Privacy Policy
Cohara is operated for an invitation-only trusted-family pilot. This Privacy Policy describes Cohara's current practices for that pilot.
1. Who we are
Cohara is operated by Cohara AI Inc. (“Cohara,” “we,” “us”), 1300 Grant Ave #204, Novato, CA 94945, United States. Contact: jr@cohara.ai.
2. What this Policy covers
This Policy describes what information Cohara collects during the trusted-family pilot, how Cohara uses it, who it is shared with, how long it is kept, and what rights parents have over it.
This Policy does not cover websites or services operated by third parties (Google, Twilio, Vercel, Supabase, Resend, Anthropic), whose own privacy policies apply when their services are used.
3. Children's information — parent-provided family context
Cohara does not offer accounts to children. Children do not log in, register, or interact with the Cohara product directly. Information about children is provided by a parent or legal guardian on the child's behalf as part of parent-controlled family context (e.g., the child's first name, grade level, schedule context, observations, school name) to enable Cohara's morning-brief, action-plan, and family-context features.
Cohara treats parent-provided child information with the same protections required of “personal information” under 16 CFR Part 312 (the Children's Online Privacy Protection Act / COPPA Rule):
- We obtain parent consent before collecting it.
- We minimize what we collect to what is reasonably necessary for the parent's stated use.
- We do not sell child information.
- We do not use child information for behavioral advertising or profiling.
- We provide parents with rights of access, correction, and deletion (§7).
- We use reasonable technical and organizational measures to protect it (§9).
- We retain it only as long as reasonably necessary for the stated purpose (§8).
4. Categories of information we collect
4.1 Parent identity + account information
- Parent first name, last name (
user_profiles.first_name,user_profiles.last_name) — collected at onboarding. - Email address (
user_profiles.email) — collected at signup; used for invite, account access, account communications. - Phone number (
user_profiles.phoneand/orsms_consent_records.phone) — collected at onboarding when phone is provided. - Authentication tokens / session cookies (operational; not used for advertising).
- Parent expressive / family-context content (
family_profiles+user_profilesfields includingcultural_context,values,tone_preference,what_matters,pain_points,priorities,parent_challenges_note,priorities_note,suggestions_note,coaching_tone,language,sensitivity_settings,sharing_defaults) — parent-authored content describing the family's preferences and context; used to personalize action plans + morning brief content. - Parent consent records — per-document acceptance + version + timestamp + IP address + user-agent (
consent_records,sms_consent_records; includingdocument_version,consent_type,revoked_at,child_data_consentcolumns). - COPPA-consent flag at family level (
families.coppa_consent_given,families.coppa_consent_at).
4.2 Parent-provided family context (about children)
Cohara stores parent-provided child information in two related places: a children record for each child added to the workspace, and per-child attribution on items the parent records (calendar events, plans, tasks, artifacts). The categories captured:
- Child first name (
children.first_name). - Child last name (
children.last_name) — optional; collected only if the parent enters it. - Child grade and grade band (
children.grade,children.grade_band). - Child birthdate (
children.birthdate) — optional; collected only if the parent enters it. - Child pronouns (
children.pronouns) — optional. - Schools, activities, school type (
children.school_name,children.school_type). - Parent-narrated child attributes — strengths, interests, support needs, school-support status (
children.strengths,children.interests,children.support_needs,children.school_support_status). - Parent observations / notes about the child (
children.notes). - Child avatar choice (
children.color,children.avatar_url). - Schedules, calendar events, and tasks the parent associates with the child (
schedule_events.child_ids,tasks.related_child_id). - Parent observations, plans, action items the parent records about the child (
artifacts.raw_text,artifacts.file_urlfor parent-uploaded child documents). - AI-co-generated content attributed to the child — action plans, hypotheses, scripts (
plans.bottleneck_hypothesis,plans.script_*,plans.assumptions,plans.safety_flags,plans.escalation_guidance). These are AI inferences based on parent-provided context; the parent reviews and accepts or rejects each plan.
We do not collect child contact information (no child email, no child phone, no child home address). We do not enable children to communicate with us. The child information we hold is exclusively what the parent has chosen to record in their own family-context workspace, plus AI-co-generated inferences from that recorded context.
4.3 Co-parent / caregiver / non-account adult information
The persons table stores parent-recorded contact details of non-account adults associated with the family:
- Co-parent first + last name, email, phone (
persons.first_name,persons.last_name,persons.email,persons.phone). - Caregiver / emergency-contact names, emails, phones (
persons.is_emergency_contact,persons.can_receive_updates). - Invite token + invited_at (when the parent has invited the co-parent through the S-15 cascade or family-page Send invite).
- Service providers — third-party professional contact details the parent records (doctors, therapists, school staff). Stored in the
providerstable withname,role,email,phone,notes.
4.4 Calendar integration (Google Calendar)
- Calendar event metadata read via Google OAuth, scoped to the calendars the parent grants access to.
