Cohere updated its privacy policy on May 2, 2026 to add specific retention timelines and procedures for handling personal information. The revised policy now explicitly states that inputs and outputs on the Platform are retained for 30 days for Enterprise Users, clarifies that Trial Users and Researchers should not be providing personal information, and establishes a process for requesting deletion of inadvertently included personal data by emailing privacy@cohere.com with a typical one-month response time. The policy also added guidance for requests related to training data, directing users to a separate Model Training Privacy Notice and noting that Cohere does not intentionally collect personal information for training purposes.
The updated policy establishes a concrete 30-day retention timeline for enterprise users' inputs and outputs on the Platform, whereas the previous version referenced retention practices without specific durations. The policy now provides an explicit process for requesting deletion of inadvertently included personal information by emailing privacy@cohere.com, with Cohere stating it normally responds within one month or up to three months for complex requests. You can request deletion of personal data by contacting privacy@cohere.com with details about the information and reasons it should not appear.
The updated policy establishes concrete operational commitments around data retention and deletion procedures that were previously generic or undefined. Enterprise customers now have explicit timelines for how long their data persists on the Platform (30 days) and a documented process for requesting deletion, which affects how organizations assess data residency, deletion compliance, and vendor risk for their own regulatory obligations.
→ If you inadvertently submitted personal information to the Cohere Platform, you can request deletion by emailing privacy@cohere.com with details about the information and reasons it should not appear
→ If your request relates to training data, review the Model Training Privacy Notice before submitting to Cohere
→ Inputs and outputs submitted to the Platform will be retained for 30 days unless deletion is requested
→ Personal information inadvertently included in submissions will persist beyond 30 days if no deletion request is made
Establishes 30-day retention for inputs and outputs on the Platform for Enterprise Users
Adds formalized process for requesting deletion of inadvertently submitted personal information via privacy@cohere.com with one-month normal response time and three-month extended timeline for complex requests
States that Platform is not intended to process personal information for Trial Users and Researchers
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
If you ask Cohere to delete personal information you accidentally submitted, they will respond within a month for straightforward requests or longer if the request is complex.
Cohere added specific retention timelines, deletion procedures, and clarifications regarding personal data handling across user categories. The changes establish concrete operational commitments: 30-day retention for enterprise users, a email-based deletion request process with defined response timeframes, and a statement that personal information should not be processed by trial and researcher accounts. These additions may reduce ambiguity in vendor contracts and data processing assessments but do not appear to create new regulatory obligations beyond existing data protection frameworks. Compliance teams should note the deletion request procedures and update internal DPA language if needed to reference the privacy@cohere.com contact point.
GDPR (Articles 12-15, 17 regarding access and erasure requests), CCPA (Section 1798.100 et seq. regarding deletion requests), applicable state privacy laws requiring response timelines for deletion requests
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Watcher: regulatory citations + obligations. Professional: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-001575.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — WatcherGet alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.