Colla

Privacy

Privacy Policy

Colla helps organize materials and gather context for external tools. This policy describes what we store, what we avoid storing, and how to contact us about your data.

What Colla Stores

  • Account information such as email and profile for authentication.
  • Workspace, course, folder, Context Set, and file metadata such as names, locations, and classifications.
  • Redacted source URLs. Query parameters that may contain session tokens are stripped at capture.
  • Encrypted Google OAuth tokens when you connect Drive, stored server-side only.

What Colla Does Not Store By Default

  • Your file bytes on Colla servers. Uploads go to your Google Drive or remain local depending on the capture path.
  • Full LMS or source URLs with authentication query parameters.
  • Materials sent silently to AI tools in the background. Colla prepares context for user-directed handoff.

Subprocessors

  • Supabase: database and authentication.
  • Google: Drive storage and OAuth. Your files remain in your Google account.
  • Vercel: application hosting and standard request logs.

Your Choices

  • Disconnect Google Drive in Settings to remove the connection.
  • Request metadata export or account deletion through Contact.
  • Read a plain-language explanation of ownership and storage on the Trust page.

Contact

Questions about privacy: email hello@colla.app.

Last updated: June 2026. Technical detail lives in the Colla security documentation in the repository.