The Terms of Use reference or incorporate Cohere's Privacy Policy, which governs how Cohere collects, uses, and shares user data including information submitted through the API.
This analysis describes what Cohere's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Data handling provisions define the operational scope of personal information collection and use, establish legal bases for processing, and specify third-party recipients, which determines compliance obligations and user disclosure requirements under applicable privacy laws.
Interpretive note: Specific privacy and data handling clause language was not extractable from the truncated HTML document; this provision is inferred from the document's stated scope covering the API and all content, and from standard AI API terms of service structures.
Data submitted to Cohere's API and website is subject to the Privacy Policy referenced in or incorporated by these Terms of Use; users and enterprise customers should review the Privacy Policy to understand how input data, usage data, and account information are processed and whether model training on user inputs is permitted.
How other platforms handle this
Information You Provide may include sensitive personal information, as defined under applicable state privacy laws. We process such information in accordance with applicable law, such as to provide the Services and other permitted purposes under state privacy laws, like the California Consumer Priva...
Depending on where you live, you may have certain rights regarding your personal information. These rights may include the right to know what personal information we have collected about you, the right to delete your personal information, the right to correct inaccurate personal information, the rig...
Depending on where you live, you may have certain rights regarding your personal information, including: the right to know what personal information we have collected about you; the right to delete personal information we have collected from you; the right to correct inaccurate personal information;...
Monitoring
Cohere has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
(1) REGULATORY LANDSCAPE: Data handling provisions in AI API terms engage GDPR (particularly Articles 6, 13, and 28 regarding lawful basis, transparency, and processor obligations), CCPA, and Canada's PIPEDA. Where Cohere processes personal data submitted through the API on behalf of enterprise customers, a Data Processing Agreement may be required under GDPR Article 28. The EU AI Act also imposes transparency obligations on general-purpose AI model providers regarding training data. (2) GOVERNANCE EXPOSURE: High. Enterprise customers who submit personal data to the Cohere API without a Data Processing Agreement in place may be in breach of GDPR. The question of whether Cohere uses API inputs for model training is particularly material for customers handling proprietary or sensitive data. (3) JURISDICTION FLAGS: EU/EEA organizations face the highest exposure due to GDPR's strict processor agreement requirements. California-based organizations should assess CCPA compliance, including whether any sharing of user data with Cohere constitutes a sale or sharing of personal information under California law. (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise procurement teams should request and review Cohere's Data Processing Agreement (DPA) before processing any personal data through the API. The DPA should address sub-processor lists, data retention, deletion rights, and breach notification obligations. (5) COMPLIANCE CONSIDERATIONS: Organizations should conduct a data mapping exercise to identify what personal data, if any, is submitted to the Cohere API, confirm that an appropriate legal basis exists for that processing, and ensure that a DPA is in place before any personal data is processed.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Data handling provisions define the operational scope of personal information collection and use, establish legal bases for processing, and specify third-party recipients, which determines compliance obligations and user disclosure requirements under applicable privacy laws.
Data submitted to Cohere's API and website is subject to the Privacy Policy referenced in or incorporated by these Terms of Use; users and enterprise customers should review the Privacy Policy to understand how input data, usage data, and account information are processed and whether model training on user inputs is permitted.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Cohere.