Cohere states that it shares your personal information with companies it works with to operate its services, and also discloses that your data could be transferred to another company if Cohere is acquired or merges with another organization.
This analysis describes what Cohere's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision authorizes disclosure of personal data to a defined category of third-party service providers and in corporate transaction contexts, which means your data may be accessible to multiple external parties beyond Cohere itself.
Interpretive note: The exact list of named or categorized third parties could not be confirmed from the truncated document; the description reflects standard provisions referenced in the policy's stated scope.
The updated policy removes explicit language describing data retention timelines and deletion request procedures that were previously available. The prior policy stated that Enterprise Users' inputs and outputs were retained for 30 days, that Trial Users and Researchers were not intended to process personal information, and that deletion requests would normally be responded to within one month (up to three months for complex requests). The updated policy now contains only a general reference to 'retention practices' without specifying these timelines, response windows, or user-type distinctions. Users cannot determine from the updated policy what retention periods apply to their account category or what timeline to expect for deletion requests.
View change record →Personal information including account data and usage information may be shared with cloud hosting, analytics, payment processing, customer support, and marketing vendors, and may be transferred to a successor entity in the event of a merger or acquisition without requiring additional consent under the stated terms.
How other platforms handle this
We may also share your personal information with third parties that assist us in providing our services, or where we are under an obligation to report to. But rest assured: we will only ever share your personal information in the limited circumstances described in this Policy.
We may share your personal information with third parties in the following circumstances: With service providers who perform services on our behalf, such as data analytics, marketing, customer service, and technology services. With financial partners, including banks, brokerage firms, and payment pr...
We may share your information with third parties that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance. We may also share your information with business partners who offer products or services that...
Monitoring
Cohere has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may share your personal information with third-party service providers who perform services on our behalf, including cloud hosting, analytics, payment processing, customer support, and marketing services. We may also share your information in connection with a corporate transaction such as a merger, acquisition, or sale of assets.— Excerpt from Cohere's Cohere Privacy Policy
(1) REGULATORY LANDSCAPE: This provision engages GDPR Article 28 regarding data processor agreements, Article 44 et seq. regarding cross-border data transfers, and CCPA provisions on service providers and third-party disclosures. The distinction between processors and independent controllers is relevant to determining whether GDPR Article 28 agreements are required with each disclosed third party. The FTC and relevant EU supervisory authorities are the primary enforcement bodies. (2) GOVERNANCE EXPOSURE: Medium. The enumeration of service provider categories without naming specific vendors is standard industry practice but creates a data mapping challenge for organizations that require a complete inventory of sub-processors. The corporate transaction provision is standard but operationally significant because it permits transfer of personal data to an acquiring entity without individual notice or consent, subject to the policy's terms. (3) JURISDICTION FLAGS: GDPR requires that transfers to sub-processors be governed by Article 28-compliant data processing agreements and that cross-border transfers rely on an adequate transfer mechanism. EU and UK enterprise customers should verify that Cohere maintains current sub-processor lists and that DPAs with sub-processors are in place. California users should evaluate whether third-party disclosures described here constitute sharing under CCPA. (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers should request Cohere's current sub-processor list and evaluate each listed party against their own vendor risk frameworks. The corporate transaction clause may trigger notification obligations under some enterprise agreements and should be reviewed by procurement and legal teams. Data processing addenda should address sub-processor change notification periods and objection rights. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should request Cohere's sub-processor list and ensure that the categories of third parties described in this provision are reflected in their own records of processing activities. The corporate transaction provision should be flagged for review if the organization has contractual data localization or confidentiality requirements that could be affected by a change in Cohere's ownership.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision authorizes disclosure of personal data to a defined category of third-party service providers and in corporate transaction contexts, which means your data may be accessible to multiple external parties beyond Cohere itself.
Personal information including account data and usage information may be shared with cloud hosting, analytics, payment processing, customer support, and marketing vendors, and may be transferred to a successor entity in the event of a merger or acquisition without requiring additional consent under the stated terms.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Cohere.