Kembali ke Halaman Utama

Dasar Privasi

Kemas Kini Terakhir: 6 Februari 2026

SSGV LLC ("SSGV," "we," "us," or "our") operates the Cora service, an AI-powered educational companion for parents and expectant parents, delivered through WhatsApp and accessible via our website at www.meetcora.co (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, interact with Cora through WhatsApp, purchase a subscription, or otherwise engage with our Service.

By accessing or using our Service, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Service immediately.

1. Who We Are

SSGV LLC is a limited liability company incorporated in the State of Wyoming, United States, with a registered office at 1007 N Orange St, 4th Floor, Suite 3174, Wilmington, DE 19801, New Castle, US.

For the purposes of the EU General Data Protection Regulation ("GDPR") and UK GDPR, SSGV LLC is the data controller of your personal information. For the purposes of the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA"), we are the "business" that collects and processes your personal information.

Data Protection Contact: [email protected]

2. Nature of the Service — Important Classification

Cora is a digital educational and informational subscription service. Cora uses artificial intelligence to provide conversational educational content related to pregnancy, newborn care, infant development, and early parenting — delivered via WhatsApp.

Cora is not, and does not provide, any of the following:

  • Telemedicine, telehealth, or remote clinical services of any kind
  • Medical advice, medical diagnoses, medical treatment, or clinical recommendations
  • Healthcare services, nursing services, or allied health services
  • Pharmaceutical, prescription, or drug-related services
  • Mental health therapy, psychiatric services, counseling, or psychological treatment
  • Medical devices or software classified as a medical device (SaMD/SiMD)
  • Health insurance, medical benefit packages, or health plans
  • Lactation consulting, midwifery, doula services, or any other licensed or certified health profession

    • Cora's AI-generated responses are educational in nature, are not reviewed or approved by any licensed healthcare professional before delivery, and should never be relied upon as a substitute for professional medical judgment. The Service is classified as a digital content and educational subscription — comparable to parenting information apps, educational reference platforms, and digital media subscriptions — and not as a healthcare, medical, wellness, or therapeutic service.

    Because Cora is not a healthcare provider, Cora is not a "covered entity" or "business associate" under the Health Insurance Portability and Accountability Act ("HIPAA") and is not subject to HIPAA or equivalent healthcare-specific data protection regulations. Your data is protected under general consumer data protection laws as described in this Privacy Policy.

    3. Information We Collect

    3.1 Information You Provide Directly

  • Account Information: When you begin interacting with Cora on WhatsApp, we collect your WhatsApp phone number and display name. During onboarding, you may voluntarily provide your name, email address, your baby's date of birth or your due date, and other details about your parenting journey (such as your baby's age, feeding preferences, or developmental stage).
  • Conversation Content: The messages you send to and receive from Cora through WhatsApp, including text and any media you share. You control what you share with Cora and do so entirely at your own discretion and risk. We strongly advise against sharing medical records, Social Security numbers, full payment card numbers, financial account numbers, government-issued identification numbers, or other highly sensitive personal identifiers through the Service.
  • Payment Information: Payments are processed securely by our third-party payment processor, Stripe, Inc. ("Stripe"). We do not directly collect or store your full credit card number, debit card number, or bank account details. We receive from Stripe limited transaction data, including your name, email address, the last four digits of your payment method, transaction amount, subscription status, and billing address.
  • Gift Purchaser Information: If you purchase Cora as a gift, we collect the purchaser's email address and any personal message you choose to include.
  • Support Communications: Any information you provide when you contact us for support or feedback.

    • 3.2 Information Collected Automatically

  • Website Usage Data: When you visit our website, we automatically collect technical information including your IP address, browser type and version, operating system, referring URL, pages viewed, time spent on pages, and click interactions.
  • Cookies and Tracking Technologies: Our website uses cookies, pixels, and similar technologies, including the Meta Pixel, to measure advertising effectiveness and improve our Service. See Section 9 for details.
  • Attribution Data: When you click a call-to-action on our website, we collect click identifiers (such as Meta's `fbclid` parameter and `_fbp` cookie value), your IP address, and user agent string for advertising attribution. This data is stored temporarily and linked to your account only if you initiate a WhatsApp conversation within a short time window; otherwise, it expires and is discarded.
  • Device and Connection Information: General information about the device and network you use to access our website.