- Event titles, start/end times, locations, descriptions, attendee information visible to the parent.
- We do not write to the parent's Google Calendar; integration is read-only.
- We do not access calendars the parent does not grant.
4.5 SMS messages — the Cohara morning brief (optional)
If the parent opts into SMS at onboarding, Cohara collects:
- Mobile phone number.
- SMS opt-in consent record (consent copy + version + timestamp + IP + user agent).
- Inbound parent replies to the morning brief (sent to a Twilio-managed number).
- Outbound message body, message timestamps, and delivery status.
The full SMS program description (frequency, message and data rates, STOP/HELP keywords, opt-in screen rendering, sample messages) lives at SMS Consent & Messaging Practices and is summarized in §13 below.
4.6 Action plans + chat (AI-co-created content)
- Parent-authored plans, action items, observations.
- AI-co-created suggestions and brief content (see §11 — AI processing).
- Chat history (currently manually gated; not active for the trusted-family pilot).
4.7 Operational + audit data
- Request logs (request URL, status, duration; no body content unless explicitly logged).
- Audit logs for outbound dispatch events (error class + error code only; no raw error messages or stack traces).
- Deletion-request records (a record of any deletion request a parent makes, kept for audit purposes per §312.10 retention rules).
4.8 What we do NOT collect
- We do NOT collect child contact information.
- We do NOT enable children to register or communicate with us directly.
- We do NOT collect parent or child precise geolocation beyond what is implicit in a calendar event location string the parent has entered.
- We do NOT collect biometric identifiers (no facial recognition, no voiceprints, no fingerprints).
- We do NOT use behavioral-advertising or profiling identifiers.
- We do NOT operate as a “third party” data broker.
5. How we use information
We use the information in §4 only for the following purposes:
- To provide the trusted-family-pilot product — onboarding, the family-context workspace, action plans, the morning brief, the co-parent invite flow, and the deletion request flow.
- To send the Cohara morning brief SMS to parents who have opted in (see §13).
- To respond to parent support requests.
- To improve the trusted-family pilot through controlled, internal review of pilot usage (no behavioral advertising; no profiling; no sale).
- To meet legal / regulatory / security obligations.
We do not use the information for behavioral advertising. We do not use the information to build advertising profiles. We do not sell the information.
6. Who we share information with
The trusted-family pilot uses the following third-party processors. Each processor sees only what is reasonably necessary for its operational role.
| Processor | Role | Categories of information shared |
|---|---|---|
| Anthropic (Claude model) | AI processing for action-plan co-creation, in-app morning brief content, optional chat | Parent-provided family-context summaries (parent input). |
| Vercel | Hosting, serverless runtime, deployment infrastructure | HTTP request logs (URL + status + duration); no application body content unless explicitly logged. |
| Supabase | Postgres database, authentication, secure storage | All application data, scoped to per-family row-level security (RLS); service-role admin access is operator-only. |
| Twilio | SMS dispatch + inbound webhook | Phone numbers, SMS body, delivery metadata (only for parents opted into the Cohara morning brief). |
| Resend | Email dispatch (invite emails, deletion alerts) | Email addresses and email body content. |
| Google (Calendar OAuth) | Calendar event read access (only calendars the parent grants) | Operates on the parent's OAuth token; calendar data flows directly to Cohara, not via Google. |
We do not share information with any party not listed above. We do not share information with advertisers. We do not share with data brokers.
Mobile phone numbers and SMS consent information are not shared with third parties or affiliates for marketing or promotional purposes. Twilio is the SMS-delivery vendor; phone numbers are not shared with any party outside that delivery-vendor relationship.
If a co-parent is invited by a primary parent, the co-parent's email is used by Cohara only to send the co-parent the invitation and (after the co-parent accepts) to enable the co-parent's access to the same family context, subject to the same Privacy Policy.
7. Parent rights — access, correction, deletion, consent withdrawal
The parent who created a family-context workspace has the following rights with respect to the information described in §4:
- Access. Request a description of categories of information Cohara has collected, and the specific content where reasonable.
- Correction. Request that we update inaccurate information.
- Deletion. Request that we delete the family-context workspace (including parent-provided child information).
- Consent withdrawal. Withdraw consent for SMS, calendar, AI processing, or the pilot itself at any time. Withdrawal of SMS consent stops further SMS dispatch; withdrawal of calendar consent stops further calendar reads; withdrawal of overall consent triggers the deletion path (3).
- Right to refuse further collection. Direct Cohara to stop further collection of child information from the parent's workspace while leaving prior data in place.
- Right to be told what categories of personal information have been collected from a child (16 CFR §312.6).
How to exercise. Email jr@cohara.ai from the email address on the family account. We will verify the requestor is a parent on the family account before disclosing or deleting information, in a manner reasonably designed not to be unduly burdensome (16 CFR §312.6).
