Cohorte — Privacy Policy

Last updated: 4 October 2025

‍

This Privacy Policy explains how Cohorte collects, uses, discloses, and protects information about you when you use our websites, community, bootcamps, and agency services (collectively, the “Services”). Cohorte acts as a data controller for the processing described here (and as a processor where we process personal data on behalf of our business clients under separate agreements).

Contact for privacy matters: hello@cohorte.co
Supervisory Authority (France): Commission Nationale de l’Informatique et des Libertés (CNIL)

1. Personal data we collect

The personal data we collect depends on how you interact with us:

Identifiers and contact information (e.g., name, email, phone, company, role, billing address).
Account/profile data (e.g., username, profile photo, biography, preferences).
Transaction data (e.g., purchases, enrollment details, partial card data tokens from payment providers, VAT numbers). We do not store full card numbers.
Community content (UGC you post, messages, comments, likes, and moderation logs in AI Friends).
Course activity (attendance, assignments, project submissions, recorded sessions if you participate, certification/progress data).
Technical data (IP address, device identifiers, browser type, settings, crash logs, approximate location, timestamps).
Usage/analytics data (page views, clicks, sessions, referrers, campaign attribution, and cookie/SDK identifiers).
Communications (emails/newsletters, support requests, surveys, NPS, testimonials).
B2B client data (contacts, contracts, statements of work, project artifacts, and—when acting as processor—customer‑provided datasets containing personal data).
Sensitive data: we generally do not collect sensitive data (e.g., health, biometric). If an engagement requires processing special categories of data, this will be governed by a separate agreement and appropriate safeguards.

2. How we collect data

Directly from you (forms, checkout, community posts, applications, emails, calls, chats, surveys).
Automatically via cookies, pixels, and similar technologies on our website and course platforms.
From third parties: marketing partners, social logins (if used), payment processors (for transaction confirmations), and referrals.

3. Cookies and similar technologies

We use cookies and similar technologies to operate our site, remember preferences, measure performance, and (where permitted) personalize content or campaigns. Non‑essential cookies are used only with your consent. You can manage choices through our cookie banner and browser settings. Certain features may not function without some cookies. See our Cookie Notice (if published) for details.

4. Purposes and legal bases (GDPR/UK GDPR)

We process personal data on the following legal bases and for the listed purposes:

Performance of a contract: to register accounts, deliver Bootcamps, process payments, provide support, and fulfill Agency Services.
Consent: to send newsletters/marketing (where required), place non‑essential cookies/analytics, record sessions where consent is required, and feature testimonials.
Legitimate interests (balanced against your rights): to secure and improve the Services, prevent fraud/abuse, perform limited audience measurement, and operate the AI Friends community.
Legal obligations: to comply with tax, accounting, KYC/anti‑fraud obligations, and to respond to lawful requests.

Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

5. How we use personal data

Deliver, maintain, and improve the Services (including cohort operations, content delivery, and community moderation).
Process transactions and provide invoices/receipts.
Communicate with you (service messages, updates, reminders, marketing where permitted).
Provide analytics, research, and reporting (aggregated or de‑identified where possible).
Detect, investigate, and prevent security incidents, spam, fraud, and abuse.
Comply with legal obligations and enforce our Terms.

6. Sharing and disclosure

We share personal data with:

Service providers/processors who support our operations, such as: website hosting/CMS (Webflow), community (Circle), course platforms, newsletter (Beehiiv), payments (Stripe), automation/integration (Zapier), analytics (Google Analytics), productivity (Google Workspace), customer support, and similar vendors. These parties are bound by contracts and process data only on our instructions.
Payment processors (e.g., Stripe) for payment authorization and fraud prevention. Cohorte does not store full card numbers.
Enterprise clients (for B2B engagements) when we act as a processor under a separate agreement.
Professional advisors (lawyers, accountants, auditors) under confidentiality.
Authorities where required by law, to protect rights, safety, and security, or in connection with a merger, acquisition, or sale of assets.

