Last Updated: May 1, 2026
1. Introduction
This Privacy Policy describes how Cobble Network, Inc., doing business as Cobble ("Cobble," "Company," "we," "our," or "us") collects, uses, processes, protects, and discloses information when you ("you," "your," or "Customer") access or use our websites, including cobble.network, <!-- VERIFY: original draft said cobble.ai — confirm which domain(s) to list; the Terms of Service and contact addresses use cobble.network --> our application programming interfaces ("APIs"), dashboards, software, and all related products and services (collectively, the "Services").
This Privacy Policy explains the categories of information we may collect from you or that you may provide to us, including personal information, account information, billing information, and data submitted through the Services. It also describes our practices regarding the collection, use, disclosure, retention, and protection of that information. Capitalized terms not otherwise defined in this Privacy Policy have the meanings set forth in our Terms of Service.
By accessing or using the Services, you acknowledge that you have read and understand this Privacy Policy. If you do not agree with this Privacy Policy, you should not access or use the Services. We may update this Privacy Policy from time to time, and when we make material changes we will revise the "Last Updated" date and, where required by law, provide additional notice.
A note on data submitted by our business customers. Where personal information is contained in Inputs submitted to the Services by or on behalf of a business customer, Cobble processes that information as a service provider or processor on the customer's behalf, as described in our Data Processing Addendum. If your personal information was submitted to the Services by one of our customers, please direct privacy requests to that customer; we will assist them in responding as required by law and our agreements.
2. Data Submitted to and Returned by the Inference Services
We understand that the prompts, files, datasets, images, audio, API requests, and other materials you submit to the Services ("Inputs"), as well as the model-generated responses, completions, images, audio, embeddings, and other content returned by the Services ("Outputs"), may contain personal information, confidential business information, proprietary data, or other sensitive materials.
Our default inference architecture is designed around zero-retention or near-zero-retention principles. We do not use Inputs or Outputs to train, fine-tune, distill, benchmark, or otherwise improve machine learning models unless you have expressly and affirmatively opted in to such use.
During standard inference operations, Inputs and Outputs are processed primarily in volatile memory and are deleted from active processing systems after the request is completed, subject to ordinary system lifecycle processes such as memory reclamation and cache eviction. We do not intentionally persist prompt and completion content to long-term storage by default for self-service API inference requests.
In limited circumstances, we may temporarily retain Inputs, Outputs, or portions thereof for short periods of time when reasonably necessary to:
- process queued, asynchronous, or batched requests;
- retry failed requests;
- diagnose active technical issues;
- detect abuse, fraud, or security incidents;
- enforce our Terms of Service and Acceptable Use Policy; or
- comply with legal obligations.
Where commercially reasonable, we seek to minimize content-level logging and instead retain only operational metadata such as timestamps, token counts, model identifiers, routing information, and error codes.
Certain optional features — such as saved conversations, datasets, fine-tuning uploads, analytics dashboards, workflow histories, or customer-configured logging — may intentionally store Inputs and Outputs at your direction. Where such features are enabled, retention will occur in accordance with the applicable product settings and documentation.
Additional technical information regarding our data handling and retention practices is available in our documentation. <!-- TODO: insert documentation URL -->
3. Information We Collect
We collect information from and about users of the Services in order to provide, secure, maintain, and improve Cobble, process transactions, communicate with Customers, and comply with legal obligations.
3.1 Account Information
When you create an account, request API access, subscribe to a paid plan, or otherwise register to use the Services, we may collect information such as:
- name;
- email address;
- company or organization name;
- billing address;
- account credentials and authentication identifiers;
- subscription and plan information; and
- API keys and related account identifiers.
3.2 Communications Information
We collect information that you provide when you:
- contact customer support;
- communicate with our sales team;
- submit feedback or feature requests;
- respond to surveys;
- register for webinars, events, or marketing communications; or
- participate in promotional activities.
This may include the content of your communications, attachments, and any additional information you choose to provide.
3.3 Billing and Transaction Information
When you purchase Services, subscribe to a plan, or add prepaid credits, payment processing is handled by Stripe and other authorized payment providers. We may receive limited billing and transaction information, such as:
- billing contact information;
- payment status;
- transaction identifiers;
- invoice details;
- subscription status; and
- partial payment method details (such as card brand and last four digits).
We do not store full payment card numbers, CVV codes, or other sensitive payment authentication data.
3.4 Technical, Usage, and Log Information
When you access or use the Services, we and our service providers automatically collect technical, operational, and usage information through server logs, cookies, pixels, local storage, and similar technologies. This information may include:
- Device and browser information: IP address; browser type and version; operating system; device identifiers; language settings; referring and exit URLs; and time zone settings.
- Usage information: pages viewed; features used; time spent on pages; navigation patterns; API request counts; token usage; model selections; error events; and rate limit events.
- Log data: request timestamps; authentication events; token counts; model and routing metadata; response status codes; performance metrics; and security and abuse detection signals.
Where commercially reasonable, we seek to minimize storage of full prompt and completion content within logs.
In many cases, automatically collected information does not directly identify you. However, we may associate it with your account information, billing information, or other personal information we collect in order to operate, secure, and improve the Services.
