Cohere removed 16 sentences from its privacy policy that previously specified data retention practices for different user types and procedures for requesting deletion of personal information inadvertently included in platform inputs. The updated policy now provides only a general reference to retention practices without specifying the 30-day retention period for Enterprise Users, the non-processing of personal information for Trial and Researcher accounts, response timelines for deletion requests, or guidance on training data deletion. This creates operational ambiguity about what retention periods currently apply to different user categories and how deletion requests are handled.
The updated policy removes explicit language describing data retention timelines and deletion request procedures that were previously available. The prior policy stated that Enterprise Users' inputs and outputs were retained for 30 days, that Trial Users and Researchers were not intended to process personal information, and that deletion requests would normally be responded to within one month (up to three months for complex requests). The updated policy now contains only a general reference to 'retention practices' without specifying these timelines, response windows, or user-type distinctions. Users cannot determine from the updated policy what retention periods apply to their account category or what timeline to expect for deletion requests.
The updated policy removes specific, quantified commitments about data retention and deletion request handling. Where users previously could reference a 30-day retention period and one-month response timeline from the policy document itself, they now encounter only a reference to external 'retention practices' without in-policy specificity. This reduction in transparency may create friction with regulatory requirements that mandate clear disclosure of data retention practices and user deletion rights, and it affects how downstream organizations can represent Cohere's data handling to their own customers.
→ Locate and review Cohere's external 'retention practices' documentation to determine what retention periods apply to your account type.
→ If you submitted a deletion request and have not received a response within the timeline you expect, contact privacy@cohere.com for clarification on response procedures.
→ The updated policy will apply as written, and users relying on the prior 30-day retention commitment for Enterprise data will need to verify current retention periods through the external reference.
→ Deletion request response timelines are no longer explicitly disclosed in the policy, and users will have no in-policy basis to contest response delays.
Removal of explicit 30-day retention period for Enterprise Users and statement that Trial/Researcher accounts are not intended to process personal information.
Removal of stated response timelines (normally one month; up to three months for complex requests) and verification procedures for deletion requests.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
Users can no longer find in the privacy policy specific information about how long their data is kept or how quickly deletion requests will be answered.
The removal of specific retention period disclosures and deletion request procedures creates compliance risk under privacy frameworks that require transparency about data retention practices. GDPR Article 17 and similar regulations obligate controllers to disclose how data subjects can exercise deletion rights, including expected timelines. The prior policy's explicit statement that Trial Users and Researchers were not intended to process personal information, combined with stated deletion procedures, provided operationally useful boundaries. The updated policy's reliance on an external reference to 'retention practices' without in-document specificity may not satisfy transparency obligations depending on what the linked document contains and whether users can easily access it. Organizations using Cohere's platform for customer data processing may need to evaluate whether this change affects their own privacy notice disclosures and DPA compliance statements.
GDPR (Articles 5, 13, 14, 17, 21 covering data minimization, transparency, and deletion rights); CCPA (California Consumer Privacy Act, requiring disclosure of data retention practices and deletion procedures); UK Data Protection Act 2018; sector-specific frameworks (HIPAA if PHI processing applies). The removal of specific retention timelines and deletion request procedures may create friction with regulatory transparency requirements, though enforceability depends on what the referenced external 'retention practices' document actually contains and how readily accessible it is to users.
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Monitor: regulatory citations + obligations. Compliance: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-001945.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — MonitorCohere removed 'LLMU' from its documentation navigation index on June 28, 2026. The change appears to be a removal of …
Cohere's Acceptable Use Policy underwent documentation restructuring on June 11, 2026. The change involved removal of extensive navigation elements and …
Cohere's Acceptable Use Policy documentation was reorganized on June 10, 2026, with substantial additions to navigation and educational content in …
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.