Response time. We will acknowledge receipt within 5 business days and complete the request within a reasonable time appropriate to the request type (typical deletion: within 30 days; access: within 30 days).
8. Retention + deletion
Cohara maintains a written data-retention policy:
- Parent identity / account information — retained for the duration of the family's pilot participation plus a reasonable wind-down period for audit / dispute resolution.
- Parent-provided child information — retained only while reasonably necessary for the parent's stated use. When the parent withdraws or deletes the family-context workspace, parent-provided child information is deleted on the operator-executed deletion path.
- Consent records (Terms / Privacy / Pilot Agreement / SMS) — retained for an audit-appropriate period after the relevant version is no longer in effect, to provide a record of consent capture per §312.5.
- Operational + audit data — retained per security / fraud-prevention / regulatory obligations.
- Calendar data — purged when the parent revokes calendar access.
- SMS data + dispatch logs — retained for an audit-appropriate period to support TCR / A2P 10DLC compliance and delivery auditing.
When information is no longer needed, Cohara deletes it using reasonable measures designed to protect against unauthorized access or use during deletion (16 CFR §312.10).
8.1 Partial-retention exception list
The following tables are retained even after a parent's account-deletion request, for compliance audit purposes:
sms_consent_records(phone number + consent copy verbatim) — retained for TCR / A2P / TCPA defense audit.signup_invitesandinvites(recipient emails) — retained as an audit trail of the original invitation.morning_brief_log(SMS dispatch records + inbound parent reply text infeedback_text) — retained for TCR / A2P / Twilio carrier-audit purposes.calendar_sync_log(diagnostic) — may persist.
9. Security
Cohara maintains a written information security program (WISP) with safeguards appropriate to data sensitivity and operator size/complexity. Components include: designated security coordinator (Justin Roberts), at-least-annual risk assessment, technical and organizational safeguards (HTTPS everywhere, per-family row-level security, service-role-key compartmentalization, audit logging, env-var-gated dispatch surfaces, signature verification on inbound Twilio webhooks), regular testing/monitoring, at-least-annual program evaluation.
No security program eliminates all risk. Parents should use a strong unique password for the email account they use with Cohara.
10. Children's privacy and COPPA
See §3 above. Cohara treats parent-provided information about children with the protections required of “personal information” under 16 CFR Part 312, the COPPA Rule.
11. AI processing
Action plans, in-app morning brief content, and (when active) chat are AI-co-created. The AI model is operated by Anthropic. AI outputs are draft suggestions for parent review — they are not professional advice and are not a substitute for parent judgment. See the AI / Vendor Disclosure for the full disclosure.
12. Pilot scope
- The trusted-family pilot is invitation-only. There is no self-serve signup.
- The pilot is operated by Cohara as a single-operator team. There is no customer-support team beyond jr@cohara.ai.
- Features may change, pause, or be removed during the pilot.
13. SMS Program — the Cohara morning brief
Cohara operates an SMS program called the Cohara morning brief for parents who explicitly opt in during onboarding. The program disclosure below is summarized; see SMS Consent & Messaging Practices for the full opt-in flow, the rendered opt-in screen, sample messages, and the consent-record schema.
- Program name: Cohara morning brief.
- Description: One short informational SMS per day per opted-in parent, summarizing the family's schedule and priorities for the day. No promotional, marketing, or third-party content is sent.
- Opt-in is explicit. Parents opt in via a dedicated on/off toggle during onboarding (screen S-13). The toggle is OFF by default and requires entering a mobile number before opt-in is captured.
- Frequency. Up to one message per day per opted-in parent.
- Message and data rates may apply. Rates are set by your mobile carrier; Cohara does not bill you for SMS.
- Opt-out. Reply STOP to any message to opt out. Cohara also honors OPTOUT, CANCEL, END, QUIT, UNSUBSCRIBE, and REVOKE as opt-out keywords.
- Help. Reply HELP (or INFO) for support instructions and a contact path.
- Support contact: privacy@cohara.ai.
- No third-party sharing. Mobile phone numbers and SMS consent information are not shared with third parties or affiliates for marketing or promotional purposes. Twilio is the SMS-delivery vendor (see §6); phone numbers are not shared with any party outside that delivery-vendor relationship.
- Consent record. The exact consent copy shown at opt-in, the consent version, IP address, and user agent are stored in the
sms_consent_recordstable for compliance auditing.
14. Changes to this Policy
We may revise this Privacy Policy. Any material revision will be communicated to parents on the family account, and re-acceptance may be required where the change materially affects parent-consent scope. Prior consent versions are retained in consent_records for audit.
15. Disputes
Disputes about this Policy or Cohara's privacy practices should first be raised by email to jr@cohara.ai.
16. Contact
- Email: jr@cohara.ai
- Cohara AI Inc., 1300 Grant Ave #204, Novato, CA 94945, United States