> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cora.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# How Cora works: agents, automation, and human control

> Cora follows a build-execute-learn loop: connect your data, configure agents, let them act, review outcomes, and watch them improve over time.

Cora works through a continuous loop — connect your data, configure agents to act on it, review what they do, and let them get sharper over time. You stay in control of what agents do and when, without being in the middle of every action.

## The build-execute-learn loop

<Steps>
  <Step title="Connect your data sources">
    Start by connecting Cora to the systems your team already uses — your CRM, data warehouse, communication tools, and product analytics. Cora unifies signals from all of them into a single view of each account.

    Most teams have integrations live and customer signals flowing within one to two weeks. See [Integrations overview](/integrations/overview) for the full list of supported tools.
  </Step>

  <Step title="Configure your agents">
    Work with Cora's team to configure agents for your specific workflows. Agents learn your processes, exceptions, and edge cases — not just the standard playbook.

    You control what each agent does, which customer segments it covers, and whether it acts autonomously or waits for your approval before sending a message or updating a record.
  </Step>

  <Step title="Agents take action">
    Once configured, agents work across every channel — email, Slack, CRM, in-app — handling follow-ups, running onboarding checklists, monitoring health signals, and orchestrating renewal workflows.

    When something needs immediate attention, agents escalate to the right person with full context, so no one gets a cold handoff.
  </Step>

  <Step title="You review and approve">
    Cora surfaces what matters. Spend 15–30 minutes a day reviewing flagged signals, editing drafted messages, and approving actions — then get back to your customers.

    Every action is logged and auditable. You can see exactly what each agent did, why, and what happened next.
  </Step>

  <Step title="Agents learn and improve">
    Cora analyzes outcomes across every touchpoint — what worked, what didn't, where churn started. Agents improve continuously based on what actually drives results for your business, not generic benchmarks.

    When you add new products or change your processes, agents adapt without re-implementation.
  </Step>
</Steps>

## Keeping humans in the loop

You decide how much autonomy each agent has. Cora gives you granular control over when agents act on their own and when they ask for your sign-off first.

<CardGroup cols={2}>
  <Card title="Autonomous actions" icon="zap">
    Agents act immediately — sending messages, updating records, or triggering workflows — without waiting for approval. Best for high-volume, low-risk steps like follow-up nudges or CRM field updates.
  </Card>

  <Card title="Draft for approval" icon="circle-check">
    Agents draft the message or action and surface it for your review before anything goes out. Best for customer-facing communications or sensitive situations.
  </Card>
</CardGroup>

Rules can be configured by customer segment, risk level, or workflow type. For example, you might run onboarding nudges autonomously for SMB accounts while requiring approval for enterprise renewal outreach.

<Tip>
  Start with more approval steps while you're building confidence in a new agent. Once you've validated the outputs, you can relax the rules and let the agent run more autonomously.
</Tip>

## Security and data privacy

Cora is built for enterprise use. Your data stays yours — always.

| Standard              | Details                                                                    |
| --------------------- | -------------------------------------------------------------------------- |
| SOC 2 Type II         | Rigorously audited for how Cora manages, stores, and secures customer data |
| GDPR                  | Compliant with EU data collection, storage, and protection requirements    |
| CASA Tier 2           | Independently attested security practices for cloud applications           |
| Encryption            | All data encrypted in transit and at rest                                  |
| No model training     | Cora never uses your customer data to train or retrain any AI models       |
| Continuous monitoring | Systems monitored in real time for vulnerabilities, anomalies, and threats |

<Note>
  For the full security overview, see [cora.ai/security](https://cora.ai/security).
</Note>
