Privacy Policy

Last Updated: June 10, 2026 | Effective Date: June 10, 2026

1. Introduction

Welcome to Cohera ("we," "us," or "our"). Cohera is a content creator platform that helps you create, schedule, and publish content across multiple social media platforms with AI-powered assistance.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile applications, and services (collectively, the "Service"). Please read this policy carefully. By using Cohera, you agree to the collection and use of information in accordance with this policy.

If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide to Us

When you register for and use Cohera, we collect:

  • Account Information: Email address, username, password, full name, profile picture
  • Profile Information: Bio, timezone, language preferences, subscription tier
  • Content: Posts, drafts, media files (images, videos), captions, and hashtags you create
  • Communications: Messages you send us, customer support interactions, feedback
  • Payment Information: When you subscribe to paid plans, payment details are processed by our payment provider (we do not store full credit card numbers)

2.2 Information Collected Automatically

When you use our Service, we automatically collect:

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages visited, features used, time spent, click patterns
  • Log Data: Access times, error logs, referring URLs
  • Location Data: General location based on IP address (not precise GPS location)

2.3 Information from Third Parties

We receive information when you connect your social media accounts (detailed in Section 3) and from analytics providers that help us understand how users interact with our Service.

3. Social Media Platform Data

Cohera allows you to connect various social media accounts to create and publish content. When you connect a social media account, we access specific data from that platform with your explicit authorization. Below is a detailed breakdown of what we access for each platform:

X

Authentication: OAuth 2.0 with PKCE

Data We Access:

  • Your X user ID, username, and display name
  • Profile image URL
  • Follower and following counts
  • Tweet count and account verification status
  • Access tokens (encrypted and stored securely)

How We Use It:

  • Post tweets on your behalf when you schedule or publish content
  • Upload media (images, videos, GIFs) to your tweets
  • Display your engagement metrics and analytics
  • Manage replies and mentions (if you enable this feature)

X's privacy policy: https://twitter.com/privacy

YouTube (Google)

Authentication: OAuth 2.0

Scopes Requested:

  • youtube.readonly - View your YouTube account
  • youtube.upload - Upload videos on your behalf
  • userinfo.email - Your email address for identification
  • userinfo.profile - Your basic profile information

How We Use It:

  • Upload videos to your YouTube channel when you schedule or publish
  • Display your channel analytics and video performance
  • Suggest optimal posting times based on your audience

Google's privacy policy: https://policies.google.com/privacy

YouTube Terms of Service: https://www.youtube.com/t/terms

Cohera's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Facebook

Authentication: OAuth 2.0

Permissions Requested:

  • public_profile - Your name and profile picture
  • pages_show_list - List of Pages you manage
  • pages_read_engagement - Page engagement metrics
  • pages_manage_posts - Create and manage Page posts
  • business_management - Access business assets

How We Use It:

  • Post content to your Facebook Pages
  • Schedule posts for optimal engagement times
  • Display Page analytics and performance metrics

Meta's privacy policy: https://www.facebook.com/privacy/policy

Instagram

Authentication: OAuth 2.0 (via Facebook)

Permissions Requested:

  • instagram_basic - Basic Instagram account info
  • instagram_content_publish - Publish content to Instagram
  • instagram_manage_comments - Manage comments on your posts

How We Use It:

  • Publish posts, stories, and reels to your Instagram account
  • Schedule content for optimal posting times
  • Display your Instagram analytics

Instagram's privacy policy: https://privacycenter.instagram.com/policy

LinkedIn

Authentication: OAuth 2.0 with OpenID Connect

Scopes Requested:

  • openid - OpenID Connect authentication
  • profile - Your basic profile information
  • email - Your email address
  • w_member_social - Post content on your behalf

How We Use It:

  • Share posts to your LinkedIn profile
  • Schedule LinkedIn content
  • Display engagement metrics for your posts

LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy

TikTok

Authentication: OAuth 2.0

Scopes Requested:

