Legal

Privacy Policy

Effective Date: June 1, 2026

This Privacy Policy explains how coThink ("coThink," "we," "our," or "us") collects, uses, processes, shares, stores, protects, and retains information when individuals and organizations use coThink's websites, applications, APIs, collaborative workspaces, guided sessions, personal advisor features, workflow engines, automation systems, integrations, and related services (collectively, the "Service").

By accessing or using the Service, you acknowledge the practices described in this Privacy Policy.

1. Scope

This Privacy Policy applies to information processed through the Service.

This Privacy Policy does not apply to:

Third-party websites
Third-party applications
Connected providers
AI model providers
Identity providers
Payment processors
Other third-party services

which are governed by their own privacy policies and terms.

2. Definitions

For purposes of this Privacy Policy:

Customer Content means prompts, messages, files, documents, structured session data, advisor information, workflows, configurations, outputs, and other content submitted to the Service.

Personal Information means information that identifies, relates to, describes, or can reasonably be associated with an individual.

Organization means a company, institution, business, governmental entity, educational institution, nonprofit organization, or other entity that owns or administers a workspace.

Workspace means a collaborative environment created within the Service.

Administrator means an individual authorized to manage a workspace on behalf of an organization.

Subprocessor means a third-party service provider engaged by coThink to assist in delivering, operating, securing, maintaining, or improving the Service.

3. Data Controller and Data Processor Roles

When organizations use coThink to process Customer Content, the organization generally acts as the data controller and coThink acts as a data processor or service provider.

For information relating to direct customer relationships with coThink, including account administration, billing, security, support, fraud prevention, and operation of the Service, coThink may act as a data controller.

The specific role depends upon the nature of the processing activity.

4. Information We Collect

We collect information necessary to operate, secure, support, and improve the Service.

Account Information

We may collect:

Name
Email address
Username
Profile information
Authentication identifiers
Account preferences
Language preferences
Time zone
Profile settings

Organization and Workspace Information

We may collect:

Organization names
Workspace names
Team structures
Membership information
User roles
Permissions
Administrative settings
Subscription information

Authentication and Security Information

We may collect:

Login activity
Authentication events
Passkey identifiers
Multi-factor authentication settings
Device identifiers
IP addresses
Access logs
Security logs
Session activity

Billing Information

We may collect:

Subscription details
Billing contacts
Plan information
Transaction history
Tax-related information

Payment card information is generally processed directly by payment providers and is not stored by coThink except where necessary to support payment operations.

Support Information

We may collect:

Support requests
Communications
Feedback
Feature requests
Troubleshooting information

Service Usage Information

We may collect:

Feature usage
Session activity
Workflow execution records
Advisor interactions
API activity
Diagnostic information
Error logs
Performance metrics

Customer Content

We process Customer Content submitted by users and organizations, including:

Prompts
Messages
Files
Documents
Decisions
Structured session data
Advisor information
AI workflow data
Automation data
Configuration information
Generated outputs
Collaboration records

5. Information Collected Automatically

When you access the Service, we may automatically collect:

IP address
Browser type
Device information
Operating system
Referring URLs
Session identifiers
Usage statistics
Error information
Performance information

This information helps us operate, secure, maintain, and improve the Service.

6. Cookies and Similar Technologies

We may use cookies, local storage, pixels, session identifiers, and similar technologies to:

Authenticate users
Maintain sessions
Remember preferences
Improve performance
Analyze usage
Secure accounts
Prevent abuse

You may control cookies through browser settings, although disabling certain cookies may affect functionality.

7. Cookie Policy

Additional information regarding cookies and tracking technologies is provided through the Cookie Policy, which is incorporated into this Privacy Policy by reference.

8. How We Use Information

We use information to:

Operate the Service
Authenticate users
Manage accounts
Deliver collaborative workflows
Execute guided sessions
Provide advisor features
Process automations
Enable integrations
Support customers
Process payments
Detect abuse
Prevent fraud
Maintain security
Improve product functionality
Develop new features
Comply with legal obligations

9. AI Processing and Provider Services

coThink may utilize AI systems and permit connections to third-party AI providers.

