Cohara — Trusted-Family Pilot

AI / Vendor Processing Disclosure

This disclosure explains how Cohara uses AI processing and operational vendors during the invitation-only trusted-family pilot.

A. AI processing — Anthropic Claude

Cohara uses Anthropic's Claude model at the following code surfaces:

Action plans. app/api/plans/structure/route.js — Claude generates structured action plans (including bottleneck_hypothesis, assumptions, safety_flags, escalation_guidance, and multiple script_* fields) attributed to a specific child based on parent-recorded family-context.
Morning brief content (in-app). app/api/morning-brief/generate/route.js — Claude generates in-app brief content based on family + calendar + plan summaries. (The SMS brief path uses a deterministic renderer at lib/brief-format.js, not the AI.)
Suggestions. app/api/suggestions/generate/route.js — Claude generates suggestions based on family + child context.
Document upload. app/api/documents/upload/route.js — parent-uploaded child PDFs are sent to Claude for text extraction. Parents may upload IEPs, 504 plans, school reports, or any PDF as an artifact attributed to a child. Anthropic receives the full PDF text content.
Chat (currently not active for the trusted-family pilot). app/api/chat/route.js. When chat is active, full conversational transcripts flow to Claude.

A.1 What Anthropic receives

Anthropic receives a structured family-context summary at AI-generation time. The summary contains:

The current day's calendar events the parent has granted Cohara permission to read.
Active action plans the parent has authored or has accepted from prior suggestions.
Recent observations the parent has recorded.
The parent's input prompt (for action-plan co-creation, this is the parent's question or goal).

Anthropic does not receive:

Authentication tokens or passwords.
Service-role API keys.
The parent's email, phone number, or street address.
Other families' data (per-family row-level security isolates each family).
Children's contact information (Cohara does not collect this).
Raw audit logs.

A.2 What AI outputs are

AI outputs are draft suggestions for parent review, not professional advice and not a substitute for parent judgment. The parent accepts or rejects each suggestion. Cohara's AI does not act on the family's behalf without parent approval.

AI outputs may be incorrect, incomplete, outdated, or misaligned with the family's actual situation. The parent is the final decision-maker for any action.

B. Operational vendors

Vendor	Role	Information shared
Anthropic	AI processing (Claude) for action plans, in-app brief content, suggestions, and document text extraction.	Parent-provided family-context summaries (parent input).
Vercel	Hosting, serverless runtime, deployment infrastructure.	Request URL + status + duration; no application body content unless explicitly logged.
Supabase	Postgres database, authentication, storage.	All application data, scoped to per-family row-level security; service-role admin access operator-only.
Twilio	SMS dispatch + inbound webhook for parents opted into the Cohara morning brief.	Phone numbers, SMS body, delivery metadata.
Resend	Email dispatch (invite emails, deletion alerts).	Email addresses, email body content.
Google	Calendar read via OAuth, if the parent enables calendar integration.	Parent-granted calendar event metadata.

B.1 Data minimization

Cohara provides each vendor only the data reasonably necessary to perform the vendor's operational role. No vendor receives data outside its operational scope.

B.2 Operator / vendor access limits

Cohara operator access (Justin Roberts). The operator has service-role access to the production Supabase database for product administration. Direct production access is logged via the Supabase audit log + Vercel deployment logs. The operator does not access individual family workspace content except for (a) responding to a parent support request, (b) executing a parent-requested deletion, or (c) investigating a verified security incident.
No customer-support team. Cohara is a single-operator team. There is no support-agent population that can read family data.
Vendor access. Each operational vendor sees only the data routed to its surface (per the table above). Vendors do not have ad-hoc access to the Cohara database or workspace content.

B.3 No selling / no behavioral advertising

Cohara does not sell parent data, family data, or child data.
Cohara does not use child data for behavioral advertising or profiling.
Cohara does not participate in any data-broker arrangement.
Cohara does not allow vendors to use Cohara data for advertising or profiling purposes outside the operational role above.

C. AI safety + child considerations

Outputs are not a substitute for parent judgment. AI-co-created plans are starting points; the parent decides what to do.
No diagnostic claims. AI does not diagnose, screen, or assess any condition.
No therapeutic claims. AI is not a therapist, counselor, or coach.
No emergency reliance. AI does not detect emergencies.
Sensitivity guardrails. Cohara's prompts are scoped to family-organizing tasks. AI outputs containing safety-relevant content (medical, mental-health, abuse, etc.) include a routine reminder to consult appropriate professionals.

D. Vendor list versioning

If Cohara adds or removes a vendor, this Disclosure will be updated and re-acceptance may be required where the change materially affects the parent's understanding of data flows.

E. Contact

Email: jr@cohara.ai. Operator: Cohara AI Inc., 1300 Grant Ave #204, Novato, CA 94945, United States.