Colla Privacy Policy

Last Updated: February 24, 2026

Effective Date: February 24, 2026

Colla (hereinafter referred to as "we") respects and protects the personal information and privacy of all users. To provide you with more accurate, personalized services and a safer internet environment, we have developed this Privacy Policy in accordance with applicable data protection laws and regulations, including the EU General Data Protection Regulation (GDPR), Singapore's Personal Data Protection Act (PDPA), and other relevant laws and regulations.

This policy is closely related to the Colla products and services you use. When you download, install, launch, browse, register, log in, or use our products and services, we will process and protect your personal information in accordance with this policy.

Please carefully read and fully understand this policy before using our products and services. If you do not agree with the content of this policy, our products and services may not function properly. Your use or continued use of our products and services indicates that you fully understand and agree to the entire content of this Privacy Policy.

About Us
Colla is an AI-powered website building platform that helps users quickly generate professional websites through natural language conversations. Operated by Subvetron, contact email: subvertron@subvertron.com

Important Notice: This application uses Anthropic Claude AI services provided through Amazon Web Services (AWS) Bedrock to implement intelligent website building features. When you use AI features, your conversation content will be sent to AWS for processing. For detailed information, please refer to Sections 1 and 6 of this policy.

1. How We Collect and Use Your Personal Information

Colla is an AI-powered website building platform where users can describe their needs in natural language, and AI automatically generates websites. We collect and use your personal information following the principles of legitimacy, legality, and necessity.

1.1 Account Registration and Login

  • When you register an account, we collect your phone number or email address for account creation and identity verification
  • You may choose to log in using third-party accounts (such as WeChat, Apple ID), and we will obtain basic information authorized by the third-party platform
  • You may voluntarily provide profile information such as avatar and nickname; not providing these will not affect basic functionality

1.2 AI Website Building Service

  • When you use the AI website building feature, we collect your conversation content and website building requirements to generate websites that meet your needs
  • We save your website project data, including page content, design configurations, publishing settings, etc.
  • If you upload images, files, or other materials, we store this content for website display
Important Notice Regarding AI Services:

To provide you with AI intelligent website building functionality, we use the Anthropic Claude AI model through Amazon Web Services (AWS) Bedrock service to process your website building requirements.

Data Sent:

  • Your conversation content and website building requirement descriptions
  • Images, files, and other materials you upload (if any)
  • Context information during the website generation process

Data Recipient: Amazon Web Services (AWS) - provides Anthropic Claude AI service as a data processor

Data Purpose: Used solely to understand your requirements and generate corresponding website content; will not be used for other purposes

Data Protection: AWS commits that your data will not be shared with the model provider and will not be used for training or improving AI models. Data is encrypted during both transmission and storage

Compliance Certifications: AWS Bedrock has obtained multiple international compliance certifications including ISO, SOC, HIPAA, and GDPR

1.3 Device and Security Information

  • To ensure secure service operation, we collect device information (device model, operating system version, device identifiers)
  • We collect network information (IP address, network type, carrier information) for security risk control
  • We collect log information (access time, operation records) for troubleshooting and service optimization

1.4 Customer Service

When you contact customer service or submit feedback, we collect the problem description and contact information you provide to respond to and resolve your issues in a timely manner.

2. How We Share, Transfer, and Publicly Disclose Your Personal Information

2.1 Sharing

We will not share your personal information with any company, organization, or individual, except:

  • With your explicit prior authorization and consent
  • As required by laws and regulations or by administrative or judicial authorities
  • Sharing with authorized partners: To provide services, we may share necessary information with technical service providers, including cloud storage services, content moderation services, etc. We conduct strict security assessments and oversight of our partners
AI Service Data Sharing Notice:

When you use the AI website building feature, we send your conversation content, website building requirements, and related materials to Amazon Web Services (AWS) Bedrock service for processing, which uses the Anthropic Claude AI model.

Types of Data Shared:

  • Your text conversation content
  • Images, files, and other materials you upload
  • Context information needed for website generation

Purpose of Sharing: Used solely for AI to understand your requirements and generate website content

AWS Data Protection Commitments:

  • Only processes your data within the scope necessary to provide AI services
  • Your data will not be shared with the model provider (Anthropic) and will not be used for training AI models
  • Uses industry-leading security technology to protect your data (encryption in transit and at rest)
  • Complies with GDPR, HIPAA, and other international data protection standards
  • AWS will not access your content unless with your consent or as required by law

Legal Basis: AWS has signed a formal Data Processing Agreement (DPA), see: AWS Data Processing Addendum

2.2 Transfer

Unless we obtain your explicit consent, we will not transfer your personal information to any company, organization, or individual. In the event of a merger, division, or dissolution, we will inform the receiving party and require them to continue to comply with this policy.

2.3 Public Disclosure

We will not publicly disclose your personal information unless we have obtained your explicit consent or as required by laws and regulations.

3. How We Store and Protect Your Personal Information

3.1 Storage

  • Your account information, website project data, and other personal information are stored on servers in Singapore
  • We retain your personal information only for the period necessary to fulfill service purposes
  • After you delete your account, we will delete or anonymize your personal information within a reasonable period
Special Notice Regarding AI Service Data Storage:

When you use the AI website building feature, your conversation content and website building requirements are processed through the AWS Bedrock service. This data may be processed on servers in the Asia-Pacific region (such as Singapore, Tokyo, Seoul, etc.) or other regions within AWS's global infrastructure.

