Privacy Policy

Cohara AI Inc.  |  Version 2.0  |  Effective April 11, 2026

Cohara AI Inc. (“Cohara,” “we,” “us,” or “our”) operates cohara.ai. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our platform.

1. Who This Policy Covers

Cohara accounts are created by and for adults — parents and legal guardians — aged 18 and older. We do not knowingly allow minors to create accounts. Information about children is provided solely by the parent or guardian who holds the account.

Cohara is a consumer product chosen and controlled by parents. It is not offered by or on behalf of schools, healthcare providers, or therapeutic practices as an institutional tool. Educators, therapists, tutors, and caregivers access Cohara as invited participants in a parent-managed network — not as institutional operators.

2. Information We Collect

Information you provide directly

• Account information: name, email address, phone number
• Family information: child names, ages, grades, school names
• Documents you upload: report cards, teacher feedback, therapy notes, medical information, and any other files you choose to share
• Network information: names, email addresses, and roles of co-parents, teachers, therapists, tutors, and caregivers you invite
• Preferences: communication tone, family values, daily routines, and schedule information

Information collected automatically

• Device and browser type, IP address, and operating system
• Pages visited, features used, and time spent on the platform
• Authentication tokens and session data

Information from third parties

• Google Calendar data if you connect your Google account (see Section 2a)
• Calendar data from iCal feeds you add manually

2a. Google Calendar & Google User Data

If you connect your Google account, Cohara requests access to your Google Calendar data. Specifically:

• What we access: Calendar event titles, dates, times, and descriptions from calendars you select
• How we use it: Solely to populate your morning brief and action plans within Cohara
• How we store it: In your Cohara account database under the same security controls as all other platform data
• Who we share it with: No third parties, except vendors listed in Section 6 solely to operate the platform
• Your control: Disconnect Google Calendar at any time from Settings; previously synced data remains until you delete it

We do not use Google Calendar data for advertising or analytics sold to third parties. If we change how we use Google user data, we will update this policy and request renewed consent before that change takes effect.

3. Children’s Privacy — COPPA

Cohara is a platform for parents. We do not direct our service at children and we do not knowingly collect personal information directly from children. All information about a child is provided by that child’s parent or legal guardian. See our COPPA Notice for full detail on collection, use, and parent rights.

We do not use children’s information for advertising, profiling, or any commercial purpose unrelated to the service the parent requested. We do not sell it.

4. How We Use Your Information

• To provide and improve the Cohara platform
• To generate your daily morning brief and action plans
• To send SMS messages you have opted into
• To process and respond to your requests
• To maintain the security and integrity of the platform
• To comply with legal obligations

We do not sell your information. We do not use your or your child’s information for targeted advertising.

4a. SMS Communications

If you opt in to the Cohara morning brief during onboarding, we use your mobile number solely to deliver the morning brief and to honor your STOP and HELP replies. The brief may include your children’s first names and family calendar details — event times and short event labels — to make it useful at a glance. What the brief never includes: other families’ children, raw plan or task content, teacher or caregiver names, grades, academic concerns, health or medical details, or behavioral details. We do not send marketing, promotional, or advertising messages over SMS at any time.

• Frequency: Up to 1 message per day per opted-in user.
• Message and data rates may apply. These are determined by your mobile carrier; Cohara does not bill you for SMS.
• Opt out: Reply STOP at any time to immediately unsubscribe. Cohara honors STOP, OPTOUT, CANCEL, END, QUIT, UNSUBSCRIBE, and REVOKE as opt-out keywords. Reply HELP for support instructions.
• Mobile number non-sharing: We do not sell, rent, lease, loan, trade, or otherwise share your mobile number, or any other personally identifiable information collected for SMS, with third parties or affiliates for marketing or promotional purposes. The only third party with access to your mobile number is our SMS-delivery vendor Twilio (listed in Section 6), which is contractually prohibited from using your number for any purpose other than delivering messages on Cohara’s behalf.
• Default-off opt-in: SMS is OFF by default. You must explicitly toggle SMS on and enter a valid mobile number during onboarding (screen S-13) to receive any text messages.
• Consent record: Every opt-in is stored with the exact consent text you saw, the consent version, your IP address, and your user agent for compliance auditing.

For the complete SMS opt-in flow, sample messages, and consent-record handling, see SMS Consent & Messaging Practices.

5. Legal Basis for Processing

• Contract: To provide the services you signed up for
• Consent: For SMS communications, Google Calendar access, and child-data collection
• Legal obligation: To comply with COPPA and other applicable laws
• Legitimate interest: To maintain platform security and prevent fraud

6. Vendors and Subprocessors

• Supabase — Database and authentication. Data accessed: all platform data.
• Anthropic — AI processing. Data accessed: conversation and document content.
• Vercel — Hosting and deployment. Data accessed: request logs.
• Twilio — SMS delivery. Data accessed: phone numbers, message content.
• Resend — Transactional email. Data accessed: email addresses.
• Google — OAuth authentication, Calendar sync. Data accessed: email address, calendar event data.

Each vendor is contractually prohibited from using your data for any purpose beyond providing their service to Cohara.

7. Data Retention

We retain your information for as long as your account is active. When you delete your account, all associated data — including all information about your children — is permanently deleted within 30 days. We do not retain identifiable family data beyond that window.

8. Your Rights

• Access: All information we hold about you and your children
• Correct: Inaccurate information
• Delete: Your account and all associated data permanently
• Revoke: Access granted to network members at any time
• Opt out: Of SMS communications at any time by replying STOP
• Disconnect: Google Calendar or other connected services at any time from Settings

Go to Settings → Privacy & Data Rights or contact privacy@cohara.ai. We will respond within 30 days.

9. Security

We use industry-standard security measures including encrypted data transmission (TLS), encrypted storage, row-level security controls, and access logging. No method of transmission over the internet is 100% secure. If we become aware of a security breach affecting your data, we will notify you as required by applicable law.

10. Changes to This Policy

We will notify you of material changes by email or prominent in-app notice. For changes affecting how we use Google user data, we will request renewed consent before the change takes effect. Continued use after other changes take effect constitutes acceptance.

11. Contact

Cohara AI Inc.  |  privacy@cohara.ai  |  cohara.ai

State of incorporation: California