Privacy Policy

Effective Date: January 1, 2026

Last Updated: January 6, 2026

Introduction

Cohrt ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI persona platform (the "Service") available at https://www.cohrt.ai.

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

Information We Collect

We collect several types of information from and about users of our Service:

Account Information

• Name and Contact Information: Full name, email address, and role (owner or member)
• Authentication Data: Account credentials managed through authentication platforms
• Profile Information: Avatar images and any additional profile details you provide

Conversation Data

• Messages: All messages exchanged between users and AI agents, including:
  • User messages and queries
  • AI agent responses
  • Conversation metadata (timestamps, categories, confidence scores)
• Conversation Context: Agent configurations, system prompts, and conversation history
• Participant Information: Users who are invited to or participate in conversations

File Uploads

• Documents: PDFs, text files, resumes, and other documents you upload to enhance agent knowledge
• File Metadata: File names, sizes, upload dates, and processing status
• Content: The actual content of uploaded files for processing and retrieval-augmented generation (RAG)

Integration Credentials

• Encrypted Credentials: Personal Access Tokens (PATs) and API keys for third-party integrations (GitHub, ClickUp, Harvest, Sanity, Contentful, WordPress, etc.)
• Integration Configuration: Settings, repository selections, workspace configurations, and other integration-specific data
• Usage Data: Information about how integrations are used within conversations

Usage and Technical Data

• Activity Logs: Actions performed in the platform (agent creation, file uploads, integration connections, etc.)
• Technical Information: IP address, browser type and version, device information, operating system
• Usage Analytics: How you interact with the Service, features used, and performance metrics
• Error Logs: Technical error information for troubleshooting and service improvement

Email Communication

• Email Addresses: Used for transactional emails (invitations, password resets, notifications)
• Email Logs: Records of emails sent, delivery status, and engagement metrics

How We Use Information

We use the information we collect for the following purposes:

Service Provision

• AI Agent Functionality: Process conversations, generate responses using AI models, and retrieve relevant information from your knowledge sources
• Integration Management: Connect to and interact with third-party services as configured
• File Processing: Process and index uploaded documents for knowledge retrieval
• User Management: Manage accounts, roles, permissions, and team access

Service Improvement

• Analytics: Analyze usage patterns to improve our Service, features, and user experience
• Performance Monitoring: Monitor system performance, identify issues, and optimize functionality
• Feature Development: Develop new features and capabilities based on usage patterns

Communication

• Transactional Emails: Send necessary service-related emails (invitations, password resets, notifications)
• Support: Respond to your inquiries, provide customer support, and address technical issues

Security and Compliance

• Security: Protect against fraud, unauthorized access, and security threats
• Compliance: Comply with legal obligations, enforce our terms of service, and protect our rights
• Audit Logging: Maintain records of actions for security auditing and compliance

Data Storage and Security

Storage Location

Your data is stored securely using Supabase, which provides:

• Database: PostgreSQL database hosted on Supabase infrastructure
• File Storage: Supabase Storage for uploaded documents and files
• Authentication: Secure authentication and session management

Security Measures

We implement industry-standard security measures to protect your information:

• Encryption:
  • Data encrypted in transit using TLS/SSL
  • Data encrypted at rest in our database
  • Integration credentials encrypted using AES-256-GCM before storage
• Access Controls:
  • Row-Level Security (RLS) policies ensure account isolation
  • Role-based access control (owners vs. members)
  • Multi-tenant architecture with account-level data segregation
• Authentication: Secure password hashing and session management through Supabase
• Network Security: Firewalls, intrusion detection, and regular security audits

Data Access

• Only authorized personnel have access to your data, and only for legitimate business purposes
• We do not sell, rent, or trade your personal information to third parties
• Your data is accessible only to you and authorized team members within your account

Third-Party Services

We use the following third-party services that may have access to your information:

Essential Services

• Supabase: Database, authentication, and file storage services. Privacy Policy
• Vercel: Hosting and deployment infrastructure. Privacy Policy
• Resend: Email delivery service for transactional emails. Privacy Policy
• OpenRouter: AI model access and routing. Privacy Policy

