← Back to CoHost home

CoHost — Privacy Policy

CoHost event management & guest engagement (Cohost)

This page is the dedicated privacy policy for the CoHost application. Product site: https://co-hostapp.com. Support: connect@cohost.com.

Effective Date: May 9, 2026
Last Updated: May 9, 2026

1. DEFINITIONS

For the purposes of this Privacy Policy:

  • “Cohost,” “Company,” “we,” “us,” or “our” refers to the Cohost platform and its operators.
  • “User,” “you,” or “your” refers to any individual or entity accessing or using the Services.
  • “Services” refers to all applications, websites, APIs, and related services provided by Cohost, including the CoHost application (event management, guest engagement, and related features available at https://co-hostapp.com).
  • “Personal Data” means any information relating to an identified or identifiable individual.
  • “Processing” means any operation performed on Personal Data (collection, storage, use, disclosure, etc.).
  • “Controller” means the entity determining purposes and means of processing.
  • “Processor” means a third party processing data on behalf of the Controller.

2. SCOPE OF POLICY

This Privacy Policy governs the CoHost product—the event planning, guest management, and ticketing experience operated by the Cohost team—and explains how we handle personal information when you use the CoHost website and apps. The public home page for CoHost is https://co-hostapp.com. The same domain hosts this dedicated privacy policy page at /privacy, which is separate from the marketing home page.

This Privacy Policy applies to:

  • All users of Cohost Services globally

All data collected through:

  • Web applications
  • Mobile applications
  • APIs and integrations
  • Customer support interactions
  • Marketing and communications channels

This policy does not apply to third-party platforms not controlled by Cohost.

3. INFORMATION WE COLLECT

3.1 Information You Provide Directly

We collect information you voluntarily provide, including:

Account Registration Data

  • Full legal name
  • Username/display name
  • Email address
  • Phone number
  • Password (hashed and encrypted)

Profile Information

  • Profile image
  • Biography
  • Social links
  • Preferences and interests

Event-Related Data

  • Event creation details (title, description, location, pricing)
  • RSVP data
  • Guest lists
  • Event communications

User Content

  • Photos, videos, audio uploads
  • Messages, comments, feedback
  • Reviews and ratings

Payment and Financial Data

  • Billing name and address
  • Payment method details (processed by third-party providers)
  • Transaction history

Verification Data (if applicable)

  • Government-issued ID
  • Selfie verification
  • Fraud prevention metadata

3.2 Information Collected Automatically

Device & Technical Data

  • IP address
  • Device identifiers
  • Browser type/version
  • Operating system
  • Network information

Usage & Behavioral Data

  • Pages visited
  • Features used
  • Clickstream data
  • Session duration
  • Referral sources

Log Data

  • Access timestamps
  • Error logs
  • API calls

Location Data

  • Approximate location (IP-based)
  • Precise GPS location (only with consent)

3.3 Information from Third Parties

We may collect information from:

  • Identity providers (e.g., Google, Apple, Microsoft)
  • Payment processors
  • Analytics providers
  • Advertising partners
  • Event partners or organizers

3.4 Sensitive Personal Data

We may process sensitive data only when necessary and with appropriate safeguards, including:

  • Identity verification data
  • Accessibility or accommodation requests (if provided)
  • Fraud detection signals

3.5 Sign-in with Google (Google user data)

If you choose to sign in or create an account using Google, Cohost receives information from Google through Google’s sign-in service. This section describes how we access, use, store, and share Google user data in connection with the Services.

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements where applicable.

Categories of Google user data we collect

The data we collect about you from Google is limited to what you authorize through Google’s OAuth consent screen when you choose Google sign-in for the CoHost application. Depending on the scopes you approve, this may include:

  • Your Google account subject identifier (a stable ID for your Google account)
  • Your name
  • Your email address
  • Your profile photo URL
  • Other basic profile attributes Google returns for the approved scopes (for example, locale, if provided)

How we use Google user data

We use Google user data to provide the services you request within CoHost and to keep your account secure. Specifically, we use it to:

  • Authenticate you and create, restore, or link your CoHost account
  • Display your name, email, or profile photo inside CoHost where you expect to see your account identity
  • Send transactional or security-related messages to the email address associated with your account (for example, sign-in alerts or account notices)
  • Protect the security and integrity of CoHost, including fraud prevention and abuse detection

We use Google user data only to provide and improve user-facing features of the CoHost application. We do not use Google user data for: targeted, interest-based, personalized, or retargeted advertising; selling or licensing personal information to data brokers or information resellers; determining credit-worthiness or for lending purposes; training generalized artificial intelligence or machine learning models using your identifiable Google profile data; or building standalone marketing databases unrelated to operating CoHost.

