Trust & Security
How we protect your business.
You are sharing sensitive business context with CoS AI — decisions, team dynamics, financial signals, personal commitments. That trust is the foundation of this product. Here is exactly what we do to protect it.
Last updated: April 13, 2026 · Questions: security@chiefofstaffai.ai
The most important thing first.
Your conversations, decisions, and business context are never used to train any AI model — not ours, not Anthropic's. What you share with CoS AI stays in your account. It informs your responses. It never leaves to benefit anyone else. This is not a policy grey area. It is a hard architectural boundary.
For GDPR DPA requests: security@chiefofstaffai.ai
Security controls
What is in place today and what is on the roadmap.
Where your data lives
All user data — conversations, decisions, captures, calendar connections — is stored in the United States on Neon PostgreSQL infrastructure. We do not currently offer EU or regional data residency hosting. If your organisation has a data residency requirement, contact us before signing up so we can advise accurately.
Uploaded documents (PDFs, spreadsheets) are stored on the application server and processed in memory. Extracted text and AI summaries are stored in your account database. Raw files are retained until you delete them from your account.
AI model and your data
CoS AI uses Anthropic's Claude API to generate responses, briefs, and analysis. Under Anthropic's API usage policy, data sent via the API is not used to train Anthropic's models. This applies to all content you share with CoS AI.
Your business context — including priorities, decisions, team information, and health signals — is stored in your account and injected into AI requests as needed to generate personalised responses. This context is yours exclusively. It is not shared with other accounts. It is not used to improve responses for other users.
CoS AI does not currently use any fine-tuned model trained on data from its user base. If this changes, we will notify all subscribers and update this page before implementation.
Who can access your data
No CoS AI employee reads your conversations, decisions, or business context. There is no customer support portal that exposes user data. Access to the production database requires direct server credentials, limited to the founder and is audited.
Calendar and email access tokens are encrypted using a server-side key before storage. They are decrypted only at the moment of an API call and never written to logs. If you disconnect a calendar integration, the tokens are deleted immediately.
Third-party providers
Every provider we use is bound by data processing terms and selected for their security posture.
Prompts are processed to generate responses and not retained for model training. Anthropic's API data policy explicitly prohibits using API traffic to train models.
Security documentation →Your business context, decisions, and captures are stored in a managed PostgreSQL instance hosted in the United States. Neon encrypts data at rest and in transit.
Security documentation →Billing and card data are handled exclusively by Stripe. CoS AI never sees or stores card numbers. Stripe is PCI DSS Level 1 certified.
Security documentation →Calendar and email access uses OAuth 2.0 scopes. Access tokens are encrypted before storage. You can revoke access at any time from your Google or Microsoft account settings.
Security documentation →Compliance roadmap
Your data rights
To exercise any of these rights: privacy@chiefofstaffai.ai
Incident response
In the event of a security incident that affects your data, we will notify affected subscribers by email within 72 hours of becoming aware of the breach — consistent with GDPR requirements. Notification will include: what data was affected, what happened, what we have done, and what you should do.
Security questions
If you work in a regulated industry and have specific security or compliance requirements before signing up, reach out directly. We will give you an honest answer — not a marketing one.
security@chiefofstaffai.ai