Skip to content
Book a demo

Privacy Policy

Last updated: 28 April 2026

This Privacy Policy explains how Coherent Capital Advisors Limited and, where applicable, its affiliates (together, “Coherent,” “we,” “us,” or “our”), collect, use, disclose, transfer, store, and otherwise process personal data in connection with our website at https://coherent.global (the “Site”) and our products and services, including Coherent Flow, Coherent Pulse, Coherent Sonic, Coherent Platform consists of Insights, Control and Spark (together, the “Services”).

This Privacy Policy is intended to apply globally and to be read together with our Terms of Use and any applicable product, customer, or data processing terms. If there is a conflict between this Privacy Policy and a separate agreement governing a specific Service, that separate agreement will prevail to the extent of the conflict.

Where local law requires more specific notices, rights, disclosures, or consents, we will provide them separately or supplement this Privacy Policy as required.

By using the Site or Services, you acknowledge that you have read this Privacy Policy. Where required by law, we will seek your consent before using personal data for certain purposes, such as non-essential cookies or certain marketing activities.

1. Who we are and our role

Depending on the context, Coherent may act as a controller or processor of personal data.

  • We act as a controller where we determine the purposes and means of processing personal data for our own business operations, including Site administration, account management, sales, marketing, billing, support, security, analytics, and internal operations.

  • We act as a processor where we process personal data, Customer Content (as such term is defined herein), or other information on behalf of a customer and in accordance with that customer's documented instructions, applicable agreement, and/or configuration of the relevant Service.

Where we act as a processor, the relevant customer remains the controller for the applicable personal data, except where otherwise stated in the relevant agreement or required by applicable law.

2. Information we collect

We may collect and process the following categories of personal data.

2.1 Information you provide directly

This may include information you provide when you:

  • create an account or access the Services;

  • request a demo, trial, onboarding, support, or professional services;

  • contact us by email, telephone, web form, chat, or other communication channel;

  • register for an event, webinar, or newsletter;

  • submit a survey, questionnaire, review, or feedback form; or

  • otherwise interact with us.

This information may include:

  • name;

  • job title;

  • company or employer name;

  • business email address;

  • business telephone number;

  • postal address;

  • login credentials and authentication data;

  • billing and payment information;

  • correspondence and support content; and

  • any other personal data you choose to provide.

2.2 Information collected automatically

When you visit the Site or use the Services, we may automatically collect:

  • device information;

  • browser type and version;

  • IP address;

  • operating system;

  • device identifiers;

  • log data;

  • usage data;

  • feature interaction data;

  • access times and session duration;

  • pages viewed and navigation paths;

  • approximate location derived from IP address; and

  • cookie and similar tracking information.

2.3 Information from third parties

We may receive information about you from:

  • our customers and their authorized users;

  • business partners and referral sources;

  • event and webinar platforms;

  • analytics and advertising partners, where permitted by law;

  • payment and fraud prevention providers;

  • professional networking platforms and public sources; and 

  • service providers and subcontractors.

2.4 Customer content and files

Depending on the Service, deployment model, customer settings, and applicable agreement, we may process customer-uploaded files, documents, spreadsheets, worksheets, attachments, metadata, extracted data, structural information, formula references, logic maps, logs, summaries, reports, workflow records, control records, and other content submitted to or generated through the Services, together with any related technical or operational information (collectively, “Customer Content”).

For certain features, including analysis, extraction, reporting, governance, workflow, and control functionality, some processing may occur locally in the user’s browser, some may occur transiently, and some may occur within our secure service environment or other approved infrastructure, depending on the relevant product and configuration.

We process Customer Content only to the extent necessary to provide, secure, maintain, support, and improve the Services and, where applicable, in accordance with our agreement with the relevant customer and applicable law. Unless otherwise expressly stated in a separate written agreement or feature-specific notice, we do not use Customer Content or personal data to train public foundation AI models or to improve external or third-party AI models.

Retention, storage, and deletion of Customer Content and any derived outputs will depend on the relevant Service, deployment model, customer configuration, contractual requirements, and legal obligations.

