Privacy

Cord AI is operated by Cord AI, an independent company. You can reach us at info@cordai.dev for any privacy question, including data access and deletion requests.

• Account basics. Your name, email, and (optionally) phone number, sign-up role, and organization name. Provided by you at sign-up or via your authentication provider.
• Profile context. Title, location, chapter, and any custom fields a community leader fills in about you.
• Your conversations with Cord. The questions and reflections you send to Ask Cord and the responses Cord generates back. Stored against your account so the assistant has memory across sessions.
• Community activity. Event RSVPs, thread posts, direct messages with other members, and post-event pulse replies.
• Calendar data, when connected. If you connect Google or Outlook, Cord reads your upcoming events to show alongside community gatherings (read-through), and writes Cord events you RSVP to back into your calendar.
• Notifications. Web push subscription tokens, FCM/APNs tokens (when running in the mobile app), and your phone number for WhatsApp if you opt in.
• Diagnostic logs. Standard server logs (request paths, timestamps, IP, user agent) kept for 30 days for debugging and abuse detection.

• We do not surface the content of your private Cord conversations to your community leader, employer, or anyone else inside your organization.
• We do not sell your data to anyone. Ever.
• We do not use your personal conversations to train AI models.
• We do not place advertising tracking pixels or third-party ad cookies on Cord.

Cord uses a small set of well-known subprocessors to deliver the service. They each see only the slice of data they need:

• Vercel — application hosting (US-based)
• Neon — Postgres database (US-based)
• Clerk — sign-in / account auth (US-based)
• Anthropic — powers Ask Cord (US-based). Conversation content is sent to Anthropic to generate replies. Anthropic does not train on this content.
• Stripe — payment processing if you subscribe (US-based). Cord never sees your card number.
• Resend — transactional email delivery
• Twilio — WhatsApp message delivery if you opt in
• Google / Microsoft — only if you connect a calendar, only for the calendar data
• Firebase / Apple APNs — push notification delivery on Android and iOS

We do not sign data-sharing agreements with anyone outside this list.

• Account data and conversations: kept while your account is active. Deleted within 30 days of you asking us to delete your account.
• Server logs: 30 days, then automatically rotated out.
• Payment records: kept as long as legally required for tax and accounting purposes (typically 7 years), held by Stripe.

You can, at any time:

• Ask for a copy of all data we hold about you.
• Correct anything that's wrong.
• Delete your account — which deletes your conversations, profile, and community activity.
• Opt out of WhatsApp echoes and push notifications from inside the app.
• Disconnect calendar integrations — which severs further read or write access immediately.

Email info@cordai.dev for any of the above. We aim to respond within 7 days.

Cord is not designed for and not directed at children under 16. If you believe a child has signed up, email us and we will delete the account.

If we make a material change to how we handle your data, we'll email everyone with a Cord account at least 14 days before the change takes effect. Non-material updates (clarifications, typo fixes) will be reflected with a new effective date at the top of this page.