How we store Google user data

Google-derived identifiers and profile fields are stored in our production systems with the same technical and organizational safeguards described in Section 9 (Data Security), including encryption in transit and at rest and role-based access controls.

Retention and deletion of Google user data

We retain Google-derived account data for as long as your CoHost account is active and for a limited period afterward where needed for security backups, legal compliance, dispute resolution, or enforcement of our agreements. When the retention period for a given dataset expires, or when you request account deletion, we delete or irreversibly deidentify that information consistent with our technical capabilities and applicable law. To request deletion of personal information associated with your CoHost account, email connect@cohost.com (see Section 20). Revoking CoHost in your Google Account stops new data sharing from Google but may not remove information we already lawfully stored—please submit a deletion request if you want us to remove historical account data subject to retention exceptions.

How we share, transfer, or disclose Google user data

We do not sell Google user data. We do not transfer or disclose Google user data to third parties for targeted advertising, personalized or interest-based advertising, marketing list brokerage, or unrelated commercial profiling. We may share Google user data only with service providers (processors) that host, secure, or operate CoHost on our behalf under written agreements that limit use to providing those services, and when required by law or to protect the rights, safety, or property of our users and Cohost.

Your choices

You can review or revoke Google’s access to your account from your Google Account security settings. You may also contact us using the information in the Contact section below to exercise privacy rights or request account deletion, subject to applicable law and legitimate retention needs.

4. LEGAL BASIS FOR PROCESSING (GDPR)

Where applicable, we process Personal Data under the following legal bases:

  • Contractual Necessity – to provide Services
  • Legitimate Interests – platform improvement, fraud prevention
  • Consent – marketing, cookies, optional features
  • Legal Obligation – compliance with laws and regulations

5. PURPOSES OF PROCESSING

We process your data for the following purposes:

5.1 Service Operation

  • Account creation and management
  • Event hosting and participation
  • Platform functionality

5.2 Personalization

  • Event recommendations
  • Customized content and feeds

5.3 Communication

  • Transactional notifications
  • Support responses
  • Service updates

5.4 Payments & Financial Processing

  • Payment authorization and settlement
  • Fraud detection and prevention

5.5 Security & Risk Management

  • Identity verification
  • Abuse detection
  • Incident response

5.6 Analytics & Product Improvement

  • Usage analysis
  • Performance monitoring
  • Feature development

5.7 Marketing & Advertising

  • Promotional communications (with consent), using contact details you provide directly to Cohost—not using Google sign-in data for ad profiling
  • Where permitted by law, we may use non-Google advertising channels for CoHost marketing; Google user data obtained through sign-in is never used for targeted, interest-based, or personalized advertising

If you authenticate with Google, the categories of data described in Section 3.5 are not used to build advertising audiences, to retarget you across third-party sites, or to sell or license your Google-derived profile to partners.

6. DATA SHARING AND DISCLOSURE

We do not sell Personal Data. We may share data in the following contexts:

6.1 Google user data — additional sharing limitations

In addition to Section 3.5, we do not transfer Google user data to third parties for: targeted, personalized, interest-based, or retargeted advertising; sale or rental to data brokers or information resellers; credit, lending, or eligibility decisions; or any purpose other than providing or improving CoHost’s user-facing functionality through vetted service providers and as required by law.

6.2 Service Providers (Processors)

  • Cloud infrastructure providers
  • Payment processors
  • Email and messaging services
  • Analytics platforms
  • Security vendors

6.3 User-to-User Sharing

  • Public profiles
  • Event participation visibility
  • Messaging interactions

6.4 Legal and Regulatory Disclosure

We may disclose data:

  • To comply with legal obligations
  • In response to subpoenas or lawful requests
  • To protect rights, safety, or property

6.5 Business Transfers

In case of:

  • Merger
  • Acquisition
  • Asset sale

6.6 Affiliates and Partners

  • Within corporate group entities
  • Event co-hosts or partners (as required)