2.5 Special category or sensitive data

We do not seek to collect special category personal data or other sensitive personal data unless it is necessary for a specific feature, support request, legal obligation, or customer instruction and only where permitted by applicable law.

We ask that you do not submit sensitive personal data unless the relevant Service or feature expressly permits it and you are authorized to do so.

3. How we use personal data

We use personal data for the following purposes, where applicable:

  • to provide, operate, maintain, and support the Site and Services;

  • to register and administer accounts;

  • to authenticate users and manage access; 

  • to respond to enquiries and provide customer support;

  • to process payments, invoices, and accounting records;

  • to send service notices and other non-marketing communications;

  • to send marketing communications where permitted by law;

  • to monitor, secure, test, and improve the Site and Services;

  • to detect, prevent, and investigate fraud, abuse, security incidents, and misuse;

  • to comply with legal obligations and lawful requests;

  • to establish, exercise, or defend legal claims;

  • to carry out internal reporting, analytics, product planning, and business operations; and

  • to fulfil any purpose that is directly related or incidental to the above.

4. Our lawful bases for processing 

Where applicable law requires us to identify a legal basis, we generally rely on one or more of the following: 

  • Performance of a contract – to provide the Services, administer accounts, and perform our obligations under agreements. 

  • Legitimate interests – to operate, secure, improve, and promote our business and Services, provided those interests are not overridden by your rights and interests. 

  • Legal obligation – to comply with applicable laws, tax requirements, court orders, regulatory obligations, and lawful requests. 

  • Consent – where required by law, such as for certain cookies, marketing messages, or specific feature-specific processing. 

Where consent is the legal basis, you may withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal. 

5. AI, automated processing, and model-use restrictions 

We may use automated systems and AI-enabled technologies, including rules-based tools, OCR, pattern recognition, extraction tools, statistical methods, and large language models (LLM), to support the provision, delivery, security, maintenance, and improvement of the Services. 

5.1 Conservative AI use

Our AI-enabled features are intended to be assistive and supportive, not to replace human judgment. Outputs may include summaries, classifications, extracted fields, recommendations, or other analytical results. 

You should independently review and validate any output before relying on it, particularly in legal, financial, compliance, employment, insurance, credit, or other high-stakes contexts. 

5.2 No training or model improvement on customer data 

We do not use Customer Content or personal data to train public foundation models, and we do not use Customer Content or personal data to improve external or third-party models. 

We also do not use Customer Content or personal data to improve our own models unless we have clearly informed you otherwise in a separate written agreement or feature-specific notice and, where required, obtained the appropriate consent or other lawful basis. 

5.3 Third-party AI providers 

Where we use third-party AI or infrastructure providers to deliver a feature, we do so only as necessary to operate the Services and subject to contractual and technical safeguards designed to protect personal data. 

5.4 No sole reliance for significant decisions 

Unless a feature is expressly designed for a specific lawful purpose and clearly documented as such, you should not use our Services to make decisions that produce legal or similarly significant effects on individuals without meaningful human review. 

5.5 EU AI Act-oriented position 

We design and describe the Services as business, productivity, analysis, and governance tools. They are not intended to be used as autonomous decision-making systems for regulated high-risk use cases unless expressly stated in a separate feature-specific notice and supported by the required safeguards and documentation. 

You remain responsible for ensuring that your use of the Services complies with applicable law, including any obligations that may arise under the EU AI Act or comparable laws in other jurisdictions. 

6. Cookies and similar technologies 

We use cookies and similar technologies on the Site and, where applicable, within the Services. 

6.1 Types of cookies 

We may use: 

  • Strictly necessary cookies – needed for the operation of the Site and Services. 

  • Functional cookies – remember your preferences and settings. 

  • Analytics cookies – help us understand how the Site is used and improve performance. 

  • Marketing cookies – help us measure and, where permitted, tailor marketing. 

6.2 Managing cookies 

Where required by law, we will present a cookie banner or preference tool that allows you to manage non-essential cookies. 

You may also adjust your browser settings to block or delete cookies, though some features may not function properly if you do so. 

