Cohere states that content you submit through its services may be used to train and improve its AI models, unless you are covered by a separate enterprise agreement with different terms.
This analysis describes what Cohere's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision determines whether the prompts, documents, and queries you submit to Cohere's AI services are retained and used to further develop Cohere's models, which has implications for confidentiality of submitted content and data minimization obligations.
Interpretive note: The exact language of this provision could not be directly extracted from the truncated HTML document; the description is based on available document fragments and the policy's stated scope. Enterprise tier distinctions add interpretive complexity.
The updated policy removes explicit language describing data retention timelines and deletion request procedures that were previously available. The prior policy stated that Enterprise Users' inputs and outputs were retained for 30 days, that Trial Users and Researchers were not intended to process personal information, and that deletion requests would normally be responded to within one month (up to three months for complex requests). The updated policy now contains only a general reference to 'retention practices' without specifying these timelines, response windows, or user-type distinctions. Users cannot determine from the updated policy what retention periods apply to their account category or what timeline to expect for deletion requests.
View change record →Under the default terms, inputs submitted through standard service tiers may be used for AI model training, meaning content you provide to the service could influence future model outputs. Enterprise API customers may have contractual protections that limit or exclude this use.
How other platforms handle this
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
Depending on where you are located, you may have certain rights regarding your personal information, including the right to access, correct, delete, or restrict processing of your personal information, the right to data portability, and the right to object to or withdraw consent for certain processi...
Depending on your location, you may have certain rights regarding your personal data, including the right to access, correct, delete, or port your data. EU and UK users may also have the right to object to or restrict certain processing. California residents may have the right to know, delete, corre...
Monitoring
Cohere has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may use the inputs and outputs from your use of our Services to improve and train our AI models. If you are an enterprise API customer, your agreement with us may contain different terms regarding the use of your data for model training.— Excerpt from Cohere's Cohere Privacy Policy
(1) REGULATORY LANDSCAPE: This provision engages GDPR Articles 5, 6, and 9 regarding lawful basis and purpose limitation for processing personal data, particularly where user inputs contain personal data of third parties. The EU AI Act may also engage depending on the classification of the model and use case. Enforcement authority is the relevant EU supervisory authority for EEA-based users and the ICO for UK users. The provision may require evaluation under GDPR's purpose limitation and data minimization principles if the original collection basis does not explicitly cover model training. (2) GOVERNANCE EXPOSURE: High. The use of user-submitted content for AI model training is an area of active regulatory scrutiny in the EU and UK. Where inputs contain personal data of individuals who have not consented to training use, the lawful basis for this processing may be contested. The distinction between consumer and enterprise tiers creates differentiated risk exposure depending on the customer category. (3) JURISDICTION FLAGS: EU and EEA users face the highest exposure given GDPR's strict purpose limitation and lawful basis requirements. UK users face similar exposure under UK GDPR. California users may have rights under CCPA to opt out of certain uses of their personal information. The provision does not specify whether training use constitutes a sale or sharing under CCPA, which may require further evaluation. (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers deploying Cohere's API should verify whether their commercial agreement explicitly limits or excludes training use of their submitted inputs. Procurement teams should treat the default policy terms as a baseline and negotiate explicit exclusions if confidentiality of submitted content is a business or regulatory requirement. The policy asserts differentiated treatment for enterprise customers but the specific contractual mechanism is not detailed in the privacy policy itself. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should assess whether their use case involves submission of personal data or confidential business information through the API and whether the default training terms are acceptable. Organizations subject to professional confidentiality obligations, such as legal, healthcare, or financial services firms, should evaluate whether use under default terms is consistent with those obligations and should seek enterprise agreements with explicit training exclusions if necessary.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision determines whether the prompts, documents, and queries you submit to Cohere's AI services are retained and used to further develop Cohere's models, which has implications for confidentiality of submitted content and data minimization obligations.
Under the default terms, inputs submitted through standard service tiers may be used for AI model training, meaning content you provide to the service could influence future model outputs. Enterprise API customers may have contractual protections that limit or exclude this use.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Cohere.