If you use Cohere's API to process personal data, a separate Data Processing Addendum applies that sets out additional privacy and data protection obligations.
This analysis describes what Cohere's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The DPA structure is the primary mechanism through which GDPR, CCPA, and other data protection obligations are operationalized in the agreement; enterprise customers processing personal data through the API must ensure the DPA is executed and that its terms are consistent with their privacy compliance obligations.
Interpretive note: The full terms of the DPA are not reproduced in this document; the adequacy of DPA protections for specific jurisdictional requirements depends on the DPA's current content at cohere.com/dpa.
The agreement states that a Data Processing Addendum applies when personal data is processed through the API; enterprise customers handling personal data of employees, customers, or other individuals must execute the DPA and ensure its terms satisfy applicable data protection law in their jurisdiction.
How other platforms handle this
Miro's processing of personal data on behalf of customers is governed by the Customer Data Processing Addendum, which is incorporated into these Terms by reference. A current list of subprocessors used by Miro is available at miro.com/legal/subprocessors-list/ and is updated from time to time.
We may access, preserve, and share information with regulators, law enforcement, or others if we believe it is reasonably necessary to: detect, prevent, and address fraud and other illegal activity; protect ourselves, you, and others, including as part of investigations; and prevent death or imminen...
Customer authorized Mistral AI to transfer Personal Data to any country deemed to have an adequate level of data protection by the European Commission. Customer also authorizes Mistral AI to perform International Data Transfers to (a) on the basis of adequate safeguards in accordance with Applicable...
Monitoring
Cohere has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"To the extent that Customer's use of the Services involves the processing of personal data, the parties agree to enter into Cohere's Data Processing Addendum (DPA), which is available at cohere.com/dpa and incorporated into this Agreement by reference upon execution.— Excerpt from Cohere's Cohere SaaS Agreement
(1) REGULATORY LANDSCAPE: The DPA structure directly engages GDPR Articles 28 (processor requirements) and 46 (transfer mechanisms), CCPA's service provider contractual requirements, and equivalent data protection frameworks in other jurisdictions. The Information Commissioner's Office (UK), EU national supervisory authorities, and the California Privacy Protection Agency are relevant enforcement bodies. (2) GOVERNANCE EXPOSURE: High. Failure to execute the DPA before processing personal data through the API may constitute a GDPR violation, as Article 28 requires that controller-processor relationships be governed by a binding written agreement specifying the nature and purpose of processing. The DPA's terms on sub-processor use, data transfer mechanisms, and data subject rights support should be reviewed against organizational compliance requirements. (3) JURISDICTION FLAGS: EU and EEA customers face the highest exposure, as GDPR's Article 28 controller-processor agreement requirement is a hard legal obligation. UK customers post-Brexit must also ensure the DPA satisfies UK GDPR requirements. California customers should confirm the DPA qualifies as a service provider agreement under CCPA. (4) CONTRACT AND VENDOR IMPLICATIONS: The DPA at cohere.com/dpa should be reviewed as part of vendor due diligence before production deployment involving personal data. Key review areas include sub-processor lists, data transfer mechanisms (Standard Contractual Clauses, adequacy decisions), data subject rights response procedures, breach notification timelines, and data deletion obligations. (5) COMPLIANCE CONSIDERATIONS: Data protection officers should complete a DPA execution before any personal data is transmitted via the API, maintain a record of processing activities that includes Cohere as a processor, and review the DPA's sub-processor provisions against organizational requirements for sub-processor approval.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The DPA structure is the primary mechanism through which GDPR, CCPA, and other data protection obligations are operationalized in the agreement; enterprise customers processing personal data through the API must ensure the DPA is executed and that its terms are consistent with their privacy compliance obligations.
The agreement states that a Data Processing Addendum applies when personal data is processed through the API; enterprise customers handling personal data of employees, customers, or other individuals must execute the DPA and ensure its terms satisfy applicable data protection law in their jurisdiction.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Cohere.