7. How we share personal data 

We may share personal data with the following categories of recipients, where necessary and appropriate: 

  • our group companies and affiliates; 

  • personnel, contractors, and service providers who need access to perform their functions; 

  • hosting providers, cloud infrastructure providers, analytics providers, support tools, communications tools, and payment processors; 

  • third-party AI or technology providers used to deliver specific features; 

  • auditors, lawyers, insurers, and other professional advisers; 

  • customers and authorized users where necessary to provide the Services; 

  • regulators, courts, law enforcement, and other public authorities where required by law; and 

  • potential acquirers, investors, or successor entities in connection with a merger, acquisition, restructuring, financing, or sale of assets. 

We require recipients to protect personal data and to use it only for the purposes for which it was shared. 

8. International data transfers 

Because we operate globally and use service providers in multiple jurisdictions, personal data may be transferred to, stored in, and accessed from countries outside your country of residence.

Where required by applicable law, we use appropriate safeguards for such transfers. These may include: 

  • adequacy decisions; 

  • standard contractual clauses or equivalent transfer mechanisms; 

  • transfer impact assessments; 

  • technical and organizational safeguards; and 

  • other legally recognized measures. 

You may contact us for more information about international transfer safeguards where applicable. 

9. Retention 

We retain personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, tax, reporting, regulatory, dispute resolution, and contractual requirements. 

Retention periods vary depending on:

  • the type of data; 

  • the purpose of processing; 

  • the Service or feature used; 

  • whether we act as controller or processor;  

  • customer configuration and retention settings; and 

  • applicable law or contractual requirements. 

Where Customer Content or other personal data is no longer required for the relevant purpose, we will delete, anonymize, or securely archive it in accordance with our retention policies and applicable law.  

10. Security 

We implement appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. 

These measures may include: 

  • access controls and least-privilege principles; 

  • authentication and authorization controls; 

  • encryption in transit and, where appropriate, at rest; 

  • logging and monitoring; 

  • confidentiality obligations for relevant personnel and contractors; 

  • vendor and subcontractor due diligence; 

  • secure development and operational practices; and 

  • periodic review of security controls. 

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. 

11. Your rights 

Subject to applicable law, you may have the right to: 

  • access your personal data; 

  • rectify inaccurate or incomplete data; 

  • erase your personal data; 

  • restrict processing; 

  • object to processing; 

  • data portability; 

  • withdraw consent where processing is based on consent; and 

  • lodge a complaint with a supervisory authority or other applicable regulator. 

These rights may vary by jurisdiction and may be subject to limitations or exemptions. 

To exercise your rights, contact us at DPO@coherent.global. We may need to verify your identity before acting on a request. 

Where we are acting as a processor on behalf of a customer, we may need to refer your request to the relevant customer/controller. 

12. Marketing communications 

Where permitted by law, we may send you marketing communications about our products, services, and events. 

You may opt out at any time by using the unsubscribe link in the relevant communication or by contacting us at DPO@coherent.global

Even if you opt out of marketing, we may still send you service-related messages, administrative notices, or legal notices. 

13. Children’s privacy 

Our Site and Services are not intended for children under 18, and you must be at least 18 years old to use the Site under our Terms of Use

We do not knowingly collect personal data from children under 18. If you believe a child has provided personal data to us, please contact us and we will take appropriate steps to delete it, unless we are legally required to retain it. 

14. Third-party links and external services 

The Site and Services may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices of those third parties.

If you use third-party services that integrate with our Services, those services may process data under their own terms and privacy notices. We encourage you to review those notices before use.

15. Contact us 

If you have questions, requests, or complaints regarding this Privacy Policy or our processing of personal data, please contact us at: 

If required by applicable law, you may also contact the relevant data protection authority, supervisory authority, or other regulator in your jurisdiction. 

16. Changes to this Privacy Policy 

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or the Services. 

If we make material changes, we will take reasonable steps to notify you, such as by posting the updated Privacy Policy on the Site or by other appropriate means.

The “Last updated” date at the top shows when this Privacy Policy was last revised.