Cohere

78/100

Good disclosure · high confidence

Dealbreaker flag

Trial-user and researcher inputs are used for research and model improvement with no opt-out; only enterprise customers can control training.

Grade scaleA · 85–100B · 70–84C · 55–69D · 40–54F · 0–39

A full GDPR rights set with named transfer safeguards and a 30-day input retention figure, but the tier this policy governs (trial users and researchers) has its inputs and outputs used for research with no opt-out.

What the policy says

Trains on trial and research inputs with no opt-out for that tier

Section 2.3 says that for trial users and researchers Cohere collects the content you submit and the outputs generated and may use this input and output data to conduct research and development. Only enterprise users can control how Cohere trains on their data, so the tier this policy governs has no training opt-out. Cohere does say it takes steps to de-identify inputs and outputs before any research use.

30-day input retention named for the Platform

Section 4 states that retention of inputs and outputs on the Platform is generally 30 days for enterprise users, a concrete day-count figure, while general personal information is kept only as long as necessary for the purposes it was collected.

Full rights set with self-serve account deletion

Users get access, correction, deletion, portability in a structured and commonly-used format, objection, and restriction. Account deletion is self-serve through the Danger Zone tab in Your Profile, and the policy honors Global Privacy Control signals for sale and share opt-out.

Silent on breach notification

Section 4 on safeguards describes administrative, technical, and physical measures plus need-to-know access, but the policy states no breach notification commitment and no timeframe anywhere in the text.

Score by area

Training-data use1 of 4 disclosed

Keeps user inputs out of model training, or makes training opt-inAdverse

Names a way to opt out of or into trainingDisclosed

Says whether training use differs by plan or tierDisclosed

Lets the user keep ownership of generated outputsSilent

Data-subject rights5 of 5 disclosed

Grants a right to access your dataDisclosed

Grants a right to delete your dataDisclosed

Offers data portability in a usable formatDisclosed

Grants a right to correct your dataDisclosed

Grants a way to object to or opt out of processingDisclosed

Retention and deletion2 of 4 disclosed

States a retention period for your dataDisclosed

States a deletion timeline after closure or requestDisclosed

Sets a shorter retention for AI conversation logsDisclosed

Commits to collecting only the data it needsDisclosed

Third-party sharing4 of 5 disclosed

Lists the categories of third parties it shares withDisclosed

References a sub-processor list or data processing agreementDisclosed

Does not sell or share data for advertising, or offers opt-outDisclosed

Names a safeguard for international data transfersDisclosed

States a standard for government and law-enforcement accessDisclosed

Transparency4 of 4 disclosed

Discloses that you are interacting with AIDisclosed

Marks AI-generated or synthetic outputNot applicable

Enumerates the categories of data it collectsDisclosed

Maps processing purposes to legal basesDisclosed

Is versioned and dated, with change noticeDisclosed

Sensitive data and children1 of 2 disclosed

Discloses automated decisions and a human-review pathNot applicable

Limits the use of special-category dataDisclosed

Governs biometric data specificallyNot applicable

States protections for children's dataDisclosed

Security and accountability1 of 3 disclosed

Describes its security safeguardsDisclosed

Commits to breach notificationSilent

Names a certification or a privacy contactDisclosed

DisclosedPartialSilentAdverseNot applicable

Details

Category: Model provider
Modalities: text
Processes biometrics: No
Policy last updated: 2026-05-01
Region scored: Global / US-default
Assessed: 2026-06-20

Read Cohere's privacy policy

Each grade reflects our analysis of what an app states in its public privacy policy and terms as of the assessment date. It measures the transparency of those documents, not the company's actual data practices, security, or compliance. Grades are our opinion, offered for general information. Full disclaimer.