Integration Services

When you connect integrations, your data may be shared with:

• GitHub: Repository access and code interactions. Privacy Policy
• ClickUp: Project management and task data. Privacy Policy
• Harvest: Time tracking and project data. Privacy Policy
• Sanity: Content management system. Privacy Policy
• Contentful: Content management system. Privacy Policy
• WordPress: Content management system for blog posts and pages. Privacy Policy

Data Sharing with Third Parties

• We only share data with third-party services necessary to provide our Service
• Integration credentials are encrypted and stored securely
• Third-party services process data according to their own privacy policies
• We do not share your personal information with third parties for their marketing purposes

Cookies and Tracking

Cookies We Use

• Authentication Cookies: Essential for maintaining your login session
• Session Management: Cookies to manage your session state and preferences
• Security: Cookies to enhance security and prevent fraud

Cookie Management

• Most cookies are essential for the Service to function properly
• You can control cookies through your browser settings
• Disabling cookies may affect the functionality of the Service

Analytics

• We may use analytics services to understand how our Service is used
• Analytics data is aggregated and anonymized
• We do not use cookies for advertising or cross-site tracking

User Rights

You have the following rights regarding your personal information:

Access

• View Your Data: Access your account information, conversations, and uploaded files through the Service dashboard
• Export Data: Request a copy of your data in a machine-readable format

Correction

• Update Information: Update your account information, profile details, and preferences at any time through the Service
• Correct Errors: Contact us to correct any inaccurate information

Deletion

• Delete Account: Request deletion of your account and associated data
• Delete Conversations: Delete individual conversations or messages
• Delete Files: Remove uploaded files from your account

Data Portability

• Export Your Data: Request an export of your data in a standard format
• Transfer Data: Move your data to another service if desired

Opt-Out

• Email Communications: Unsubscribe from non-essential emails (transactional emails cannot be opted out of)
• Data Processing: Request limitations on how we process your data

Exercising Your Rights

To exercise any of these rights, please contact us at privacy@cohrt.ai or through your account settings. We will respond to your request within 30 days.

Data Retention

Active Accounts

• We retain your data for as long as your account is active and you use our Service
• Data is retained to provide ongoing service and support

Deleted Accounts

• When you delete your account, we will delete or anonymize your personal information
• Some data may be retained for a limited period for:
  • Legal compliance and record-keeping requirements
  • Fraud prevention and security purposes
  • Resolving disputes and enforcing agreements

Backup Retention

• Backups may retain deleted data for a limited period (typically 30-90 days)
• Backups are securely stored and automatically purged after the retention period

Conversation Data

• Conversation logs are retained for account owners to review and improve agent performance
• You can delete conversations at any time through the Service
• Deleted conversations are permanently removed from active systems

Children's Privacy

Our Service is not intended for children under the age of 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.

International Data Transfers

Data Location

• Your data is stored on servers located in the United States and other jurisdictions where our service providers operate
• By using our Service, you consent to the transfer of your information to these locations

Cross-Border Transfers

• We may transfer your data across international borders to provide our Service
• We ensure appropriate safeguards are in place for international data transfers
• Data transfers comply with applicable data protection laws

Data Protection Laws

• We comply with applicable data protection laws, including GDPR, CCPA, and other regional regulations
• We implement appropriate technical and organizational measures to protect your data

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

Notification of Changes

• Material Changes: We will notify you of material changes by:
  • Posting the updated Privacy Policy on this page
  • Updating the "Last Updated" date at the top of this policy
  • Sending an email notification to registered users (for significant changes)
• Review Period: We encourage you to review this Privacy Policy periodically

Continued Use

• Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy
• If you do not agree with the changes, you may discontinue use of the Service and request deletion of your account

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@cohrt.ai

Website: https://www.cohrt.ai

Address:
Cohrt
3919 S 147th St, Suite 120
Omaha, NE 68144

Data Protection Inquiries

For data protection inquiries, including requests to exercise your rights, please contact us at privacy@cohrt.ai. We will respond to your inquiry within 30 days.