To fulfill requests, Customer Content may be processed by:

coThink systems
AI models
Workflow engines
Automation systems
Connected providers

Information transmitted to AI providers may include:

Prompts
Context
Messages
Files
Instructions
Workflow state
Metadata
Generated outputs

Only information reasonably necessary to perform requested functions is transmitted.

10. AI Training and Model Usage

Unless expressly disclosed and authorized, coThink does not use Customer Content to train foundation AI models.

Third-party AI providers may maintain independent:

Training practices
Retention practices
Processing policies
Security practices

You are responsible for reviewing the policies of connected providers.

11. Third-Party AI Provider Retention

AI providers connected to the Service may independently retain, log, analyze, or process information submitted through their services according to their own policies.

coThink does not control the retention, training, logging, or processing practices of independent providers.

12. Connected Services and Integrations

The Service may connect to:

Identity providers
Calendars
Email systems
Communication platforms
Storage systems
Payment providers
Monitoring systems
AI providers
Productivity tools
Other third-party services

We process integration credentials, tokens, permissions, configuration data, and metadata only as necessary to provide connected functionality.

13. Automations, Agents, and Workflows

The Service may provide workflow engines, advisor systems, automations, agents, and other features that process information automatically.

These systems may:

Read information
Analyze information
Generate content
Create tasks
Send notifications
Invoke integrations
Execute configured workflows

Processing occurs according to workspace settings, permissions, administrator configurations, and user instructions.

14. Automated Processing

The Service may utilize automated systems, machine learning models, workflow engines, advisor systems, and automation tools to generate recommendations, perform analysis, classify information, prioritize tasks, and execute authorized workflows.

Such automated processing may influence presented information but does not replace human review and decision-making.

15. Workspace Ownership and Administrative Access

Organizations control organization-owned workspaces.

Workspace administrators may be able to:

Access workspace data
Review activity
Export information
Configure retention settings
Manage integrations
Manage permissions
Suspend accounts
Delete content

16. Workplace Transparency

Users participating in organization-managed workspaces should understand that workspace administrators may have visibility into:

Workspace activity
Content
Collaboration history
Audit records
Workflow execution history
Integration activity
Workspace resources

depending on permissions and configuration.

17. Audit Records and Activity Logs

To support security, accountability, troubleshooting, compliance, and service operation, coThink may maintain records relating to:

Login activity
Administrative actions
Workflow execution
Prompts
Outputs
Session participation
Configuration changes
Access events
API activity
Security events

Retention periods may vary by plan and configuration.

18. Sharing Information

We do not sell Customer Content.

We may share information with:

Service providers
Infrastructure providers
Cloud hosting providers
AI providers
Payment processors
Identity providers
Analytics providers
Security providers
Professional advisors
Legal authorities when required by law

Information is shared only as necessary to operate, secure, support, and improve the Service.

19. Government and Legal Requests

coThink may disclose information when required to:

Comply with legal obligations
Respond to lawful requests
Protect rights and property
Protect user safety
Investigate fraud
Investigate abuse
Investigate security incidents

Where legally permitted, coThink may attempt to notify affected customers before disclosure.

20. Sale and Sharing of Personal Information

coThink does not sell Customer Content.

coThink does not sell personal information for monetary consideration.

coThink does not share personal information for cross-context behavioral advertising purposes except as disclosed in this Privacy Policy.

21. Aggregated and De-Identified Information

We may generate, use, analyze, publish, and disclose aggregated, anonymized, statistical, or de-identified information derived from Service usage.

Such information may be used for:

Analytics
Benchmarking
Product improvement
Capacity planning
Security monitoring
Research
Business operations

Such information is not intended to identify individual users, organizations, or workspaces.

