Product Pricing Benchmarks Blog
Contact Docs GitHub 5.2K

Privacy Policy

Last updated: 13 April 2026

1. Introduction

This Privacy Policy sets out how we, Phoebe Technology Limited ("Coral," "we," "us," "our"), collect and process your personal data and explains your rights in relation to your personal data.

Coral's registered office is at 9th Floor, 107 Cheapside, London, EC2V 6DN, United Kingdom. If you have any questions about this Privacy Policy or wish to exercise any of your rights in relation to your personal data, you can contact us at the address above or by email at privacy@withcoral.com. Our preferred contact method is email.

This Privacy Policy affects your legal rights and obligations, so please read it carefully. If you do not agree to be bound by this Privacy Policy, please do not provide your personal data to us or request that your employer or colleague not do so on your behalf.

We may update this Privacy Policy from time to time at our discretion and in particular to reflect any changes in applicable laws. If we do so, and the changes substantially affect your rights or obligations, we will take commercially reasonable measures to notify you (for example, by email or a notice on our website). Otherwise, you are responsible for regularly reviewing this Privacy Policy so that you are aware of any changes.

We may collect your personal data because you provide it directly to us, or because your employer or a colleague is our client and wishes to set up an account for you to access our platform. In such circumstances, we are the controller of your personal data.

Alternatively, we may receive your personal data through our platform because one of our clients has uploaded your details within their account on our platform. In such circumstances, we are the processor of your personal data and will only process it in accordance with that client's instructions.

Our website and services are not intended for children, and we do not knowingly collect data relating to children.

Our website or platform may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and disclaim responsibility for their privacy statements. When you leave our website or platform, we encourage you to read the privacy policy of every website or service you visit.

2. What personal data do we collect and from whom?

By "personal data," we mean any information that can identify you, such as your name, email address, phone number(s), or a photo you upload to our platform. We reserve the right to anonymize and/or pseudonymize such personal data so that it is no longer personally identifiable and to use it in anonymized and/or pseudonymized form for our internal business purposes, insights, or other purposes from time to time.

We may obtain special categories of personal data about you if you or a client chooses to provide such data to us. Special categories of personal data include information about your race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or sex life or sexual orientation.

2.1 Data you provide to us

You may provide personal data to us if you:

  • use our website;
  • download or use Coral;
  • create an account or register interest in our products;
  • use our Slack bot or web application;
  • apply for a job with us;
  • provide services to us;
  • subscribe to receive product update emails from us; or
  • otherwise contact us with queries, comments, or complaints.

You may provide personal data to us directly through our website or via social media platforms, or through colleagues or your employer (for example, if they add you to their company's account on our platform).

We will process all such personal data in accordance with this Privacy Policy. Certain personal data is mandatory for us to be able to provide certain services (for example, setting up an account), and we will make this clear when we collect it. If you fail to provide any data marked as mandatory, we may not be able to perform the service or fulfill your request.

All personal data that you provide must be true, complete, and accurate. At our request, you shall promptly provide evidence of your identity. If you provide inaccurate or false data, and we suspect or identify fraud, we will record this, and we may also report it to the relevant authorities.

If you contact us by email or post, we may keep a record of the correspondence, and we may record any telephone call we have with you.

2.2 Data we automatically collect about you

When you use our website or use our services, application(s), or related services, we automatically collect and store information about your device and your activities. This may include:

  • technical information about your device (e.g., browser type, operating system, device type);
  • your IP address (which may be anonymized or truncated depending on your cookie preferences);
  • your preferences and settings (e.g., time zone, language);
  • usage details, such as pages visited, time spent on pages, referring URLs, and which features you interact with; and
  • analytics data collected by third-party tools we use to understand how our website is used (see Section 11: Cookies Policy below).

Some of this information is collected using cookies and similar tracking technologies. Please see Section 11 (Cookies Policy) for full details about the cookies we use, their purposes, and how you can control them.

2.3 Data we automatically collect from connected third-party services

You may choose to log in to your Coral account via third-party services such as Google Single Sign-On, in order to access certain information from within the Coral application. If you do so, we may automatically collect and store user data from that third party, which could include:

  • Profile data (e.g., name, email address).

2.4 Data we receive from others

We may receive personal data about you from a colleague, employer, or supplier, for instance, to set up your user account on our platform or to collaborate with you on a project within our tools. If a colleague or employer provides us with your personal (non-work) email address without your consent, please contact us, and we will remove it.

If you apply for a job with us, we may receive personal data about you from your previous employer(s) or other references you provide.

3. Lawful use of your personal data

We will only use your personal data where we have a lawful basis to do so. The lawful bases we rely on under this Privacy Policy are:

  • Consent — for example, when you accept analytics cookies on our website or opt in to marketing communications.
  • Performance of our contract with you, your employer, or your colleague.
  • Compliance with legal obligations.
  • Legitimate interests — (i.e., our legitimate business interests in the normal running of our business, provided these interests do not materially impact your rights, freedoms, or interests).

How we use your personal data depends on why we collected it.

