Privacy Policy

Last updated: June 23, 2026

1. Introduction

At Cohort AI, we provide an autonomous conversion optimization layer for mobile applications. We are committed to protecting the privacy of both our customers (app developers) and their end users. This Privacy Policy details the minimal and secure ways we process data to deliver variant testing and revenue forecasting.

2. Data We Process (End-User Telemetry)

Unlike traditional analytics trackers, Cohort AI does not collect or ingest raw Personally Identifiable Information (PII) of your app users. We only ingest the necessary metadata to optimize variant testing:

  • Anonymized App User IDs: A random identifier generated by your app/SDK to track conversion states.
  • Device Information: Platform (iOS, Android, Web) and generalized device type.
  • Locale/Country: We normalize and resolve locale to country level (e.g. "US", "FR") to optimize localized pricing and copy, preserving regional anonymity.
  • Conversion Events: Actions taken within the app (e.g., paywall views, subscription purchases, churn status) which are used to train the Multi-Armed Bandit model.

3. How We Use Data

The telemetry collected is utilized strictly to:

  • Optimize variant selection using Multi-Armed Bandit (MAB) algorithms.
  • Train predictive analytics models (such as revenue forecasting and churn risk calculations).
  • Provide weekly reports and performance alerts on the Cohort AI dashboard.

4. Third-Party Subprocessors

To perform copywriting optimization and data hosting, we partner with the following secure platforms:

  • Cloudflare: For serverless hosting (Workers) and database hosting (D1, SQLite).
  • Google Gemini: To generate alternative variant copywriting hypotheses. No PII is sent to Google's models.

5. Security Standards

We align with the ISO/IEC 27001 standard. All data in transit is encrypted using TLS 1.3, and databases are encrypted at rest using AES-256. Access tokens are secured with cryptographically strong keys.

6. User Rights (GDPR & CCPA Alignment)

End users have the right to request deletion of their telemetry history. You can trigger data removal workflows via our secure purge API endpoint.

7. Contact Us

For any privacy inquiries or compliance requests, contact our privacy officer at privacy@cohort.ai.