Privacy Policy
Last Updated: January 1, 2026
At CoralLedger, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use CoralLedger Comply, our VAT compliance management platform.
1.1 Information You Provide
Account Information:
Name and email address
Business name and Tax Identification Number (TIN)
VAT registration number
Contact phone number (optional)
Business address
Business Data:
Transaction data (sales, purchases, expenses)
VAT amounts and calculations
Invoice numbers and descriptions
Customer and vendor information
Transaction categories and classifications
Communication Data:
Support requests and correspondence
Feedback and survey responses
In-app messages and notifications
1.2 Information We Collect Automatically
Usage Data:
Device information (browser type, operating system)
IP address and approximate location
Login dates and times
Pages viewed and features used
Error logs and diagnostic data
Cookies and Tracking Technologies:
Session cookies for authentication
Preference cookies for user settings
Analytics cookies for service improvement
See our Cookie Policy for more details on how we use cookies and how to manage your preferences.
We use the information we collect for the following purposes:
2.1 To Provide the Service
Process and validate your transaction data
Calculate VAT amounts and prepare VAT returns
Generate compliance reports and analytics
Provide AI-powered transaction categorization
Detect and prevent duplicate transactions
2.2 To Improve the Service
Analyze usage patterns to enhance features
Identify and fix bugs and technical issues
Train and improve our AI categorization algorithms (using anonymized data)
Develop new features based on user needs
2.3 To Communicate with You
Send service notifications (filing deadlines, compliance alerts)
Respond to support requests and inquiries
Send product updates and announcements (with opt-out option)
Request feedback on your experience
2.4 For Security and Compliance
Prevent fraud and unauthorized access
Maintain audit logs for security and compliance purposes
Comply with legal obligations and government requests
Enforce our Terms of Service and Acceptable Use Policy
We process your personal data based on the following legal grounds:
| Legal Basis | Purpose |
|---|---|
| Contract Performance | Processing data necessary to provide the Service you requested (account management, VAT calculations) |
| Legitimate Interests | Improving the Service, preventing fraud, maintaining security, and conducting business operations |
| Legal Obligation | Complying with Bahamas tax laws, responding to legal requests, maintaining required records |
| Consent | Marketing communications, optional features, cookies (where required by law) |
Where we rely on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
4.1 Service Providers
We may share your information with trusted third-party service providers who assist us in operating the Service:
Cloud hosting providers (Azure, AWS, DigitalOcean)
Email service providers (for notifications and support)
Analytics providers (for service improvement)
Payment processors (for subscription billing, once implemented)
All service providers are bound by confidentiality agreements and are only permitted to use your data to provide services to us.
4.2 Accounting Firm Access
If your business is managed by an accounting firm using CoralLedger Comply, the firm's authorized users will have access to your business data as needed to provide accounting services.
4.3 Legal Requirements
We may disclose your information if required by law or in response to:
Court orders or legal processes
Requests from government authorities or regulators
Requirements under the Bahamas VAT Act or other applicable laws
Protection of our legal rights or prevention of fraud
4.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and provide options regarding your data.
We implement comprehensive security measures to protect your information from unauthorized access, alteration, disclosure, or destruction:
Encryption
256-bit AES encryption at rest
TLS 1.3 encryption in transit
Encrypted database backups
Access Controls
Role-based access control (RBAC)
Multi-factor authentication (MFA)
Audit logging of all data access
Infrastructure Security
Firewall protection
Intrusion detection systems
Regular security audits
Data Protection
Multi-tenant data isolation
Automated daily backups
Disaster recovery procedures
We retain your data for as long as necessary to provide the Service and comply with legal obligations:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account information | Duration of account + 30 days | Service provision, grace period for reactivation |
| Transaction data | 7 years minimum | Bahamas VAT Act record-keeping requirement |
| VAT returns | 7 years minimum | Legal compliance and audit requirements |
| Usage data and logs | 12 months | Service improvement, security monitoring |
| Support communications | 3 years | Customer service, legal protection |
| Marketing consent | Until withdrawn | Marketing communications |
After the retention period expires, we securely delete or anonymize your data. Note that we may retain anonymized, aggregated data indefinitely for statistical and research purposes.
You have the following rights regarding your personal data:
Right to Access
Request a copy of the personal data we hold about you. We will provide this within 30 days of your request.
Right to Rectification
Request correction of inaccurate or incomplete personal data. You can update most information directly in your account settings.
Right to Erasure
Request deletion of your personal data, subject to legal retention requirements (7 years for VAT records under Bahamas law).
Right to Data Portability
Receive your data in a structured, machine-readable format (CSV, JSON, XML) and transfer it to another service provider.
Right to Object
Object to processing of your data for direct marketing purposes or based on legitimate interests. We will stop processing unless we have compelling legitimate grounds.
Right to Restriction
Request restriction of processing in certain circumstances (e.g., during dispute resolution about data accuracy).
How to Exercise Your Rights
To exercise any of these rights, please contact us at privacy@coralledger.com or through our support portal. We will respond to your request within 30 days and may require verification of your identity before processing your request.
CoralLedger Comply is based in The Bahamas and uses cloud infrastructure providers (Azure, DigitalOcean) that may store data in various regions globally.
When we transfer data internationally, we ensure appropriate safeguards are in place:
Data Processing Agreements with service providers
Standard Contractual Clauses (SCCs) for EU data transfers
Encryption of data in transit and at rest
Adherence to international privacy frameworks
Your data is primarily stored in the region closest to your business location to ensure optimal performance and compliance with local data residency requirements where applicable.
CoralLedger Comply is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@coralledger.com. We will promptly delete such information from our systems.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
When we make changes:
We will update the "Last Updated" date at the top of this page
For material changes, we will notify you via email at least 30 days before the changes take effect
We may display a prominent notice within the Service
We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes take effect constitutes your acceptance of the revised Privacy Policy.
Privacy Questions or Concerns?
If you have any questions about this Privacy Policy or how we handle your data, please contact us:
Privacy Officer: privacy@coralledger.com
General Support: support@coralledger.com
Phone: +1 (242) 555-0100
Address: 123 Bay Street, Nassau, Bahamas