3.1 Using data from your employer or colleague who uses Coral

If we have received your personal data because you are employed by or collaborate with a company that uses our services, we will process that personal data to perform our contract with your employer or colleague or to take steps at their request prior to entering into or updating such a contract. This typically includes creating a user account for you so you can access and use the platform.

3.2 Using data from connected Google Services

If we have received your personal data because you signed in via or connected Google services, we will process your personal data under our contract with your employer (or you directly, if applicable).

3.3 Using data you uploaded or entered into the Coral application

If you upload personal data to our platform, we will process that data in line with the lawful purposes described above and on your instructions (for example, to facilitate collaboration with your colleagues or employer).

3.4 Using data for our legitimate interests

We may also use your personal data for our legitimate interests, such as providing customer support, ensuring compliance with relevant regulations, fraud prevention, audit processes, or to notify you about changes to this Privacy Policy or our services.

3.5 Using data for product update emails (marketing)

We may use your identity, contact, technical, usage, and profile data to form a view on what products, services, or offers may be relevant for you. You will receive these communications only if you have consented or if we are otherwise legally permitted to do so (e.g., you have an existing relationship with us and have not opted out).

You can ask us to stop sending marketing messages at any time by clicking the unsubscribe link in any marketing message or by contacting us directly. Please note that even if you opt out of marketing communications, we may still send you non-marketing messages related to your account or use of our services.

If you ask us to remove you from our marketing list, we will keep a record of your name and email address to ensure we do not send you further marketing emails. We will continue to send transactional or service-related emails if you, your employer, or a colleague has an account with us.

We will also obtain your express opt-in consent before sharing your personal data with any third party for marketing purposes.

3.6 Using data to improve our service

We analyze user interactions with our platform (e.g., feature usage, session duration) to improve, optimize, and develop new features for our services. We do so under our legitimate interest in enhancing user experience and maintaining a competitive service.

3.7 Using data to process job applications

If you apply for a job with Coral, we will use the personal data you provide to process and assess your application, communicate with you about the status of your application, and respond accordingly.

3.8 Change of purpose

We will only use your personal data for the purposes for which we collected it. If we need to use it for a new purpose that is compatible with the original one, we will update this Privacy Policy accordingly. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so.

4. Who do we share your data with?

For our legitimate interests or to perform our contract with you or your employer/colleague, we may share your personal data with:

  • Analytics providers: We use Cloudflare Zaraz as our tag management and consent layer, and we may route analytics data to providers such as Google Analytics (operated by Google LLC) and PostHog. These providers may process data such as IP addresses, device information, and browsing behavior on our behalf. Google may process data in the United States; PostHog processes data in accordance with its own data processing terms. See Section 11 for further detail.
  • Service providers, sub-contractors, and agents we engage to perform functions on our behalf (e.g., hosting providers, payment providers, IT service providers, accountants, auditors, lawyers).
  • Public authorities or legal advisors if we are required to do so by law or if it is necessary for legal or compliance purposes (e.g., to prevent fraud or meet anti-money laundering obligations).
  • Parties involved in a merger, sale of assets, financing, or acquisition of all or a portion of Coral's business.

Our service providers, sub-contractors, and agents will only receive personal data relevant to their role in providing services to us, and we require them to securely delete or anonymize your personal data once they no longer provide services to us.

5. Where we hold and process your personal data

Some or all of your personal data may be stored or processed outside of the United Kingdom (UK) or the European Economic Area (EEA). For example, our servers or those of our service providers may be located in countries outside the UK or EEA.

Whenever we transfer your personal data outside of the UK or EEA, we ensure a similar degree of protection is afforded to it by ensuring appropriate safeguards, such as:

  • Transferring to countries that have been deemed to provide an adequate level of protection by the relevant authority; or
  • Using specific, approved contracts such as the UK's International Data Transfer Agreement (IDTA) or Addendum, or the European Commission's Standard Contractual Clauses (SCCs).

Please contact us if you would like further information on specific mechanisms used when transferring your personal data outside of the UK or EEA.

6. The Coral product and your data

Coral runs on your local machine or within your organization's own infrastructure. Queries are executed against your connected data sources directly, and the results remain on your infrastructure and are not transmitted to Phoebe Technology Limited. Coral stores a limited amount of contextual metadata to improve query performance, and may cache frequently accessed data for a limited period. By default, no query data, cached data, or credentials leave your environment. You may optionally choose to share trace data from a query with us for debugging support.

7. Security

We process your personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage. We achieve this by using technical and organizational measures (e.g., encryption, secure servers, access controls, employee training).

However, no system is completely secure. In the event of a data breach, we will take prompt steps to minimize the impact and notify the relevant authorities and affected individuals where legally required.

8. Automated decision-making

We do not use your personal data for automated decision-making or profiling that produces legal effects or similarly significant effects concerning you.

