CA-C-001945
Cohere — Cohere Privacy Policy
Entity
Date detected
April 29, 2026
Effective date
April 29, 2026
Severity
Direction
Negative
Affected users
all users enterprise customers trial users researchers
Taxonomy
Transparency removal
Changes
−16 sentences removed · 2 sentences modified
Share 𝕏 Share in Share 🔒 PDF
Watch Cohere Get alerts when this policy changes.
Watch — Free

Event Summary

Cohere removed 16 sentences from its privacy policy that previously specified data retention practices for different user types and procedures for requesting deletion of personal information inadvertently included in platform inputs. The updated policy now provides only a general reference to retention practices without specifying the 30-day retention period for Enterprise Users, the non-processing of personal information for Trial and Researcher accounts, response timelines for deletion requests, or guidance on training data deletion. This creates operational ambiguity about what retention periods currently apply to different user categories and how deletion requests are handled.

MEDIUM

Consumer Impact

The updated policy removes explicit language describing data retention timelines and deletion request procedures that were previously available. The prior policy stated that Enterprise Users' inputs and outputs were retained for 30 days, that Trial Users and Researchers were not intended to process personal information, and that deletion requests would normally be responded to within one month (up to three months for complex requests). The updated policy now contains only a general reference to 'retention practices' without specifying these timelines, response windows, or user-type distinctions. Users cannot determine from the updated policy what retention periods apply to their account category or what timeline to expect for deletion requests.

Governance Analysis

The updated policy removes specific, quantified commitments about data retention and deletion request handling. Where users previously could reference a 30-day retention period and one-month response timeline from the policy document itself, they now encounter only a reference to external 'retention practices' without in-policy specificity. This reduction in transparency may create friction with regulatory requirements that mandate clear disclosure of data retention practices and user deletion rights, and it affects how downstream organizations can represent Cohere's data handling to their own customers.

Available Actions

Locate and review Cohere's external 'retention practices' documentation to determine what retention periods apply to your account type.

If you submitted a deletion request and have not received a response within the timeline you expect, contact privacy@cohere.com for clarification on response procedures.

If No Action Is Taken

The updated policy will apply as written, and users relying on the prior 30-day retention commitment for Enterprise data will need to verify current retention periods through the external reference.

Deletion request response timelines are no longer explicitly disclosed in the policy, and users will have no in-policy basis to contest response delays.

Key Clauses Affected

Data Retention Disclosure

Removal of explicit 30-day retention period for Enterprise Users and statement that Trial/Researcher accounts are not intended to process personal information.

Deletion Request Procedures

Removal of stated response timelines (normally one month; up to three months for complex requests) and verification procedures for deletion requests.

Full clause-by-clause analysis available with Compliance.
These clauses may change again. Get alerted when they do. Watch Cohere — Free

This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology

Evidence Verification

✓ Verified
Previous Version
870c6ae4fbd23c19db8bd5f5ce33d2fee2f5d3575a37fb4561db279652ba948d
May 2, 2026 06:38 UTC
✓ Verified
Current Version
488bfdf480383ee43b05d2cf0606a0cf1bd886fdba3687b6917cb988cc203cb6
April 29, 2026 08:11 UTC
✓ Verified
Change Detected
April 29, 2026 08:11 UTC
Analysis Methodology
✓ Verified
Source Document
https://cohere.com/privacy
Citation Record
Entity: Cohere
Document: Cohere Privacy Policy
Record ID: CA-C-001945
Captured: 2026-04-29 08:11:01 UTC
URL: https://conductatlas.com/change/2026-04-29-cohere-cohere-privacy-policy-1945/
Accessed: July 4, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.

Impact Summary

1
Protection removed
All users Removed

Users can no longer find in the privacy policy specific information about how long their data is kept or how quickly deletion requests will be answered.

For legal and compliance teams

Institutional Analysis

Assessment

The removal of specific retention period disclosures and deletion request procedures creates compliance risk under privacy frameworks that require transparency about data retention practices. GDPR Article 17 and similar regulations obligate controllers to disclose how data subjects can exercise deletion rights, including expected timelines. The prior policy's explicit statement that Trial Users and Researchers were not intended to process personal information, combined with stated deletion procedures, provided operationally useful boundaries. The updated policy's reliance on an external reference to 'retention practices' without in-document specificity may not satisfy transparency obligations depending on what the linked document contains and whether users can easily access it. Organizations using Cohere's platform for customer data processing may need to evaluate whether this change affects their own privacy notice disclosures and DPA compliance statements.

Regulatory Exposure

GDPR (Articles 5, 13, 14, 17, 21 covering data minimization, transparency, and deletion rights); CCPA (California Consumer Privacy Act, requiring disclosure of data retention practices and deletion procedures); UK Data Protection Act 2018; sector-specific frameworks (HIPAA if PHI processing applies). The removal of specific retention timelines and deletion request procedures may create friction with regulatory transparency requirements, though enforceability depends on what the referenced external 'retention practices' document actually contains and how readily accessible it is to users.

Full compliance analysis

Obligation analysis, escalation trigger, board language, and recommended action.

Monitor $19/mo Compliance $249/mo

Monitor: regulatory citations + obligations. Compliance: full compliance memo.

ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-001945.

Full Changes

See the full side-by-side comparison of every sentence added, removed, and modified.

🔒 Full diff — Monitor

Document Context

Version history → Policy drift analysis → Document page →
Document
Cohere Privacy Policy
Entity
Cohere
Captured
April 29, 2026
Source URL
https://cohere.com/privacy
Other changes to Cohere Privacy Policy
Next change May 2, 2026
Cohere updated its privacy policy on May 2, 2026 to add specific retention timelines and procedures for handling personal information. …
Low Neutral
View full version history →
More from Cohere
Jun 28, 2026 Low
Cohere Usage Policy

Cohere removed 'LLMU' from its documentation navigation index on June 28, 2026. The change appears to be a removal of …

Jun 11, 2026 Low
Cohere Usage Policy

Cohere's Acceptable Use Policy underwent documentation restructuring on June 11, 2026. The change involved removal of extensive navigation elements and …

Jun 10, 2026 Low
Cohere Usage Policy

Cohere's Acceptable Use Policy documentation was reorganized on June 10, 2026, with substantial additions to navigation and educational content in …

Track Cohere policy changes

Get alerted when this policy changes again — including what changed and why it matters.

Prefer a weekly summary instead?

Get the biggest policy changes across 320+ platforms every Sunday.