Cohort

Privacy Policy

Last updated: 1 May 2026

Cohort is developed in Essen, Germany. This policy explains what personal data Cohort collects, how we use it, how long we keep it, and the rights you have over it. We are the data controller for the personal data we process about you. You can contact us at hello@meetcohort.co.

1. What we collect

  • Account data: email, password (hashed), authentication tokens.
  • Profile data: display name, age, intent, region, tags, written prompts, and photos.
  • Activity data: sparks, threads (including text and voice responses submitted inside threads), messages, contract decisions, date plans, blocks, reports.
  • Behavior signals: a derived score (0-100) reflecting responsiveness and conduct.
  • Device signals: a hashed device/IP fingerprint used to prevent ban evasion and abuse. We do not store raw IP addresses long-term.
  • Payment data: billing metadata only; card details are handled by Stripe.
  • Logs: minimal technical logs for security, debugging, and abuse prevention.

2. How we use it

To run the service (matching you into cohorts, delivering messages, unlocking reveals), to keep the community safe (moderation, abuse prevention, behavior scoring), to send transactional and account emails, to process payments, and to improve the product. We do not sell your personal data and we do not use it for third-party advertising.

3. Legal bases (UK & EU)

We process your data under: contract (to deliver the service you signed up for), legitimate interests (security, abuse prevention, product improvement), consent (for optional features such as push notifications), and legal obligation (where laws require us to retain or disclose data).

4. Photos and voice

Your photos are stored privately and remain blurred to other members until both of you commit at the reveal stage. Voice you record as part of a thread is tied to that conversation and shared only with your counterpart under the same safeguards as other thread content. Media is served through signed, short-lived URLs and is never publicly listed.

5. Sharing with third parties

We share data only with processors that help us run Cohort: Lovable Cloud (database, storage, edge functions, authentication), Stripe (payments), and Mailgun via Lovable Emails (transactional email delivery). Each processor is bound by contract to handle your data securely and only on our instructions.

6. International transfers

Some processors operate outside the UK/EU. Where they do, transfers are protected by Standard Contractual Clauses or equivalent safeguards.

7. Retention

We keep your data while your account is active. If you delete your account, your profile, prompts, media, messages, and behavior data are deleted or anonymised within 30 days, except where we are legally required to retain certain records (e.g. payment history, abuse evidence). Suspended/banned accounts retain limited data needed to enforce the ban.

8. Your rights

You can: access, correct, or download your data; delete your account; object to or restrict certain processing; withdraw consent at any time. Use the in-app settings or email hello@meetcohort.co. You also have the right to lodge a complaint with your local data-protection authority (in the UK, the ICO).

9. Cookies

We use a minimal set of strictly necessary cookies and local storage entries to keep you signed in and remember preferences. We do not use advertising or third-party tracking cookies.

10. Children

Cohort is for adults only - 18 and over. We do not knowingly collect data from anyone under 18.

11. Changes

We'll let you know about material changes to this policy by email or in-app notice.

12. Contact

For privacy questions or to exercise your rights, email hello@meetcohort.co.