Privacy Policy
Cohost Platform
Effective Date: April 17, 2026
Last Updated: April 17, 2026
1. DEFINITIONS
For the purposes of this Privacy Policy:
- “Cohost,” “Company,” “we,” “us,” or “our” refers to the Cohost platform and its operators.
- “User,” “you,” or “your” refers to any individual or entity accessing or using the Services.
- “Services” refers to all applications, websites, APIs, and related services provided by Cohost.
- “Personal Data” means any information relating to an identified or identifiable individual.
- “Processing” means any operation performed on Personal Data (collection, storage, use, disclosure, etc.).
- “Controller” means the entity determining purposes and means of processing.
- “Processor” means a third party processing data on behalf of the Controller.
2. SCOPE OF POLICY
This Privacy Policy applies to:
- All users of Cohost Services globally
All data collected through:
- Web applications
- Mobile applications
- APIs and integrations
- Customer support interactions
- Marketing and communications channels
This policy does not apply to third-party platforms not controlled by Cohost.
3. INFORMATION WE COLLECT
3.1 Information You Provide Directly
We collect information you voluntarily provide, including:
Account Registration Data
- Full legal name
- Username/display name
- Email address
- Phone number
- Password (hashed and encrypted)
Profile Information
- Profile image
- Biography
- Social links
- Preferences and interests
Event-Related Data
- Event creation details (title, description, location, pricing)
- RSVP data
- Guest lists
- Event communications
User Content
- Photos, videos, audio uploads
- Messages, comments, feedback
- Reviews and ratings
Payment and Financial Data
- Billing name and address
- Payment method details (processed by third-party providers)
- Transaction history
Verification Data (if applicable)
- Government-issued ID
- Selfie verification
- Fraud prevention metadata
3.2 Information Collected Automatically
Device & Technical Data
- IP address
- Device identifiers
- Browser type/version
- Operating system
- Network information
Usage & Behavioral Data
- Pages visited
- Features used
- Clickstream data
- Session duration
- Referral sources
Log Data
- Access timestamps
- Error logs
- API calls
Location Data
- Approximate location (IP-based)
- Precise GPS location (only with consent)
3.3 Information from Third Parties
We may collect information from:
- Identity providers (e.g., Google, Apple, Microsoft)
- Payment processors
- Analytics providers
- Advertising partners
- Event partners or organizers
3.4 Sensitive Personal Data
We may process sensitive data only when necessary and with appropriate safeguards, including:
- Identity verification data
- Accessibility or accommodation requests (if provided)
- Fraud detection signals
4. LEGAL BASIS FOR PROCESSING (GDPR)
Where applicable, we process Personal Data under the following legal bases:
- Contractual Necessity – to provide Services
- Legitimate Interests – platform improvement, fraud prevention
- Consent – marketing, cookies, optional features
- Legal Obligation – compliance with laws and regulations
5. PURPOSES OF PROCESSING
We process your data for the following purposes:
5.1 Service Operation
- Account creation and management
- Event hosting and participation
- Platform functionality
5.2 Personalization
- Event recommendations
- Customized content and feeds
5.3 Communication
- Transactional notifications
- Support responses
- Service updates
5.4 Payments & Financial Processing
- Payment authorization and settlement
- Fraud detection and prevention
5.5 Security & Risk Management
- Identity verification
- Abuse detection
- Incident response
5.6 Analytics & Product Improvement
- Usage analysis
- Performance monitoring
- Feature development
5.7 Marketing & Advertising
- Promotional communications (with consent)
- Targeted advertising (where permitted)
6. DATA SHARING AND DISCLOSURE
We do not sell Personal Data. We may share data in the following contexts:
6.1 Service Providers (Processors)
- Cloud infrastructure providers
