workspace content may remain in backups or logs for a limited period before deletion through normal retention cycles. Billing, security, API request, audit, and legal records may be retained longer where necessary.

Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal information. You may also have the right to opt out of certain sharing or targeted advertising.

California residents may have rights under the CCPA and CPRA, including the right to know, access, delete, correct, limit certain uses of sensitive personal information, opt out of sale or sharing, and not be discriminated against for exercising privacy rights. Coline does not sell personal information.

You can manage some information in your account or workspace settings. To make a privacy request, contact privacy@coline.app. We may need to verify your identity before completing a request. If your data is controlled by a workspace organization, we may direct your request to that organization or process it according to their instructions.