    • 3.3 Information from Third Parties

  • WhatsApp (Meta): When you message us on WhatsApp, Meta's WhatsApp Business Cloud API transmits your WhatsApp phone number, display name, message content, and message metadata (timestamps, message status). Messages are protected by the Signal encryption protocol during transit.
  • Stripe: We receive transaction confirmations, subscription status updates, and limited customer data from Stripe in connection with your payments.
  • Meta Advertising: If you arrive through a Meta advertisement, we may receive anonymized or pseudonymized advertising identifiers for campaign performance measurement.

    • 3.4 Information We Do Not Collect

    We do not knowingly collect or solicit: medical records, electronic health records, health insurance information, Social Security numbers, government identification numbers, financial account numbers, biometric data, precise geolocation data, or information from children. If you voluntarily share health-related details in conversation (such as symptoms or concerns), we treat that as user-generated educational content and process it solely to generate AI responses and improve the Service. We do not use such information for insurance underwriting, employment decisions, credit determinations, clinical decision-making, or any purpose other than providing the educational Service.

    4. How We Use Your Information

    We use the information we collect for the following purposes:

  • To Provide and Personalize the Service: To deliver AI-generated educational content personalized to your pregnancy stage, baby's age, and parenting journey; to maintain conversational context; and to generate milestone notifications, weekly summaries, and informational insights.
  • To Process Payments: To facilitate subscription purchases, gift purchases, renewals, cancellations, refunds, and billing through Stripe.
  • To Communicate with You: To send service-related messages on WhatsApp (including informational check-ins and account notifications) using pre-approved WhatsApp message templates; and to respond to support requests.
  • To Improve Our Service: To analyze aggregated and anonymized usage patterns, conversation trends, and user feedback to improve AI responses, features, and user experience.
  • To Ensure Safety and Security: To detect and prevent fraud, abuse, and security incidents; to enforce our Terms of Service; and to comply with applicable laws.
  • To Measure Advertising Effectiveness: To track conversions using the Meta Conversions API (server-side) and Meta Pixel (client-side) to understand user acquisition and optimize marketing.
  • To Generate Internal Analytics: To produce internal analytics reports using aggregated or de-identified data.
  • To Protect Our Legal Rights: To establish, exercise, or defend legal claims; to comply with legal obligations; and to respond to lawful requests from public authorities.

    • 4.1 Legal Bases for Processing (EEA/UK Users)

    If you are in the EEA, UK, or another jurisdiction requiring a legal basis:

  • Performance of a Contract (Article 6(1)(b) GDPR): Processing necessary to provide the Service.
  • Legitimate Interests (Article 6(1)(f) GDPR): Operating, improving, securing, and marketing the Service; preventing fraud; protecting legal rights — where not overridden by your rights.
  • Consent (Article 6(1)(a) GDPR): For certain tracking technologies and optional communications. Withdrawable at any time; withdrawal does not affect prior lawful processing.
  • Legal Obligation (Article 6(1)(c) GDPR): Where required by law.

    • Sensitive Information You Voluntarily Share: Details about pregnancy, symptoms, or child development that you share in conversation may be considered health-related data under GDPR. We process this based on your explicit consent, demonstrated by your voluntary and continued sharing. You are never obligated to share such details and may request deletion at any time per Section 8. We do not process this data for any medical, clinical, or therapeutic purpose.

    5. How We Share Your Information

    We do not sell your personal information. We share your information only in the following circumstances:

    5.1 Service Providers and Processors

    We share personal information with trusted third-party service providers, each bound by contractual obligations to protect your data:

    | Provider | Purpose | Data Shared |

    |---|---|---|

    | WhatsApp / Meta Platforms, Inc. | Message delivery (WhatsApp Business Cloud API) | Phone number, display name, message content, metadata |

    | Stripe, Inc. | Payment processing | Name, email, payment method details, transaction data |

    | Supabase, Inc. | Cloud database hosting | Account data, conversation archives, subscription records |

    | AI Model Providers | AI response generation (enterprise API) | Conversation context necessary for responses |

    | Infrastructure Hosting Provider | Server hosting (EU data center) | Data processed in normal course of server operations |

    | Meta Platforms, Inc. | Advertising measurement (Conversions API) | Hashed phone number, hashed email, IP address, event data |

    5.2 WhatsApp Data Use Limitation

    Data obtained through WhatsApp conversations (including phone numbers, message content, and metadata) is used solely to provide and support the Service. We do not use WhatsApp conversation data to build advertising profiles, share it with third parties for advertising purposes, or sell it to data brokers.

