Privacy Policy

Last updated: February 2026

Data Collection

We collect information you provide when creating an account (name, email), transaction data processed through our platform, and usage data such as log data and device information. When your AI agent submits a purchase request, we also collect the merchant information, item details, and shipping address if provided. We do not sell your personal data.

How We Use Your Data

Your data is used to provide and maintain the Cosign service, process purchase requests and issue virtual cards, send notifications about agent activity, improve our platform and develop new features, and communicate with you about your account. Shipping addresses submitted with purchase requests are displayed to you during the approval process and stored as part of the transaction record.

Purchase Approval & Shipping Addresses

When an AI agent includes a shipping address in a purchase request, that address is shown to you for verification before you approve or deny the request. By approving a purchase request, you confirm that the shipping address and all other details are correct. Shipping addresses are stored as part of the purchase request record for dispute resolution and regulatory compliance. Cosign does not use shipping addresses for any purpose other than displaying them for your approval and retaining them in transaction records.

Third Parties

We share data with payment processors to issue virtual cards, cloud infrastructure providers to host our services, and analytics tools to understand usage patterns. All third parties are bound by data processing agreements. We do not share shipping addresses with any third parties beyond what is necessary to process the transaction.

Data Retention

We retain your account data for as long as your account is active. Transaction records, including purchase request details and shipping addresses, are kept for 7 years to comply with financial regulations and to support dispute resolution. You may request deletion of your account and non-regulated data at any time.

Your Rights

You have the right to access, correct, or delete your personal data. You may export your data at any time from your account settings. Note that transaction records required for regulatory compliance cannot be deleted before the retention period expires. To exercise these rights, contact us at privacy@cosign.dev.

Contact

If you have questions about this privacy policy, please contact us at privacy@cosign.dev.