Legal

Privacy Policy

Effective Date: June 1, 2026

This Privacy Policy explains how coThink ("coThink," "we," "our," or "us") collects, uses, stores, shares, and protects information when you use our websites, applications, APIs, collaboration workspaces, guided sessions, personal advisor features, and related services (collectively, the "Services").

By using the Services, you acknowledge the practices described in this Privacy Policy.

1. Scope

This Privacy Policy applies to information collected through:

• The coThink website
• coThink applications
• coThink APIs
• Collaboration rooms
• Guided sessions
• Personal advisor features
• Administrative tools
• Customer support interactions

This Privacy Policy does not govern third-party services that you connect to coThink, including AI providers, calendar providers, identity providers, storage systems, communication platforms, or other integrations. Those services are governed by their own privacy policies.

2. Information We Collect

Account Information

When you create or administer an account, we may collect:

• Name
• Email address
• Username
• Profile information
• Authentication identifiers
• Organization membership information
• Role and permission assignments

Authentication Information

Depending on the authentication methods used, we may collect:

• Password hashes
• Passkey credentials
• Multi-factor authentication configuration data
• Single sign-on identifiers
• Identity provider account information

coThink does not store plaintext passwords.

Workspace Information

We may collect information necessary to operate collaborative workspaces, including:

• Workspace configuration
• Room configuration
• Session configuration
• User memberships
• User preferences
• Notification settings
• Billing-related workspace information

Customer Content

Customer Content may include:

• Prompts
• Messages
• Notes
• Documents
• Files
• Whiteboard content
• Session artifacts
• Task information
• Decisions
• Summaries
• Workflow data
• Other content submitted to the Services

You retain ownership of Customer Content as described in our Terms of Service.

AI Usage Information

We may collect:

• Model selections
• Provider selections
• Token usage metrics
• Performance metrics
• Request timing information
• Routing decisions
• Error information

Technical Information

We may automatically collect:

• IP address
• Device information
• Browser information
• Operating system information
• Application version information
• Diagnostic information
• Log information
• Security event information

Support Information

If you contact support, we may collect:

• Support requests
• Communications
• Diagnostic information you provide
• Troubleshooting information

3. How We Use Information

We use information to:

• Provide the Services
• Authenticate users
• Operate collaborative workspaces
• Deliver personal advisor functionality
• Process guided sessions
• Enable integrations
• Provide customer support
• Monitor platform health
• Detect abuse and security threats
• Improve product functionality
• Develop new features
• Enforce our Terms of Service
• Comply with legal obligations

4. Platform Improvement and Deidentified Data

coThink continuously improves platform capabilities, including:

• Advisor systems
• Routing systems
• Memory systems
• Recommendation systems
• Facilitation systems
• Workflow systems
• Collaboration intelligence

To support these improvements, coThink may process workspace activity using deidentified or pseudonymized information.

Before such information is used for platform improvement, coThink applies commercially reasonable technical and organizational measures intended to reduce the ability to identify:

• Individual users
• Organizations
• Workspaces
• Specific customer environments

Deidentified information may be aggregated across customers and subject to privacy thresholds intended to reduce re-identification risk.

These processes are used to improve coThink's own platform capabilities.

coThink does not use Customer Content through this program to train third-party foundation models or third-party AI systems.

5. AI Providers and Connected Services

coThink allows customers to connect third-party providers.

Examples include:

• AI providers
• Identity providers
• Calendar providers
• Storage systems
• Messaging platforms
• Productivity tools

When you use an integration, information may be transmitted to that provider as required to perform the requested functionality.

The provider's handling of information is governed by its own privacy policies, terms, and practices.

Customers are responsible for evaluating whether connected providers meet their legal, privacy, regulatory, contractual, and operational requirements.

6. Sharing of Information

We do not sell Customer Content.

We may share information in the following circumstances:

Service Providers

We may share information with vendors that help us operate the Services, including providers of:

• Hosting
• Infrastructure
• Security
• Analytics
• Email delivery
• Billing
• Customer support

These providers are contractually required to protect information appropriately.

Legal Requirements

We may disclose information when reasonably necessary to:

• Comply with law
• Respond to legal process
• Protect rights and property
• Investigate fraud
• Address security incidents
• Prevent harm

Corporate Transactions

Information may be transferred in connection with:

• Mergers
• Acquisitions
• Reorganizations
• Asset sales
• Financing transactions

Appropriate protections will be maintained where required by law.

7. Data Retention

We retain information for as long as necessary to:

• Provide the Services
• Maintain accounts
• Support customers
• Meet legal obligations
• Resolve disputes
• Enforce agreements
• Protect security

Retention periods may vary depending on:

• Workspace settings
• Customer configurations
• Legal requirements
• Operational requirements

Deleted information may remain in backups for a limited period before permanent removal.

8. Security

coThink implements commercially reasonable administrative, technical, and organizational safeguards designed to protect information against unauthorized access, loss, misuse, alteration, or disclosure.

Security measures may include:

• Encryption in transit
• Encryption at rest
• Role-based access controls
• Audit logging
• Secret management
• Access monitoring
• Authentication controls
• Multi-factor authentication

No system can guarantee absolute security.

9. Encrypted Rooms

Certain features may provide customer-controlled encryption.

For encrypted-room functionality:

• Encryption keys may remain under customer control.
• coThink may not possess the keys required to decrypt content.
• Lost encryption keys, passkeys, recovery methods, or credentials may result in permanent loss of access.
• coThink may be unable to recover encrypted content.

Customers are responsible for protecting and maintaining access to their encryption credentials.

10. International Data Processing

Information may be processed and stored in jurisdictions where coThink, its service providers, or infrastructure providers operate.

By using the Services, you acknowledge that information may be transferred across national borders where permitted by law.

Where required, coThink will implement appropriate safeguards for cross-border data transfers.

11. Your Rights and Choices

Depending on your jurisdiction, you may have rights regarding personal information, including rights to:

• Access information
• Correct information
• Delete information
• Restrict processing
• Object to processing
• Export information
• Withdraw consent where applicable

Requests may be submitted through designated support or privacy channels.

Certain requests may be limited by legal obligations, security requirements, technical limitations, or contractual responsibilities.

12. California Privacy Rights

California residents may have rights under applicable California privacy laws, including rights relating to access, correction, deletion, and disclosure of personal information.

coThink does not sell personal information as traditionally defined under California privacy laws.

California residents may submit privacy requests using the contact methods described below.

13. Children's Privacy

The Services are not directed to children under the age of thirteen (13).

We do not knowingly collect personal information from children under thirteen.

If we become aware that such information has been collected, we will take reasonable steps to remove it.

14. Cookies and Similar Technologies

coThink may use cookies, local storage, session storage, and similar technologies to:

• Authenticate users
• Maintain sessions
• Remember preferences
• Improve performance
• Support security features
• Analyze platform usage

You may control certain cookie settings through your browser or device settings.

Disabling certain technologies may affect Service functionality.

15. Do Not Track

Because there is no universally accepted standard for responding to browser "Do Not Track" signals, coThink does not currently respond to such signals.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

Updated versions will be posted with a revised effective date.

Continued use of the Services after an updated Privacy Policy becomes effective constitutes acceptance of the revised Privacy Policy.

17. Contact Information

Questions, requests, or concerns regarding this Privacy Policy may be submitted through the support, privacy, legal, or contact channels provided by coThink or listed on wecothink.com.

For privacy-related inquiries, please include sufficient information to allow us to verify and respond to your request.