    5.3 Meta Conversions API and Meta Pixel

    Conversion event data sent to Meta includes hashed identifiers (SHA-256), IP address, user agent, and event data. Meta processes this under its own privacy policy. Manage preferences at www.facebook.com/adpreferences.

    5.4 Legal and Safety Disclosures

    We may disclose information where reasonably necessary to: (a) comply with law, regulation, or enforceable governmental request; (b) enforce our Terms of Service; (c) protect safety, rights, or property of Cora, users, or the public; (d) detect and prevent fraud or security issues; or (e) protect against imminent harm as required or permitted by law.

    5.5 Business Transfers

    In connection with a merger, acquisition, reorganization, bankruptcy, or asset sale, your data may be transferred. We will use reasonable efforts to notify you prior to any such transfer.

    5.6 Aggregated and De-Identified Data

    We may share data that has been aggregated or de-identified such that it cannot reasonably identify you, for research, analytics, or business intelligence purposes.

    5.7 With Your Consent

    We may share your information for purposes not described herein only with your explicit prior consent.

    6. Data Retention

    We retain personal information only as long as reasonably necessary:

  • Account and Conversation Data: Duration of active subscription plus up to 24 months post-cancellation/inactivity, then deleted or anonymized.
  • Short-Term Conversation Memory: Rolling 7-day window for real-time AI responses; older messages archived to secure database.
  • Weekly Summaries and Insights: Retained for subscription duration plus the 24-month post-cancellation period.
  • Payment Records: Up to 7 years per tax, accounting, and financial reporting obligations.
  • Attribution/Click Data: Up to 90 days, then deleted or anonymized.
  • Anonymized/Aggregated Data: May be retained indefinitely.
  • Legal Hold: Data may be retained beyond standard periods where required to comply with legal obligations, resolve disputes, or enforce agreements.

    • You may request deletion at any time per Section 8.

    7. Data Security

    We implement commercially reasonable administrative, technical, and physical safeguards, including: TLS/SSL encryption in transit; Signal protocol encryption for WhatsApp messages; database access controls and row-level security; service-role authentication limiting system-level access; regular security reviews; and PCI-compliant payment processing through Stripe (we never handle full card numbers).

    No method of electronic transmission or storage is 100% secure. While we take commercially reasonable measures, we cannot guarantee absolute security and expressly disclaim liability for unauthorized access resulting from circumstances beyond our reasonable control, including compromises of your personal device, WhatsApp account, email account, or third-party service provider breaches.

    7.1 Data Breach Notification

    In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach (as required by GDPR Article 33). Where the breach is likely to result in a high risk to you, we will also notify you directly without undue delay via WhatsApp or email.

    8. Your Rights and Choices

    8.1 All Users

  • Opt Out of Messaging: Send "STOP" on WhatsApp or block our number at any time.
  • Access and Correction: Request access to or correction of your data at [email protected].
  • Deletion: Request deletion at [email protected]. We will process within 30 days, subject to legal retention obligations.
  • Data Export: Request a portable copy of your data.

    • We may verify your identity before processing requests. We reserve the right to deny requests that are manifestly unfounded, excessive, repetitive, or that would compromise others' privacy or our legal rights.

    8.2 EEA, UK, and Swiss Residents (GDPR)

    Additional rights: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), objection (Art. 21), consent withdrawal, and the right to lodge a complaint with your supervisory authority.

    8.3 California Residents (CCPA/CPRA)

    Rights: right to know, right to delete, right to correct, and right to opt out of "sale" or "sharing." We do not sell your personal information. Sharing data with Meta for cross-context behavioral advertising may constitute "sharing" under CCPA; opt out at [email protected] or via cookie preferences. We will not discriminate against you for exercising rights. Authorized agents accepted with written authorization.