7. INTERNATIONAL DATA TRANSFERS

Data may be transferred across jurisdictions. We implement safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • Data Processing Agreements (DPAs)
  • Adequacy decisions where applicable

8. DATA RETENTION

We retain Personal Data based on:

  • Contractual obligations
  • Legal requirements
  • Business needs

Typical retention periods:

  • Account data: until deletion request
  • Transaction data: up to 7 years (financial compliance)
  • Logs: 30–365 days
  • Backup archives: per retention policy

8.1 Google user data — retention summary

Google-derived identifiers and profile fields are retained under the same principles as your CoHost account: we keep them while your account is active, then for any legally required or security backup window described above. When retention no longer applies, we delete or irreversibly deidentify the data. You may request deletion by emailing connect@cohost.com; we will confirm receipt and describe any exceptions (for example, data we must retain by law).

9. DATA SECURITY

We implement enterprise-grade security controls:

  • Encryption in transit (TLS 1.2+)
  • Encryption at rest (AES-256)
  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA)
  • Network segmentation
  • Continuous monitoring and logging

Security procedures are in place to protect the confidentiality and integrity of personal information, including account data obtained through Google sign-in. Access to Google-derived profile data is limited to personnel and systems that require it to operate and secure CoHost.

Despite these measures, no system is completely secure.

10. YOUR PRIVACY RIGHTS

Depending on jurisdiction, you may have rights to:

10.1 Access

Request access to your Personal Data.

10.2 Rectification

Correct inaccurate or incomplete data.

10.3 Erasure (“Right to be Forgotten”)

Request deletion of your data.

10.4 Restriction of Processing

Limit how your data is used.

10.5 Data Portability

Receive your data in a structured format.

10.6 Objection

Object to certain types of processing.

10.7 Withdraw Consent

Withdraw consent at any time.

To exercise rights: Email: connect@cohost.com

11. CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)

California residents have the right to:

  • Know what personal data is collected
  • Request deletion
  • Correct inaccurate data
  • Opt out of sharing (if applicable)
  • Limit use of sensitive data

We do not sell personal data, including Google user data received through Google sign-in.

12. COOKIES AND TRACKING TECHNOLOGIES

We use:

  • Session cookies
  • Persistent cookies
  • Analytics cookies
  • Advertising cookies

You can manage preferences via browser settings or cookie banners.

13. CHILDREN’S PRIVACY

Cohost is not intended for individuals under:

  • 13 years (U.S.)
  • 16 years (EU, where applicable)

We do not knowingly collect data from children.

14. AUTOMATED DECISION-MAKING

We may use automated systems for:

  • Content recommendations
  • Fraud detection

These systems do not produce legally binding decisions without human review.

15. DATA MINIMIZATION AND PURPOSE LIMITATION

We adhere to:

  • Collecting only necessary data
  • Using data only for specified purposes
  • Limiting access based on need-to-know principles

16. THIRD-PARTY LINKS AND SERVICES

Our Services may contain links to third-party platforms. We are not responsible for their privacy practices.

17. INCIDENT RESPONSE AND BREACH NOTIFICATION

In the event of a data breach:

  • We will investigate promptly
  • Notify affected users where required
  • Report to regulators as mandated

18. DO NOT TRACK SIGNALS

We currently do not respond to “Do Not Track” browser signals.

19. CHANGES TO THIS POLICY

We may update this Privacy Policy periodically. Updates will be communicated via:

  • Posting the revised policy on this page with an updated “Last Updated” date
  • Email notifications when changes are material or when required by law
  • In-product notices for significant changes that affect how we handle sensitive categories of data

If we change how we access, use, store, share, or retain Google user data, we will update this Privacy Policy and provide additional notice where appropriate (including email or an in-product message) so you can review the changes before continuing to use Google sign-in with CoHost.

20. CONTACT INFORMATION

For questions or concerns:

Cohost
Email: connect@cohost.com
Mailing address: available on request for legal and regulatory correspondence at connect@cohost.com.
Website: https://co-hostapp.com

21. GOVERNING LAW

This Privacy Policy shall be governed by and interpreted in accordance with the laws of the United States, without regard to conflict-of-law principles, except where mandatory local law requires otherwise.

22. ENTIRE AGREEMENT

This Privacy Policy forms part of your agreement with Cohost and should be read alongside our Terms of Service.

By using Cohost, you acknowledge that you have read, understood, and agree to this Privacy Policy.