22. Sensitive Information

Users should not submit sensitive personal information unless such processing is necessary and permitted by applicable law and contractual agreements.

Where sensitive information is processed, coThink will process such information only as necessary to provide the Service, comply with legal obligations, protect security, or fulfill authorized customer instructions.

23. Data Retention

We retain information as long as reasonably necessary to:

Provide the Service
Operate the Service
Secure the Service
Comply with legal obligations
Resolve disputes
Enforce agreements
Maintain audit history

Deleted information may remain in backup and disaster recovery systems for a limited period before permanent removal.

24. Account Deletion

Users may request account deletion subject to organizational controls, contractual obligations, and legal requirements.

Following deletion:

Access may be removed.
Certain information may remain in backups.
Audit records may be retained where permitted or required.
Organizations may retain workspace records they control.

25. Data Portability

Where available, users and organizations may export certain information during an active subscription.

Export functionality may vary by plan and feature availability.

26. Security

We implement administrative, technical, and organizational safeguards designed to protect information.

Measures may include:

Encryption
Access controls
Authentication protections
Role-based permissions
Monitoring systems
Tenant isolation
Security reviews
Audit logging

No method of transmission, storage, or processing can be guaranteed to be completely secure.

27. Security Incidents

If we become aware of a security incident affecting information processed through the Service, we may investigate, mitigate, remediate, and communicate regarding the incident as required by law, contractual obligations, or operational necessity.

28. Incident Notification

Where notification is required by law or contract, coThink will provide notice within a commercially reasonable timeframe after determining that notification is required.

29. HIPAA and Regulated Information

Unless expressly agreed in writing, coThink is not intended for processing regulated information subject to:

HIPAA
Similar healthcare regulations
Other specialized regulatory requirements

Organizations are responsible for determining whether information may legally be processed through the Service.

Additional agreements may be required for regulated workloads.

30. International Processing

Information may be processed in:

The United States
Countries where coThink operates
Countries where service providers operate

Where required, we use appropriate safeguards for international transfers.

31. Data Residency

Unless expressly agreed in writing, coThink does not guarantee that information will remain within any specific country, region, or geographic boundary.

Customers with specific data residency requirements should contact coThink regarding available options.

32. GDPR and UK GDPR Rights

Where applicable, individuals may have rights to:

Access information
Correct information
Delete information
Restrict processing
Object to processing
Export information
Withdraw consent

Some requests may need to be directed through the organization that controls the applicable workspace.

33. California Privacy Rights

California residents may have rights under applicable California privacy laws, including rights to:

Know what information is collected
Request deletion
Request correction
Access information
Receive information regarding disclosures

coThink does not sell Customer Content.

34. Do Not Track

Because there is no universally accepted standard for browser-based Do Not Track signals, the Service may not respond to such signals.

35. Children's Privacy

The Service is not intended for children under thirteen (13).

We do not knowingly collect personal information from children under thirteen.

36. Corporate Transactions

If coThink is involved in a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar transaction, information may be transferred as part of that transaction subject to applicable law.

37. Successor Organizations

If ownership of a workspace changes through acquisition, merger, restructuring, or organizational transfer, workspace information may be transferred to successor administrators or successor organizations consistent with applicable law and contractual obligations.

38. Shared and Published Content

If users intentionally publish, share, distribute, or contribute content to shared libraries, marketplaces, public repositories, community resources, or similar features, that content may become accessible to others in accordance with feature settings and permissions.

39. Subprocessors and Service Providers

coThink may utilize subprocessors and service providers including:

Cloud hosting providers
Payment processors
Email providers
Monitoring providers
Security providers
AI providers
Analytics providers
Support providers

Additional information may be made available through published documentation or upon request.

40. Legal Basis for Processing

Where required by applicable law, we process information based upon:

Contractual necessity
Legitimate interests
Legal obligations
Consent
Protection of vital interests

depending upon the circumstances and jurisdiction.