Data Transfer Safeguards:

  • AWS has obtained GDPR, ISO, SOC, HIPAA, and other international data protection certifications
  • AWS has signed Standard Contractual Clauses (SCCs) to ensure compliance of data transfers
  • Data is encrypted throughout transmission and storage
  • AWS commits that your data will not be used for training AI models or other commercial purposes
  • AWS will not access your content unless with your consent or as required by law

For detailed data transfer information, please refer to Section 6 "Third-Party AI Service Details" of this policy.

3.2 Security Protection

  • We employ industry-standard security measures, including encrypted data transmission (HTTPS/TLS), encrypted data storage, and access controls
  • We have established data security management systems, provide security training to employees, and limit access to personal information
  • We have developed contingency plans; in the event of a security incident, we will promptly notify you and report to regulatory authorities
Please note: The internet is not an absolutely secure environment. Please keep your account password safe and do not share it with others. If you discover any account anomalies, please contact us immediately.

4. How You Can Manage Your Personal Information

You can manage your personal information in the following ways:

  • Access and Correct: View and modify your profile through the account settings page
  • Delete: You can delete your website projects and uploaded materials
  • Obtain a Copy: You can contact us to obtain a copy of your personal information

5. How to Delete Your Account

You can delete your account directly through [Settings - Delete Account]. After account deletion:

  • Your account will no longer be accessible for login or use
  • Your website projects will be deleted (published websites will be taken offline)
  • Except for information required to be retained by law, your personal information will be deleted or anonymized

Account deletion is irreversible; please proceed with caution.

6. Third-Party AI Service Details

6.1 AI Service Provider Information

Service Architecture:

  • Cloud Service Provider: Amazon Web Services (AWS)
  • AI Service Platform: AWS Bedrock
  • AI Model Provider: Anthropic, Inc.
  • AI Model: Claude Large Language Model
  • Service Purpose: Providing AI intelligent website building functionality for Colla users

6.2 Data Processing Details

Data we send to the AWS AI service includes:

  • Your conversation text content
  • Your website building requirement descriptions
  • Images, files, and other materials you upload (if any)
  • Conversation history (to maintain context continuity)

Data we do NOT send:

  • Your account passwords
  • Your phone numbers or email addresses
  • Your payment information
  • Your device identifiers

AWS Bedrock Data Protection Commitments:

  • Your data will not be shared with the model provider (Anthropic)
  • Your data will not be used for training or improving foundational AI models
  • Data is encrypted during transmission and at rest
  • Encryption keys are managed through AWS Key Management Service (KMS)
  • Supports AWS PrivateLink private connections without traversing the public internet

6.3 Data Security Measures

  • Transit Encryption: All data sent to AWS is encrypted via HTTPS/TLS
  • Storage Encryption: AWS encrypts data at rest, with keys managed through AWS KMS
  • Access Control: Strict access controls implemented through AWS IAM and AWS Organizations
  • Data Minimization: We only send the minimum data necessary for AI website generation
  • No Training Usage: AWS commits that your data will not be shared with model providers or used for training or improving AI models
  • Security Monitoring: Security monitoring and auditing through AWS CloudTrail and Amazon CloudWatch
  • Compliance Certifications: AWS Bedrock has obtained ISO, SOC, HIPAA, GDPR, FedRAMP, and other international certifications

6.4 Third-Party Privacy Policies and Legal Documents

AWS Documentation:

Anthropic Documentation:

6.5 Data Processing Agreement

Detailed Data Processing Terms:

Our service relationship with AWS is governed by the AWS Data Processing Addendum (DPA), which specifies the terms and responsibilities for data processing in detail.

You can view the complete Colla Data Processing Agreement for more details.

7. Other Third-Party Services

In addition to AI services, Colla may contain other third-party services or links. When you use third-party services, you are subject to the terms of service and privacy policies of those third parties. We recommend that you carefully read the privacy policies of third parties.

For websites you generate and publish through Colla, you are solely responsible for the collection and use of visitor information. Please ensure your website complies with relevant laws and regulations.

8. Use of Cookies and Similar Technologies

We use cookies and similar technologies to:

  • Remember your login status to avoid repeated logins
  • Analyze service usage to optimize user experience
  • Ensure service security

You can manage or delete cookies through your browser settings, but this may affect the normal use of some features.

9. Protection of Minors

Special Notice: If you are a minor under 18 years of age, please read this policy under the guidance of your guardian and use our services only after obtaining your guardian's consent.

We attach great importance to the protection of minors' personal information. If we discover that we have collected personal information from a minor without guardian consent, we will promptly delete the relevant data.

If guardians have any questions about minors' use of our services, please contact us through the contact information provided in this policy.

10. Privacy Policy Updates

We may update this policy in response to product updates and legal requirements. We will notify you of updated policies before they take effect through in-app notifications or other reasonable means.

Without your explicit consent, we will not diminish the rights you enjoy under this policy.

11. How to Contact Us

If you have any questions, comments, or suggestions about this Privacy Policy, you can contact us through the following methods:

We will respond to your request as soon as possible after verifying your identity.