Coheso

PricingLoginSign Up

Coheso Privacy Policy

Effective Date: 5/22/2026

Coheso LLC (“Coheso,” “we,” “our,” or “us”) respects your privacy and is committed to protecting your information.

1. Information We Collect

Personal information may include name, email, phone number, billing information, and business information.

Account information includes login credentials and data uploaded to the platform.

Customer Data may be stored by users who manage their own clients.

Payment processing is handled by third-party processors such as Stripe. Coheso does not store full credit card numbers.

Usage data may include IP address, browser type, device information, and usage activity.

2. How We Use Information

Information is used to operate the platform, manage accounts, process payments, provide support, improve services, prevent fraud, and comply with legal obligations.

3. Customer Data Responsibilities

Users retain ownership of their Customer Data. Coheso processes this data solely to provide the Services.

4. Data Sharing

Coheso does not sell personal data. Data may be shared with infrastructure providers, analytics providers, email services, or payment processors.

Data received from Google Workspace APIs is not transferred or sold to third parties, and is not used to serve advertising, retarget users, or determine credit-worthiness.

5. Data Retention

Data is retained only as long as necessary to provide services, comply with legal obligations, resolve disputes, and enforce agreements.

6. Data Security

Coheso implements reasonable safeguards including encryption and secure infrastructure.

7. AI and Data Usage

Coheso does NOT use Customer Data or personal data to train artificial intelligence or machine learning models.

Data is used solely to operate and improve the platform for the account owner.

Coheso does not sell, repurpose, or use user data for external AI model training.

This commitment applies to data Coheso receives from Google Workspace APIs: Coheso does not use such data to develop, improve, or train any artificial intelligence or machine-learning model, including non-personalized models.

8. Google Workspace Data (Google Calendar & Google Meet)

Coheso offers an optional integration with Google Calendar and Google Meet that coaches may choose to connect to their Coheso account. Coheso does not request a Google connection from clients.

Information we access.When a coach connects their Google account to Coheso, Coheso requests the following OAuth scopes through Google’s standard consent screen:

  • openid, email, and profile — to identify the connected Google account so Coheso can show the coach which account is connected and label the integration in the Coheso interface.
  • https://www.googleapis.com/auth/calendar.calendarlist.readonly — to read the list of calendars to which the coach has write access, so the coach can choose which calendar Coheso writes session events to.
  • https://www.googleapis.com/auth/calendar.freebusy— to read the start and end times of busy intervals on the coach’s selected calendar, so Coheso can avoid double-booking the coach. This scope does not grant Coheso access to the titles, descriptions, attendees, or locations of those events.
  • https://www.googleapis.com/auth/calendar.events — to create, update, and delete the calendar events that Coheso publishes on behalf of the coach for sessions booked through Coheso.
  • https://www.googleapis.com/auth/meetings.space.created (optional) — to generate a Google Meet conference link for a session when the coach has enabled Meet provisioning. This scope is limited to Meet spaces that Coheso creates; it does not grant Coheso access to any other Meet spaces.

Coheso requests the narrowest scopes that support each feature.

Information we store. Coheso stores:

  • The email address and display name associated with the connected Google account, used to label the integration in Coheso.
  • OAuth access and refresh tokens, used to call Google APIs on the coach’s behalf. Tokens are encrypted at rest using AES-256-GCM.
  • For each session Coheso has published to Google, the Google event identifier and revision token, used so that Coheso can later update or remove that specific event.

Infrastructure.Encrypted tokens and integration records are stored on DigitalOcean managed infrastructure (managed Postgres, United States region) under Coheso’s control. Google data is not processed by any third-party subprocessor other than the infrastructure providers used to host the Coheso platform.

Coheso does not store the contents of Google Calendar events — including titles, descriptions, attendees, locations, free/busy responses, or Google Meet URLs — in its own database. When this information is needed, it is read from Google on demand and is not persisted.

Information we send to Google.When a coach books, reschedules, or cancels a session through Coheso, Coheso sends to the coach’s selected Google Calendar only the information the coach has entered in Coheso for that session — the session title, description, start and end times, location (if applicable), and the participating client’s email and name. Coheso does not send Google any data about coaches who have not connected a Google account, or about clients who are not participating in a booked session.

Sharing. Coheso does not transfer, sell, rent, or share data received from Google Workspace APIs with third parties for advertising, retargeting, behavioral analytics, machine-learning training, credit determination, or any other purpose unrelated to providing the calendar integration. Coheso does not use this data to serve advertising of any kind.

AI and machine learning. Coheso does not use data received from Google Workspace APIs to develop, improve, or train any artificial intelligence or machine-learning model, including non-personalized models.

Retention and deletion.A coach may disconnect their Google account at any time from Coheso’s account settings. When a coach disconnects:

  • Coheso revokes the OAuth refresh token at Google.
  • Coheso deletes the calendar integration record and the encrypted OAuth tokens from its database.
  • Google event identifiers and revision tokens previously stored on the corresponding Coheso session records are retained alongside those session records as part of Coheso’s session history. These identifiers cannot be used to access Google data without an active OAuth token.

To request deletion of records associated with a disconnected Google account, coaches may contact Coheso at support@coheso.io.

Human access.Coheso employees and contractors do not read data received from Google Workspace APIs except (a) with the coach’s affirmative consent for a specific case (e.g., a support ticket the coach has opened), (b) where necessary for security investigations or to comply with applicable law, or (c) where the data has been aggregated and anonymized for internal operations.

Limited Use.Coheso’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

9. Privacy Rights

Users may have rights to access, correct, or delete personal data depending on jurisdiction.

10. Cookies

Cookies may be used to improve functionality and analyze platform usage.

11. International Data Transfers

Data may be transferred to and processed in the United States.

12. Children’s Privacy

Services are not intended for individuals under 18.

Contact

Coheso LLC
2655 Donna Drive
Columbus, Ohio 43220
support@coheso.io