Privacy Policy

1. Cloud account and license data

The Co-Op cloud service stores account identity, authentication metadata, payment and license status records, license prefixes, hashed license keys, hashed activation tokens, device labels, activation status, application version, and license refresh timestamps.

2. Local desktop data

Co-Op Desktop stores company profile data, local files, saved research, customer work, workflow history, assistant settings, provider keys, and activation state on the installed machine unless the customer configures an external provider or export path.

3. Activation and heartbeat

During activation and license refresh, the desktop app sends the license key or activation token with a machine fingerprint hash. The cloud service uses this information to validate license status, device limits, expiration, and revocation status.

4. AI and research providers

If a customer uses a local assistant, requests are sent to the configured local service. If a customer connects a private assistant provider, Firecrawl, email provider, or other integration, data sent to that provider is governed by the customer configuration and the terms of that provider.

5. Security practices

• Raw license keys and activation tokens are not stored by the backend as plaintext.
• Provider keys are designed to stay in the desktop app, not the cloud license service.
• Cloud services should run with strong license pepper, admin API secrets, TLS, and least-privilege database credentials.
• Sensitive logs must not include license keys, provider keys, workflow prompts, or customer outputs.

6. Customer choices

Customers can clear local activation state from the desktop app, deactivate devices through supported account workflows, rotate connected provider keys, remove local files, and request deletion of cloud account or license data where legally permitted.

7. Contact

For privacy requests, contact contact@co-op.software.