  • user.info.basic - Basic profile information
  • user.info.stats - Follower, following, and video counts
  • video.list - Access your video list
  • video.publish - Publish videos on your behalf

How We Use It:

  • Upload and publish videos to your TikTok account
  • Schedule TikTok content
  • Display your TikTok analytics

TikTok's privacy policy: https://www.tiktok.com/legal/privacy-policy

How We Protect Your Social Media Credentials

Your social media access tokens are encrypted using AES-256-GCM encryption before being stored in our database. We never store your social media passwords. You can revoke Cohera's access at any time by:

  • Disconnecting the account in Cohera's Settings page
  • Revoking access from the social platform's settings
  • For Google/YouTube: Visit Google Security Settings to revoke Cohera's access
  • For TikTok: Visit TikTok Security Settings → Manage app permissions to revoke Cohera's access

When you disconnect a social account, we immediately delete the associated access tokens from our systems. We will delete all associated data within 7 calendar days of receiving a deletion request or access revocation.

4. How We Use Your Information

We use the information we collect to:

4.1 Provide and Improve Our Service

  • Create and manage your Cohera account
  • Enable you to create, schedule, and publish content to your connected social media accounts
  • Display analytics and performance metrics for your content
  • Provide customer support and respond to your inquiries
  • Improve and optimize our Service based on usage patterns

4.2 Personalization

  • Suggest optimal posting times based on your audience engagement
  • Provide AI-powered content suggestions tailored to your style
  • Customize your dashboard and user experience

4.3 Communication

  • Send transactional emails (account verification, password reset, posting confirmations)
  • Send product updates and feature announcements (you can opt out)
  • Notify you about scheduled posts and performance milestones

4.4 Security and Legal

  • Detect and prevent fraud, abuse, and security incidents
  • Enforce our Terms of Service
  • Comply with legal obligations

5. AI-Powered Features

Cohera uses artificial intelligence to enhance your content creation experience. Here's how we use AI and what data is involved:

5.1 AI Content Suggestions

We use AI models (including OpenAI and Anthropic) to generate content suggestions, captions, and hashtag recommendations. When you use these features:

  • Your content drafts and prompts are sent to AI providers for processing
  • AI providers process this data according to their privacy policies
  • We do not use your content to train or fine-tune any AI model

5.2 Voice Personalization

To make suggestions sound like you, Cohera references examples of your own past posts at the moment a suggestion is generated (a technique known as retrieval). Your posts are used only as reference material to personalize suggestions for you — they are never used to train or fine-tune AI models, and they are never used to generate content for other users. You can also create "tone profiles" that help describe your preferred writing style; this data is stored in your account and used only to personalize suggestions for you.

5.3 Third-Party AI Providers

We work with the following AI providers:

These providers are contractually prohibited from using your data to train their models when accessed through our API.

6. Data Sharing and Disclosure

We do not sell your personal information. We share your information only in the following circumstances:

6.1 Service Providers

We share data with trusted service providers who help us operate our Service:

  • Supabase - Database hosting and authentication
  • Vercel - Application hosting
  • Vercel Analytics - Anonymous usage analytics (page views, performance)
  • Sentry - Error monitoring and session replay (text inputs and media are masked; no message content is captured)
  • Resend - Transactional email (verification, password resets, notifications)
  • AI providers - Content generation (OpenAI, Anthropic)
  • Payment processors - Subscription billing (when enabled)

6.2 Social Media Platforms

When you publish content through Cohera, your content is sent to the social media platforms you've connected. Each platform processes this data according to their own privacy policies.