    8.4 Brazil Residents (LGPD)

    Under the Lei Geral de Proteção de Dados (LGPD), you have the right to: confirmation of processing, access, correction of incomplete or inaccurate data, anonymization or deletion of unnecessary data, data portability, information about third parties with whom data is shared, and revocation of consent. Our designated Data Protection Officer (Encarregado) can be reached at [email protected].

    8.5 Other Jurisdictions

    Residents of other jurisdictions with applicable data protection laws (Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, and others) may exercise applicable rights by contacting [email protected].

    9. Cookies and Tracking Technologies

    9.1 Technologies Used

  • Essential Cookies: Required for website functionality. Cannot be disabled without impairing the site.
  • Meta Pixel: Tracks website actions for advertising measurement. Sets `_fbp` and `_fbc` cookies.
  • Analytics Tools: May be used for internal website performance analysis.

    • 9.2 Your Choices

    Cookie consent mechanism presented where required by law. Manage via browser settings. Opt out of Meta ad targeting at facebook.com/adpreferences, DAA at optout.aboutads.info, or NAI at optout.networkadvertising.org.

    10. International Data Transfers

    SSGV LLC is based in the United States. Your data may be transferred to and processed in the US and the EU. Our application servers and real-time data processing infrastructure are hosted within the European Union (Germany). Our cloud database and payment processing providers may process data in the US.

    For EEA/UK/Swiss transfers, we rely on: the EU-U.S. Data Privacy Framework (and UK/Swiss extensions) where applicable to service providers; Standard Contractual Clauses (SCCs); and your explicit consent when you initiate use of the Service.

    WhatsApp and Stripe each maintain their own data transfer mechanisms as described in their respective data processing terms.

    11. Children's Privacy

    Our Service is designed for adults and is not directed to children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided information to us, contact [email protected] and we will delete it promptly.

    Information about your child that you share as part of the Service (baby's name, date of birth, milestones) is treated as your personal data and processed solely for educational content personalization.

    12. AI-Specific Disclosures

    12.1 Nature of the AI

    Cora is an AI system using large language model technology. Cora is not a human and is not a licensed professional of any kind.

    12.2 Data Processing for AI Responses

    Your messages are combined with conversation history context and sent to a third-party AI model provider to generate responses. This is essential to the Service.

    12.3 AI Model Provider Data Practices

    Our AI model providers process API data solely for response generation and do not use your conversation data to train their general-purpose models, per their enterprise API terms. API data may be temporarily retained by our AI model providers for up to 30 days for safety and abuse monitoring purposes, after which it is deleted. We maintain Data Processing Agreements with our AI model providers that include GDPR-compliant data handling obligations.

    12.4 Accuracy Disclaimer

    AI-generated content may be inaccurate, incomplete, outdated, or contextually inappropriate. We make no representation or warranty regarding the accuracy, reliability, completeness, or suitability of any AI-generated content. Use of AI-generated content is entirely at your own risk.

    13. Third-Party Services and Sub-Processors

    We are not responsible for third-party privacy practices. We maintain Data Processing Agreements with our service providers as required by applicable law. Relevant privacy policies:

  • WhatsApp: whatsapp.com/legal/privacy-policy
  • Stripe: stripe.com/privacy
  • Meta: facebook.com/privacy/policy
  • Supabase: supabase.com/privacy

    • Our service providers may use sub-processors in the course of delivering their services. We review sub-processor arrangements periodically and update this policy when material changes occur. For a current list of our sub-processors, contact [email protected].

    14. Changes to This Privacy Policy

    We may update this Privacy Policy at any time. Material changes will be posted with an updated date and, where practicable, notified via WhatsApp or email. Continued use after changes take effect constitutes acceptance. If you disagree, discontinue use of the Service.

    15. Contact Us

    SSGV LLC

    1007 N Orange St, 4th Floor, Suite 3174

    Wilmington, DE 19801, New Castle, US

    Email: [email protected]

    © 2026 SSGV LLC. All rights reserved.