- Payment processors
- Email and messaging services
- Analytics platforms
- Security vendors
6.2 User-to-User Sharing
- Public profiles
- Event participation visibility
- Messaging interactions
6.3 Legal and Regulatory Disclosure
We may disclose data:
- To comply with legal obligations
- In response to subpoenas or lawful requests
- To protect rights, safety, or property
6.4 Business Transfers
In case of:
- Merger
- Acquisition
- Asset sale
6.5 Affiliates and Partners
- Within corporate group entities
- Event co-hosts or partners (as required)
7. INTERNATIONAL DATA TRANSFERS
Data may be transferred across jurisdictions. We implement safeguards such as:
- Standard Contractual Clauses (SCCs)
- Data Processing Agreements (DPAs)
- Adequacy decisions where applicable
8. DATA RETENTION
We retain Personal Data based on:
- Contractual obligations
- Legal requirements
- Business needs
Typical retention periods:
- Account data: until deletion request
- Transaction data: up to 7 years (financial compliance)
- Logs: 30–365 days
- Backup archives: per retention policy
9. DATA SECURITY
We implement enterprise-grade security controls:
- Encryption in transit (TLS 1.2+)
- Encryption at rest (AES-256)
- Role-based access control (RBAC)
- Multi-factor authentication (MFA)
- Network segmentation
- Continuous monitoring and logging
Despite these measures, no system is completely secure.
10. YOUR PRIVACY RIGHTS
Depending on jurisdiction, you may have rights to:
10.1 Access
Request access to your Personal Data.
10.2 Rectification
Correct inaccurate or incomplete data.
10.3 Erasure (“Right to be Forgotten”)
Request deletion of your data.
10.4 Restriction of Processing
Limit how your data is used.
10.5 Data Portability
Receive your data in a structured format.
10.6 Objection
Object to certain types of processing.
10.7 Withdraw Consent
Withdraw consent at any time.
To exercise rights: Email: [Insert Contact Email]
11. CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)
California residents have the right to:
- Know what personal data is collected
- Request deletion
- Correct inaccurate data
- Opt out of sharing (if applicable)
- Limit use of sensitive data
We do not sell personal data.
12. COOKIES AND TRACKING TECHNOLOGIES
We use:
- Session cookies
- Persistent cookies
- Analytics cookies
- Advertising cookies
You can manage preferences via browser settings or cookie banners.
13. CHILDREN’S PRIVACY
Cohost is not intended for individuals under:
- 13 years (U.S.)
- 16 years (EU, where applicable)
We do not knowingly collect data from children.
14. AUTOMATED DECISION-MAKING
We may use automated systems for:
- Content recommendations
- Fraud detection
These systems do not produce legally binding decisions without human review.
15. DATA MINIMIZATION AND PURPOSE LIMITATION
We adhere to:
- Collecting only necessary data
- Using data only for specified purposes
- Limiting access based on need-to-know principles
16. THIRD-PARTY LINKS AND SERVICES
Our Services may contain links to third-party platforms. We are not responsible for their privacy practices.
17. INCIDENT RESPONSE AND BREACH NOTIFICATION
In the event of a data breach:
- We will investigate promptly
- Notify affected users where required
- Report to regulators as mandated
18. DO NOT TRACK SIGNALS
We currently do not respond to “Do Not Track” browser signals.
19. CHANGES TO THIS POLICY
We may update this Privacy Policy periodically. Updates will be communicated via:
- Website updates
- Email notifications (if material changes occur)
20. CONTACT INFORMATION
For questions or concerns:
Cohost
Email: [Insert Email]
Address: [Insert Business Address]
Website: [Insert URL]
21. GOVERNING LAW
This Privacy Policy shall be governed by and interpreted in accordance with the laws of [Insert Jurisdiction], without regard to conflict of law principles.
22. ENTIRE AGREEMENT
This Privacy Policy forms part of your agreement with Cohost and should be read alongside our Terms of Service.
By using Cohost, you acknowledge that you have read, understood, and agree to this Privacy Policy.