Cora

Trust Center

Document Version: TC-v1.4-2026-06-05 Effective Date: June 5, 2026

Cora is built for clinical research teams who handle sensitive study data every day. This page describes how we protect your data, what AI processing actually does, the third-party services we rely on, and where Cora stands on regulatory readiness.

We aim for accuracy over marketing language. Where a claim has limits, those limits are stated.

Data Handling

  • AI Inference Privacy (Zero Data Retention scope): Cora's AI calls (answer generation, grounding verification, query expansion, embeddings) run through AWS Bedrock with Zero Data Retention enabled. Bedrock does not persist your prompts or responses, and AWS does not use them to train any models. This Zero Data Retention guarantee applies specifically to AWS Bedrock LLM and embedding inference calls. It does not apply to data stored elsewhere in the Cora system (see Subprocessors and Retention below).
  • AI Inference Region Controls: Cora's default Anthropic answer-generation and grounding-verification calls use AWS Bedrock's global. cross-region inference profile. If a sponsor contract requires AI processing within the United States, Cora can pin that customer organization to AWS Bedrock's us. Geographic-US Anthropic profile.
  • Document Storage: Your uploaded study documents and the text chunks generated from them are stored in Cora's database (Supabase, US region) so we can answer future questions against them. They remain in your organization's tenant and are deleted on request or per the data lifecycle described below.
  • No Analytics, Cookies, or Behavioral Tracking: Cora does not use Google Analytics, tracking pixels, advertising cookies, or any behavioral tracking technology. We collect only what is necessary to operate the service.
  • PII Detection: Cora includes a built-in PII detector that screens for the text-detectable HIPAA Safe Harbor identifier categories (16 of the 18; names, dates of birth, medical record numbers, Social Security numbers, etc.). Queries containing detected PII are blocked before reaching the AI model, and uploaded document chunks are scanned at ingestion.
  • Data Isolation: Each organization's data is logically isolated using PostgreSQL Row-Level Security (RLS). Users can only access documents and queries belonging to their assigned organization.

AI Transparency

  • Retrieval-Augmented Generation (RAG): Cora does not generate answers from general knowledge. Every response is grounded in your uploaded study documents. Source citations with page numbers are included in every answer.
  • Grounding Verification: A secondary AI model (Claude Haiku) independently verifies that each answer is supported by the retrieved source chunks. Answers that fail grounding verification are flagged.
  • Confidence Scoring: Every response receives a confidence rating (HIGH, MEDIUM, or LOW) based on retrieval quality, grounding verification, and citation coverage.
  • LOW Confidence Warning: When confidence is LOW, Cora displays a prominent "Verify with your Principal Investigator" warning. This ensures clinical staff always exercise independent judgment.
  • Not a Medical Device: Cora is not designed, intended, or marketed as a clinical decision support system, medical device, or source of medical advice. It is a research and informational reference tool.

Infrastructure

  • Database: Supabase PostgreSQL with pgvector for vector similarity search. All data encrypted at rest (AES-256) and in transit (TLS 1.2+).
  • AI Processing: AWS Bedrock with Zero Data Retention. Anthropic answer-generation and grounding calls default to the global. Bedrock profile, with an organization-level us. Geographic-US pin available for sponsor contracts that require US-only AI processing. Nova, embeddings, and reranking remain configured on AWS Bedrock services in the applicable US regions.
  • Frontend Hosting: Vercel with automatic TLS certificate provisioning.
  • Backend Hosting: Railway with managed deployments and automatic TLS.
  • Multi-Tenancy: Row-Level Security (RLS) policies enforce data isolation at the database level. Every query validates the authenticated user's organization membership before returning results.