41. Privacy Contact

Privacy-related requests may be submitted through:

Support channels
Legal contact channels
Privacy contact information published on wecothink.com

Upon incorporation, coThink may publish additional legal entity, mailing, and privacy contact information.

42. Policy Versions

coThink may maintain prior versions of this Privacy Policy for compliance, auditing, and historical reference purposes.

43. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

Material changes may be communicated through the Service, email, or other reasonable means.

Continued use of the Service after the effective date of updated policies constitutes acceptance of the revised Privacy Policy.

44. Contact Information

Questions regarding this Privacy Policy may be directed through the support, legal, account, or contact channels provided by coThink.

Additional contact information may be published at:

https://www.wecothink.com

Legal

Privacy Policy

Effective Date: June 1, 2026

By accessing or using the Service, you acknowledge the practices described in this Privacy Policy.

1. Scope

This Privacy Policy applies to information processed through the Service.

This Privacy Policy does not apply to:

Third-party websites
Third-party applications
Connected providers
AI model providers
Identity providers
Payment processors
Other third-party services

which are governed by their own privacy policies and terms.

2. Definitions

For purposes of this Privacy Policy:

Customer Content means prompts, messages, files, documents, structured session data, advisor information, workflows, configurations, outputs, and other content submitted to the Service.

Personal Information means information that identifies, relates to, describes, or can reasonably be associated with an individual.

Organization means a company, institution, business, governmental entity, educational institution, nonprofit organization, or other entity that owns or administers a workspace.

Workspace means a collaborative environment created within the Service.

Administrator means an individual authorized to manage a workspace on behalf of an organization.

Subprocessor means a third-party service provider engaged by coThink to assist in delivering, operating, securing, maintaining, or improving the Service.

3. Data Controller and Data Processor Roles

When organizations use coThink to process Customer Content, the organization generally acts as the data controller and coThink acts as a data processor or service provider.

The specific role depends upon the nature of the processing activity.

4. Information We Collect

We collect information necessary to operate, secure, support, and improve the Service.

Account Information

We may collect:

Name
Email address
Username
Profile information
Authentication identifiers
Account preferences
Language preferences
Time zone
Profile settings

Organization and Workspace Information

We may collect:

Organization names
Workspace names
Team structures
Membership information
User roles
Permissions
Administrative settings
Subscription information

Authentication and Security Information

We may collect:

Login activity
Authentication events
Passkey identifiers
Multi-factor authentication settings
Device identifiers
IP addresses
Access logs
Security logs
Session activity

Billing Information

We may collect:

Subscription details
Billing contacts
Plan information
Transaction history
Tax-related information

Payment card information is generally processed directly by payment providers and is not stored by coThink except where necessary to support payment operations.

Support Information

We may collect:

Support requests
Communications
Feedback
Feature requests
Troubleshooting information

Service Usage Information

We may collect:

Feature usage
Session activity
Workflow execution records
Advisor interactions
API activity
Diagnostic information
Error logs
Performance metrics

Customer Content

We process Customer Content submitted by users and organizations, including:

Prompts
Messages
Files
Documents
Decisions
Structured session data
Advisor information
AI workflow data
Automation data
Configuration information
Generated outputs
Collaboration records

5. Information Collected Automatically

When you access the Service, we may automatically collect:

IP address
Browser type
Device information
Operating system
Referring URLs
Session identifiers
Usage statistics
Error information
Performance information

This information helps us operate, secure, maintain, and improve the Service.

6. Cookies and Similar Technologies

We may use cookies, local storage, pixels, session identifiers, and similar technologies to:

Authenticate users
Maintain sessions
Remember preferences
Improve performance
Analyze usage
Secure accounts
Prevent abuse

You may control cookies through browser settings, although disabling certain cookies may affect functionality.

7. Cookie Policy

Additional information regarding cookies and tracking technologies is provided through the Cookie Policy, which is incorporated into this Privacy Policy by reference.

