CoraSend
Become a Partner
ES EN
Legal

Privacy Policy - CoraSend

At CoraSend, the privacy and protection of our users' personal data is a priority.

This Privacy Policy explains how we collect, use, store, share, and protect personal data when you use our services, websites, messaging channels, and associated platforms.

This policy applies to everyone who interacts with CoraSend through WhatsApp, Telegram, web chat, or other enabled channels, as well as those who visit our website.

When a person receives a product or service sent by a third party through CoraSend, the processing of their minimal personal data (phone number or delivery identifier) is also governed by this Privacy Policy.

1. Who is the data controller?

The controller of personal data is:

  • CoraSend
  • Legal entity: Orangepill Colombia SAS
  • Registered address: CL 127 A 53 A 48 AP 23 222
  • Contact email: info@corasend.com

CoraSend operates as a digital platform that allows users to send digital products and services to third parties (family members or recipients) through messaging channels.

To provide the service, CoraSend uses technology, payment, messaging, and digital product distribution providers that act as data processors under contractual agreements and adequate data protection measures.

2. Personal data we collect

We may collect the following types of personal data, depending on how you use our services:

2.1 Identification and contact data

  • Full name
  • Phone number
  • Email address
  • Country and city
  • Messaging identifiers (for example, WhatsApp number or Telegram username)

2.2 Payment data

  • Payment method used (for example, card, PayPal, or other enabled methods)
  • Transaction identifiers
  • Partial payment method information

CoraSend does not store full card data. Payment processing is handled by certified payment providers.

2.3 Transaction data

  • Products or services sent
  • Destination country
  • Transaction date, time, and amount
  • Associated confirmations and receipts

2.4 Recipient data

When you send a product or service to a third party, we may process minimal recipient data, such as:

  • Phone number or identifier needed for delivery
  • Name (if you choose to provide it)

The user represents that they have the recipient's authorization to provide this data.

2.5 Technical and usage data

  • IP address
  • Device and browser type
  • Activity logs
  • Cookies and similar technologies (see section 9)

3. Purposes of processing

We process personal data for the following purposes:

  • Provide and operate CoraSend services
  • Process payments and execute transactions
  • Deliver digital products and services to the recipient
  • Send confirmations and notifications within the chat
  • Provide customer service and support
  • Prevent fraud, abuse, or misuse
  • Comply with legal and regulatory obligations
  • Perform internal analysis to improve our services

Personal data will not be used for purposes incompatible with those described here.

4. Legal basis for processing

Personal data is processed on the following legal bases, according to the applicable regulations in each jurisdiction:

  • Performance of a contract, to provide the requested service
  • Compliance with legal obligations
  • Legitimate interest, in matters of security, fraud prevention, and service improvement
  • Consent, when required by applicable regulations

Consent can be withdrawn at any time without affecting the lawfulness of processing prior to withdrawal.

Colombia (Law 1581 of 2012): Processing is based on the data subject's express authorization or on the exceptions provided by law.

European Union / Spain (GDPR): Processing is based on Article 6 of Regulation (EU) 2016/679.

United States: For users in California, we apply the rights recognized by the California Consumer Privacy Act (CCPA). For other states, we follow applicable federal regulations and current state laws.

5. Data retention

We retain personal data only for the time necessary to:

  • Fulfill the purpose for which it was collected
  • Comply with legal, accounting, and tax obligations
  • Resolve disputes or claims

Once these periods have ended, data will be deleted, anonymized, or securely archived in accordance with applicable regulations.

6. Disclosure of data to third parties

We may share personal data, only when necessary, with:

  • Technology and infrastructure providers
  • Payment and transaction processing providers
  • Digital product and prepaid service providers
  • Fraud prevention and verification services
  • Legal or regulatory authorities, when required

These third parties will process the data according to our instructions and applicable data protection laws. We do not sell personal data to third parties.

7. International data transfers

Personal data may be processed or stored outside the user's country of residence, including the European Union or other countries. In all cases, CoraSend ensures that such transfers are carried out under appropriate legal mechanisms, such as standard contractual clauses approved by the European Commission, adequacy decisions, or other mechanisms recognized by applicable regulations in Colombia, the EU, and the United States.

8. User rights

As a user, you have the right to exercise the following rights over your personal data, according to your jurisdiction's regulations:

  • Access: know what data we process about you
  • Rectification: correct inaccurate or incomplete data
  • Deletion: request the deletion of your data
  • Restriction or objection: restrict or object to certain uses of your data
  • Portability: receive your data in a structured format (applies under GDPR)
  • Withdrawal of consent: at any time, without retroactive effect
  • California users (CCPA): right to know, delete, and opt out of the sale of personal data

To exercise any of these rights, email us at: info@corasend.com

We will respond within the timeframes established by applicable regulations (maximum 15 business days in Colombia, 30 days under GDPR, 45 days under CCPA).

9. Cookies and similar technologies

CoraSend may use cookies or similar technologies to:

  • Ensure site functionality
  • Analyze usage and improve the user experience

Where applicable, we will request your consent for non-essential cookies. The details of the cookies used are described in our Cookie Policy, available on the website.

10. Information security

We apply reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or disclosure.

However, no system is completely secure. In the event of a security breach affecting your data, we will notify you in accordance with the timeframes and requirements established by applicable regulations.

11. Links to third parties

Our site or channels may contain links to third-party sites. CoraSend is not responsible for the privacy practices of those sites and we recommend reviewing their policies before providing personal data.

12. Changes to this policy

We may update this Privacy Policy from time to time. Any material changes will be communicated through our official channels. Continued use of the service after changes implies acceptance of the updated policy.

13. Contact

For any questions related to this Privacy Policy, you can contact us at:

info@corasend.com