Subprocessors and Retention

Cora relies on a small number of third-party providers ("subprocessors") to deliver the service. Each provider has its own retention policy. The full list, including the data each provider receives and where it is processed, lives on the Subprocessors page. Retention summary:

CategoryProviderWhat is retainedApproximate retention
AI inferenceAWS Bedrock (Claude, Nova)Nothing (Zero Data Retention)None
RerankingAWS Bedrock (Cohere Rerank 3.5)Query text and chunk text processed within AWS for relevance scoring; no direct relationship with CohereGoverned by AWS Bedrock terms (no independent retention by Cohere)
Database, file storage, authSupabaseAll persistent customer data: account info, documents, chunks, embeddings, audit logsUntil deletion request or per the data lifecycle below
Backend computeRailwayRequest data in transit; no long-term application storageTransient
Frontend hostingVercelStatic assets and proxied requestsTransient
Transactional emailPostmarkEmail addresses and message bodies for system emailsPer Postmark's standard message retention window
Error trackingSentryError stack traces and request metadata; PII collection disabledPer Sentry's project retention setting
PaymentsStripeBilling email, organization name, payment method (card data never touches Cora)Per Stripe's terms

For exact retention windows, certifications, and data flow per vendor, see the Subprocessors page and our Privacy Policy.

Regulatory Posture

We try to be precise about what Cora is and is not today.

  • HIPAA: Cora is built with HIPAA-aligned controls (access controls, audit trails, encryption in transit and at rest, PII screening, RLS-based tenant isolation). Cora is not HIPAA-certified and does not, as a matter of standard policy, sign Business Associate Agreements. The reason is architectural: Cora ingests clinical trial template and spec documents (study designs, blank ICFs, lab manuals, site SOPs) which are authored before any patient enrolls and do not contain patient records. Our Terms of Service (Section 5.3) prohibit customer uploads of Protected Health Information, and our automated PII detector screens for 16 of the 18 HIPAA identifier categories that are text-detectable under the Safe Harbor method (45 CFR 164.514(b)(2); the remaining two, biometric identifiers and full-face photographs, do not occur in protocol text). For customers whose compliance team requires a signed BAA as a procurement condition, please contact founders@maxoutput.ai to discuss; we make no representation that such a BAA will be available given the underlying sub-processor coverage.
  • FDA: Cora is not an FDA-approved or FDA-cleared device. It is a research and informational reference tool, not a clinical decision support system.
  • Accuracy: Cora is grounded in your documents and shows citations on every answer, but no AI system is 100% accurate. The "Verify with your Principal Investigator" warning is shown on every LOW-confidence response, and the accuracy disclaimer is shown at all times.
  • Voice: Cora is a text-only chat interface. There is no voice input or output.

Compliance Posture (Controls in Place)

  • SOC 2 Type II: SOC 2 audit preparation is in progress. Our security controls, access policies, and monitoring are designed to meet SOC 2 Trust Service Criteria for Security, Availability, and Confidentiality. We are not yet SOC 2 certified.
  • Uptime Commitment: Cora targets 99.5% monthly uptime for the production application. Planned maintenance windows are communicated at least 48 hours in advance.
  • Immutable Audit Logging: All document operations (upload, re-chunk, delete, version replacement) are recorded in an append-only document_audit_log table. UPDATE and DELETE operations on audit records are blocked by database triggers. This supports 21 CFR Part 11 audit trail requirements.
  • Session Timeout Enforcement: Inactive sessions are automatically terminated to prevent unauthorized access from unattended workstations.
  • Multi-Factor Authentication (MFA): TOTP-based MFA is supported for all user accounts, providing an additional layer of authentication security.
  • Role-Based Access Control: Three roles govern access: owner_admin, member, and auditor, each with distinct permissions for document management, user administration, and data review.
  • Electronic Signatures: Terms of Service acceptance is recorded with the user's typed full name as an electronic signature, along with timestamp, IP address, user agent, and document version. These records are immutable.
  • Query Audit Trail: Every user query, AI response, confidence score, and response time is logged in query_audit_log for accountability and performance monitoring.

Data Lifecycle

  • Active organizations: Customer data is retained for the life of the subscription.
  • Suspended organizations (payment failure, post grace period): Data is preserved indefinitely so that the organization can reactivate without loss.
  • Cancelled organizations: Data is available in read-only mode for one year so customers can export it, after which customer data is destroyed. Audit logs are retained for three years to support 21 CFR Part 11 sensitivity.
  • The obligation to retain regulated study data sits with the research site under 21 CFR 312.62 and ICH GCP E6(R2) 4.9.5; Cora does not assume that obligation.

Contact

For security questions, vulnerability reports, or compliance inquiries, contact us at founders@maxoutput.ai.