8. How We Use Information

We use information to:

Operate the Service
Authenticate users
Manage accounts
Deliver collaborative workflows
Execute guided sessions
Provide advisor features
Process automations
Enable integrations
Support customers
Process payments
Detect abuse
Prevent fraud
Maintain security
Improve product functionality
Develop new features
Comply with legal obligations

9. AI Processing and Provider Services

coThink may utilize AI systems and permit connections to third-party AI providers.

To fulfill requests, Customer Content may be processed by:

coThink systems
AI models
Workflow engines
Automation systems
Connected providers

Information transmitted to AI providers may include:

Prompts
Context
Messages
Files
Instructions
Workflow state
Metadata
Generated outputs

Only information reasonably necessary to perform requested functions is transmitted.

10. AI Training and Model Usage

Unless expressly disclosed and authorized, coThink does not use Customer Content to train foundation AI models.

Third-party AI providers may maintain independent:

Training practices
Retention practices
Processing policies
Security practices

You are responsible for reviewing the policies of connected providers.

11. Third-Party AI Provider Retention

AI providers connected to the Service may independently retain, log, analyze, or process information submitted through their services according to their own policies.

coThink does not control the retention, training, logging, or processing practices of independent providers.

12. Connected Services and Integrations

The Service may connect to:

Identity providers
Calendars
Email systems
Communication platforms
Storage systems
Payment providers
Monitoring systems
AI providers
Productivity tools
Other third-party services

We process integration credentials, tokens, permissions, configuration data, and metadata only as necessary to provide connected functionality.

13. Automations, Agents, and Workflows

The Service may provide workflow engines, advisor systems, automations, agents, and other features that process information automatically.

These systems may:

Read information
Analyze information
Generate content
Create tasks
Send notifications
Invoke integrations
Execute configured workflows

Processing occurs according to workspace settings, permissions, administrator configurations, and user instructions.

14. Automated Processing

Such automated processing may influence presented information but does not replace human review and decision-making.

15. Workspace Ownership and Administrative Access

Organizations control organization-owned workspaces.

Workspace administrators may be able to:

Access workspace data
Review activity
Export information
Configure retention settings
Manage integrations
Manage permissions
Suspend accounts
Delete content

16. Workplace Transparency

Users participating in organization-managed workspaces should understand that workspace administrators may have visibility into:

Workspace activity
Content
Collaboration history
Audit records
Workflow execution history
Integration activity
Workspace resources

depending on permissions and configuration.

17. Audit Records and Activity Logs

To support security, accountability, troubleshooting, compliance, and service operation, coThink may maintain records relating to:

Login activity
Administrative actions
Workflow execution
Prompts
Outputs
Session participation
Configuration changes
Access events
API activity
Security events

Retention periods may vary by plan and configuration.

18. Sharing Information

We do not sell Customer Content.

We may share information with:

Service providers
Infrastructure providers
Cloud hosting providers
AI providers
Payment processors
Identity providers
Analytics providers
Security providers
Professional advisors
Legal authorities when required by law

Information is shared only as necessary to operate, secure, support, and improve the Service.

19. Government and Legal Requests

coThink may disclose information when required to:

Comply with legal obligations
Respond to lawful requests
Protect rights and property
Protect user safety
Investigate fraud
Investigate abuse
Investigate security incidents

Where legally permitted, coThink may attempt to notify affected customers before disclosure.

20. Sale and Sharing of Personal Information

coThink does not sell Customer Content.

coThink does not sell personal information for monetary consideration.

coThink does not share personal information for cross-context behavioral advertising purposes except as disclosed in this Privacy Policy.

21. Aggregated and De-Identified Information

We may generate, use, analyze, publish, and disclose aggregated, anonymized, statistical, or de-identified information derived from Service usage.

Such information may be used for:

Analytics
Benchmarking
Product improvement
Capacity planning
Security monitoring
Research
Business operations

Such information is not intended to identify individual users, organizations, or workspaces.