9. Your rights

Under applicable data protection legislation, you have the following rights (though please note that these rights may not be absolute and can be subject to conditions):

  • Right of access: Obtain a copy of your personal data we hold.
  • Right to rectification: Request correction of any inaccurate or incomplete personal data.
  • Right to portability: Request the transfer of your personal data to another service provider.
  • Right to restriction of processing: In certain circumstances, request that we limit how we process your data.
  • Right to be forgotten: Request that we delete your personal data where it is no longer necessary for us to retain it.
  • Right to object: Object to processing based on legitimate interests, including direct marketing.
  • Right to withdraw consent: Where we rely on consent as the legal basis (e.g., analytics cookies), you may withdraw your consent at any time. This does not affect the lawfulness of processing carried out before withdrawal.

You will not typically be charged a fee to exercise these rights, but we may charge a reasonable fee or refuse to comply if a request is clearly unfounded, repetitive, or excessive.

We may need additional information to verify your identity before we can address your request, as a security measure. We will try to respond to all legitimate requests within one month, but it may take longer if your request is particularly complex or if you have made multiple requests. We will notify you if we need more time.

If Coral is acting only as a processor (on behalf of our client as the controller), you must direct any requests to exercise your rights to our client. We will assist our client in fulfilling its obligations under data protection laws as appropriate.

If you have any complaints regarding this Privacy Policy or our handling of your personal data, please contact us. We will investigate and respond as soon as reasonably possible. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK (www.ico.org.uk) or with your local data protection authority if you are outside the UK.

10. Retention of personal data

We retain personal data in accordance with applicable laws and only as long as necessary to fulfill the purposes for which it was collected or to comply with legal, audit, or statutory requirements (e.g., HMRC requirements).

  • If we have received your personal data because you are an employee of a client, we will typically retain your personal data until we no longer do business with your employer or until instructed otherwise by your employer.
  • If personal data is uploaded by a client to our platform, we will retain it as instructed by that client.
  • Website analytics data routed to Google Analytics is retained in accordance with Google's data retention settings. Analytics data routed to PostHog is retained in accordance with PostHog's retention policies.

In some cases, you can request that we delete your data (see Section 9 above).

We may anonymize your personal data for research or statistical purposes, in which case we may use it indefinitely without further notice to you.

11. Cookies Policy

11.1 What are cookies?

Cookies are small text files placed on your device when you visit a website. They help the website recognize your device and remember certain information about your visit. Some cookies are essential for the website to function; others help us understand how visitors use our site.

11.2 How we use cookies

We use cookies and similar technologies on withcoral.com and related sites for the following purposes:

Strictly necessary cookies

These cookies are required for the website to function and cannot be switched off. They are usually set in response to actions you take, such as setting your privacy preferences or filling in forms. You can set your browser to block these cookies, but some parts of the site may not work as a result.

Analytics cookies

These cookies allow us to count visits and understand how visitors move through our site, which helps us improve it. All information these cookies collect is aggregated. If you do not allow these cookies, we will not know when you have visited our site.

Marketing cookies

We do not currently use marketing or advertising cookies. If this changes, we will update this policy and obtain your consent before setting such cookies.

11.3 Cookie consent

When you first visit our website, you will be presented with a consent tool that allows you to accept or reject non-essential cookies and tags (including analytics cookies). Analytics technologies are only loaded if you provide your consent.

11.4 How to control cookies

In addition to our consent tool, you can control and delete cookies through your browser settings. Most browsers allow you to refuse cookies or delete existing cookies. Please note that if you block all cookies, some parts of our website may not function properly.

For more information about cookies, including how to see what cookies have been set and how to manage or delete them, visit www.allaboutcookies.org.

11.5 Third-party analytics services

Cloudflare Zaraz: We use Cloudflare Zaraz to manage consent and load approved third-party analytics tools on our website. Zaraz acts as the tag management layer between our website and the analytics providers we enable. Cloudflare's privacy policy is available at https://www.cloudflare.com/privacypolicy/.

Google Analytics: If enabled through Zaraz, we use Google Analytics, a web analytics service provided by Google LLC. Google Analytics uses cookies to help us analyze how visitors use our website. The information generated by the cookie about your use of the website (including your IP address) is transmitted to and stored by Google on servers which may be located in the United States. We have enabled IP anonymization so that your IP address is truncated before transmission. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage. Google's privacy policy is available at https://policies.google.com/privacy.

PostHog: If enabled through Zaraz, we use PostHog for product analytics. PostHog helps us understand how visitors interact with our website through event tracking and usage analytics. We use PostHog Cloud (EU), which processes and stores data within the European Union. PostHog's privacy policy is available at https://posthog.com/privacy.

12. General

If any provision of this Privacy Policy is held by a court of competent jurisdiction to be invalid or unenforceable, that provision shall be construed to reflect the parties' intentions, and all other provisions will remain in full force and effect.

This Privacy Policy and any dispute arising out of or related to it (including any non-contractual dispute or claim) will be governed by and construed in accordance with the laws of England and Wales. You agree to submit to the exclusive jurisdiction of the courts of England and Wales in relation to such disputes.

13. How to contact us

You can contact us at any time with questions, comments, or requests regarding your personal data or this Privacy Policy by emailing privacy@withcoral.com or writing to us at:

Phoebe Technology Limited
9th Floor
107 Cheapside
London, EC2V 6DN
United Kingdom