We do not sell personal data. We also do not share personal data for cross‑context behavioral advertising where prohibited by law. Where data sharing might constitute a “sale” or “share” under applicable U.S. state laws, we will honor opt‑out choices and provide required notices.

7. International transfers

We operate globally and may transfer personal data to countries outside your own, including outside the EEA/UK. Where we do so, we implement appropriate safeguards, such as adequacy decisions, standard contractual clauses, and additional technical/organizational measures. Copies of relevant safeguards can be requested at hello@cohorte.co (subject to redactions and confidentiality).

8. Data retention

We retain personal data only as long as necessary for the purposes set out in this Policy, including to meet legal, accounting, or reporting requirements. Retention periods vary by category (e.g., transaction records are typically kept for 6–10 years under tax laws). When data is no longer needed, we will delete or de‑identify it.

9. Your rights

Depending on your location, you may have the following rights:

Access to your personal data and information about how it is processed;
Rectification of inaccurate or incomplete data;
Erasure (deletion) of data in certain circumstances;
Restriction of processing in certain circumstances;
Portability of data you provided to us;
Objection to processing based on legitimate interests or to direct marketing;
Withdrawal of consent where processing is based on consent.

Requests may be submitted to hello@cohorte.co. We may ask for information to verify your identity and will respond within the time limits required by law.

California (CCPA/CPRA). California residents have additional rights, including to know/access, delete, correct, and to opt‑out of sale or sharing of personal information, and to limit the use and disclosure of sensitive personal information. We will honor your rights under applicable California law. You (or your authorized agent) may submit requests at hello@cohorte.co.

10. Children’s privacy

We do not knowingly collect personal data from children under 13 (or under the age required by local law). If you believe a child has provided us personal data without appropriate consent, contact hello@cohorte.co and we will take steps to delete it.

11. Security

We implement technical and organizational measures designed to protect personal data, including encryption in transit, access controls, logging, and staff training. No system is 100% secure. If we become aware of a security incident affecting personal data, we will notify affected individuals and/or authorities as required by law.

12. Payments and PCI

Payments are processed by our payment providers (e.g., Stripe). These providers are independently responsible for their compliance with PCI DSS and other applicable security standards. We receive limited payment information necessary to complete transactions and support refunds.

13. Community content and recordings

Content you choose to post in AI Friends is visible to other community members. We may record Bootcamp sessions. If you participate, your audio/video and display name may be captured. You may opt to remain off camera and use pseudonyms where allowed.

14. Third‑party links and services

The Services may link to third‑party websites or services. Their privacy practices are governed by their own policies. We are not responsible for third‑party practices.

15. Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated version with a new “Last updated” date and take additional steps to notify users where required.

16. Contact

For questions or to exercise your rights, contact hello@cohorte.co. If you are in the EEA, you may also lodge a complaint with your local data protection authority (in France, the CNIL).

17. Region‑specific disclosures

EEA/UK/Switzerland. Cohorte is the controller for processing described in this Policy. Legal bases are described above. International transfers are protected by appropriate safeguards (e.g., EC Standard Contractual Clauses). You may have additional rights under national law.
California. See Section 9. We will not discriminate against you for exercising your rights.
Other regions. We will comply with applicable local privacy laws where we offer Services.

18. How to make choices

Email marketing. Click “unsubscribe” in our emails or email hello@cohorte.co.
Cookies/analytics. Use our cookie banner to accept/reject non‑essential cookies at any time.
Community visibility. Adjust your community profile and posting settings on Circle.

19. Data processing roles for key vendors (summary)

Web hosting/CMS: Webflow (processor)
Community platform: Circle (processor)
Payments: Stripe (independent controller for payments; processor for some data)
Newsletters: Beehiiv (processor)
Automations: Zapier (processor)
Analytics: Google Analytics (independent controller for certain analytics; processor under applicable terms)
Productivity: Google Workspace (processor/controller depending on context)

We maintain a current list of sub‑processors upon request.

End of Policy