22. Sensitive Information

Users should not submit sensitive personal information unless such processing is necessary and permitted by applicable law and contractual agreements.

23. Data Retention

We retain information as long as reasonably necessary to:

Provide the Service
Operate the Service
Secure the Service
Comply with legal obligations
Resolve disputes
Enforce agreements
Maintain audit history

Deleted information may remain in backup and disaster recovery systems for a limited period before permanent removal.

24. Account Deletion

Users may request account deletion subject to organizational controls, contractual obligations, and legal requirements.

Following deletion:

Access may be removed.
Certain information may remain in backups.
Audit records may be retained where permitted or required.
Organizations may retain workspace records they control.

25. Data Portability

Where available, users and organizations may export certain information during an active subscription.

Export functionality may vary by plan and feature availability.

26. Security

We implement administrative, technical, and organizational safeguards designed to protect information.

Measures may include:

Encryption
Access controls
Authentication protections
Role-based permissions
Monitoring systems
Tenant isolation
Security reviews
Audit logging

No method of transmission, storage, or processing can be guaranteed to be completely secure.

27. Security Incidents

28. Incident Notification

Where notification is required by law or contract, coThink will provide notice within a commercially reasonable timeframe after determining that notification is required.

29. HIPAA and Regulated Information

Unless expressly agreed in writing, coThink is not intended for processing regulated information subject to:

HIPAA
Similar healthcare regulations
Other specialized regulatory requirements

Organizations are responsible for determining whether information may legally be processed through the Service.

Additional agreements may be required for regulated workloads.

30. International Processing

Information may be processed in:

The United States
Countries where coThink operates
Countries where service providers operate

Where required, we use appropriate safeguards for international transfers.

31. Data Residency

Unless expressly agreed in writing, coThink does not guarantee that information will remain within any specific country, region, or geographic boundary.

Customers with specific data residency requirements should contact coThink regarding available options.

32. GDPR and UK GDPR Rights

Where applicable, individuals may have rights to:

Access information
Correct information
Delete information
Restrict processing
Object to processing
Export information
Withdraw consent

Some requests may need to be directed through the organization that controls the applicable workspace.

33. California Privacy Rights

California residents may have rights under applicable California privacy laws, including rights to:

Know what information is collected
Request deletion
Request correction
Access information
Receive information regarding disclosures

coThink does not sell Customer Content.

34. Do Not Track

Because there is no universally accepted standard for browser-based Do Not Track signals, the Service may not respond to such signals.

35. Children's Privacy

The Service is not intended for children under thirteen (13).

We do not knowingly collect personal information from children under thirteen.

36. Corporate Transactions

37. Successor Organizations

38. Shared and Published Content

39. Subprocessors and Service Providers

coThink may utilize subprocessors and service providers including:

Cloud hosting providers
Payment processors
Email providers
Monitoring providers
Security providers
AI providers
Analytics providers
Support providers

Additional information may be made available through published documentation or upon request.

40. Legal Basis for Processing

Where required by applicable law, we process information based upon:

Contractual necessity
Legitimate interests
Legal obligations
Consent
Protection of vital interests

depending upon the circumstances and jurisdiction.

41. Privacy Contact

Privacy-related requests may be submitted through:

Support channels
Legal contact channels
Privacy contact information published on wecothink.com

Upon incorporation, coThink may publish additional legal entity, mailing, and privacy contact information.

42. Policy Versions

coThink may maintain prior versions of this Privacy Policy for compliance, auditing, and historical reference purposes.

43. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

Material changes may be communicated through the Service, email, or other reasonable means.

Continued use of the Service after the effective date of updated policies constitutes acceptance of the revised Privacy Policy.

44. Contact Information

Questions regarding this Privacy Policy may be directed through the support, legal, account, or contact channels provided by coThink.

Additional contact information may be published at:

https://www.wecothink.com