Cohere keeps your personal data for as long as your account is active or as long as is needed to run its services and meet legal obligations, without specifying a fixed retention period.
This analysis describes what Cohere's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The absence of specific retention periods means personal data including submitted inputs, account data, and usage data may be retained indefinitely as long as the account is active or legal obligations require it, without a fixed deletion timeline.
Interpretive note: Specific retention periods for individual data categories are not available from the truncated document; the description reflects the general standard retention framework referenced in comparable Cohere policy versions.
The updated policy removes explicit language describing data retention timelines and deletion request procedures that were previously available. The prior policy stated that Enterprise Users' inputs and outputs were retained for 30 days, that Trial Users and Researchers were not intended to process personal information, and that deletion requests would normally be responded to within one month (up to three months for complex requests). The updated policy now contains only a general reference to 'retention practices' without specifying these timelines, response windows, or user-type distinctions. Users cannot determine from the updated policy what retention periods apply to their account category or what timeline to expect for deletion requests.
View change record →Personal data is retained for the duration of account activity and for periods required by law, with no specific retention period stated in the policy. Users wishing to have their data deleted before these default periods should submit a deletion request to privacy@cohere.com.
How other platforms handle this
We retain personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. The specific retention periods depend on the type of information and the purposes for which it is processed.
We keep information for as long as we need it to provide our products, comply with legal obligations, or for other legitimate purposes, such as to maintain safety, security, and integrity.
After your account is deleted, we keep data about interactions you've had on our service to prevent abuse, ban evaders and others in an effort to protect and ensure the safety and security of our service and our members.
Monitoring
Cohere has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements, and for as long as your account remains active or as needed to provide you Services.— Excerpt from Cohere's Cohere Privacy Policy
(1) REGULATORY LANDSCAPE: This provision engages GDPR Article 5(1)(e) storage limitation principle, which requires that personal data be kept in a form that permits identification for no longer than necessary for the purposes for which it is processed. The lack of specific retention periods may require evaluation against GDPR's storage limitation obligations. The relevant enforcement authorities are EU supervisory authorities and the ICO. (2) GOVERNANCE EXPOSURE: Medium. Indefinite or open-ended retention tied to account activity is a commonly observed practice but may not satisfy the specificity requirements of GDPR's storage limitation principle for all data categories. AI training data retention raises additional questions about whether training data retains identifiability and how long it may be retained within model weights. (3) JURISDICTION FLAGS: EU and UK users have the most specific retention limitation rights under GDPR and UK GDPR, including the right to erasure under Article 17. California users have deletion rights under CCPA. Canadian users have rights under PIPEDA's accuracy and retention principles. (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers should negotiate specific data retention and deletion timelines in their commercial agreements and data processing addenda, particularly where regulatory obligations require defined retention limits. Procurement teams should request Cohere's data retention schedule as part of vendor onboarding. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should evaluate whether the open-ended retention policy is consistent with their own data minimization and retention obligations under applicable law. Organizations should document the retention periods applicable to each category of data processed by Cohere and confirm that Cohere's deletion mechanisms function as described upon account closure or deletion request.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The absence of specific retention periods means personal data including submitted inputs, account data, and usage data may be retained indefinitely as long as the account is active or legal obligations require it, without a fixed deletion timeline.
Personal data is retained for the duration of account activity and for periods required by law, with no specific retention period stated in the policy. Users wishing to have their data deleted before these default periods should submit a deletion request to privacy@cohere.com.
ConductAtlas has identified this type of provision across 135 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Cohere.