6.3 Legal Requirements

We may disclose your information if required by law, including:

  • In response to valid legal processes (subpoenas, court orders)
  • To protect the rights, property, or safety of Cohera, our users, or the public
  • To detect, prevent, or address fraud or security issues

6.4 Business Transfers

If Cohera is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

7. Data Retention

We retain your information only for as long as necessary to provide our Service and fulfill the purposes described in this policy. Here are our retention periods:

Data TypeRetention Period
Account InformationDeleted when you delete your account
Social Media TokensDeleted when you disconnect the account or delete your Cohera account
YouTube API Data (non-analytics)Refreshed or deleted every 30 days per YouTube API Developer Policies
Published ContentUntil you delete it or delete your account
Draft ContentUntil you delete it or delete your account
Media FilesUntil you delete them or delete your account
Analytics DataWhile your account is active
Activity LogsWhile your account is active
Payment Records7 years (legal requirement)

8. Data Security

We implement industry-standard security measures to protect your information:

8.1 Encryption

  • In Transit: All data is encrypted using TLS 1.3 (HTTPS)
  • At Rest: Sensitive data (passwords, tokens) encrypted with AES-256-GCM
  • Social Media Tokens: Encrypted before database storage with automatic key rotation

8.2 Access Controls

  • Row-level security (RLS) ensures users can only access their own data
  • Role-based access control for our team members
  • Two-factor authentication available for your account
  • Regular access audits

While we take extensive measures to protect your data, no method of transmission or storage is 100% secure. If you believe your account has been compromised, please contact us immediately.

9. Your Rights and Choices

9.1 Account Controls

You can:

  • Access and update your profile information in Settings
  • Connect or disconnect social media accounts
  • Delete your content (posts, drafts, media)
  • Delete your account

9.2 Data Rights

Depending on your location, you may have the right to:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a machine-readable format
  • Restriction: Request we limit processing of your data
  • Objection: Object to certain processing activities

To exercise these rights, contact us at support@coheraapp.com. We will respond within 30 days (or as required by applicable law).

10. International Data Transfers

Cohera is based in Australia. If you access our Service from outside Australia, your information may be transferred to, stored, and processed in Australia or other countries where our service providers operate.

For transfers from the European Economic Area (EEA), UK, or Switzerland, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Privacy Framework certifications where applicable
  • Adequacy decisions for certain countries

11. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

11.1 Your California Rights

  • Right to Know: Request disclosure of data collected, used, and shared
  • Right to Delete: Request deletion of your personal information
  • Right to Correct: Request correction of inaccurate information
  • Right to Opt-Out: Opt out of "sales" or "sharing" of personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

11.2 Do Not Sell/Share My Information

We do not sell or share your personal information, including for cross-context behavioral advertising. We do not share your data with advertising partners. If our practices ever change, we will update this policy and provide an opt-out mechanism before doing so.

12. European Residents (GDPR)

If you are located in the European Economic Area (EEA), UK, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

12.1 Legal Bases for Processing

We process your data based on:

  • Contract Performance: To provide you with our Service (account management, publishing)
  • Legitimate Interest: To improve our Service, ensure security, and communicate with you
  • Consent: For marketing communications and other optional features
  • Legal Obligation: To comply with applicable laws

12.2 Your GDPR Rights

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data (right to be forgotten)
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent at any time
  • Lodge a complaint with your local supervisory authority

13. Children's Privacy

Cohera is not intended for users under the age of 18. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child, please contact us immediately at support@coheraapp.com, and we will take steps to delete such information.

14. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve our Service:

14.1 Types of Cookies

  • Essential Cookies: Required for the Service to function (authentication, security)
  • Functional Cookies: Remember your preferences (theme, language)
  • Analytics Cookies: Help us understand how you use the Service
  • Marketing Cookies: Used for advertising (only with your consent)

14.2 Managing Cookies

You can control cookies through your browser settings or our cookie preference center. Note that disabling essential cookies may affect Service functionality.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Notify you by email (for significant changes)
  • Display a prominent notice in the Service

We encourage you to review this policy periodically. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@coheraapp.com

Mailing Address:

Cohera
Australia

We aim to respond to all inquiries within 30 days.

© 2026 Cohera. All rights reserved.

Terms of Service|Privacy Policy