3.5 Inputs and Outputs
The Inputs you submit to the Services and the Outputs returned by the Services may contain personal information, confidential information, and other sensitive materials. Our handling of Inputs and Outputs is governed by Section 2 (Data Submitted to and Returned by the Inference Services).
3.6 Cookies and Similar Technologies
We and our service providers may use cookies, web beacons, pixels, local storage, and similar technologies to:
- authenticate users;
- maintain sessions;
- remember preferences;
- analyze usage patterns;
- measure performance;
- detect fraud and abuse; and
- support marketing and communications.
You may control certain cookies through your browser settings; however, disabling cookies may affect the functionality of the Services, including authentication, account management, and certain dashboard features.
3.7 Information We Collect From Third Parties
We may receive information from third parties, including:
- payment processors such as Stripe;
- authentication and identity providers;
- analytics providers;
- fraud prevention providers; and
- business partners, marketing partners, and referral sources.
We may combine information received from third parties with information collected directly from you.
4. How We Use Your Information
We use the information we collect for the following business and operational purposes:
- to provide, operate, maintain, and improve the Services;
- to authenticate users and manage accounts;
- to provision API access, process inference requests, and return Outputs;
- to process payments, subscriptions, invoices, and prepaid credits;
- to provide customer support and respond to inquiries;
- to send transactional notices, billing notifications, and account-related communications;
- to monitor usage, performance, and system reliability;
- to detect, investigate, and prevent fraud, abuse, security incidents, and violations of our Terms of Service or Acceptable Use Policy;
- to personalize dashboard experiences, recommendations, and product features;
- to conduct analytics and internal reporting;
- to comply with legal obligations and enforce our contractual rights;
- to communicate product updates, service announcements, and marketing communications where permitted by law; and
- for any other purpose disclosed at the time the information is collected or with your consent.
We do not use Inputs or Outputs to train, fine-tune, or improve machine learning models unless you have expressly opted in to such use.
4.1 Automated Decision-Making
Cobble does not use automated decision-making or profiling to make decisions that produce legal or similarly significant effects about individuals. We may use automated systems to detect fraud, enforce rate limits, identify abuse, and maintain the security and reliability of the Services.
5. Disclosure of Your Information
We may disclose information we collect as described in this Privacy Policy in the following circumstances.
5.1 Aggregated and De-Identified Information
We may disclose aggregated, anonymized, or de-identified information that does not reasonably identify any individual or Customer, subject to applicable law. Where we maintain de-identified information, we will maintain and use it only in de-identified form and will not attempt to re-identify it, except as permitted by law to test the effectiveness of de-identification.
5.2 Service Providers and Subprocessors
We may disclose personal information and other data to trusted third-party service providers and subprocessors that assist us in operating the Services, including providers of:
- cloud hosting and infrastructure;
- authentication and database services;
- payment processing;
- analytics;
- fraud prevention;
- customer communications; and
- support systems.
Examples may include Supabase, Stripe, Cloudflare, Vercel, and Resend. An up-to-date list of subprocessors is available as described in our Data Processing Addendum.
5.3 Third-Party Model and Infrastructure Providers
When you use specific models or endpoints, your Inputs and related request metadata may be transmitted to the applicable model hosts, infrastructure providers, or upstream API providers necessary to generate Outputs. These disclosures occur solely to provide the Services requested by you.
5.4 Legal Compliance and Protection
We may disclose information where we believe such disclosure is necessary or appropriate to:
- comply with applicable laws, regulations, court orders, subpoenas, or lawful governmental requests;
- enforce our Terms of Service, contracts, and policies;
- protect the rights, property, safety, and security of Cobble, our customers, service providers, or the public; or
- detect and prevent fraud, abuse, and security incidents.
5.5 Business Transfers
We may disclose information in connection with an actual or proposed merger, acquisition, financing, asset sale, reorganization, bankruptcy, or similar corporate transaction, subject to customary confidentiality protections.
5.6 With Your Consent
We may disclose information for any additional purpose with your consent or at your direction.
5.7 No Sale or Sharing
Cobble does not sell personal information for monetary or other valuable consideration and does not share personal information for cross-context behavioral advertising, as those terms are defined under applicable law.
6. Your Choices Regarding Personal Information
Cobble strives to provide you with meaningful choices regarding the personal information we collect and how it is used.
6.1 Cookies and Tracking Technologies
Most web browsers allow you to control cookies through browser settings, including the ability to:
- block all cookies;
- block certain categories of cookies;
- delete existing cookies; and
- receive alerts when cookies are being placed.
If you disable or refuse cookies, some portions of the Services may not function properly, including authentication, account management, and certain dashboard features.
6.2 Opt-Out Preference Signals
Because Cobble does not sell personal information or share personal information for cross-context behavioral advertising, there is no sale or sharing to opt out of. To the extent required by applicable law, we treat browser-based opt-out preference signals, such as the Global Privacy Control ("GPC"), as a valid request to opt out of any sale or sharing of personal information associated with your browser. We do not otherwise respond to "Do Not Track" browser signals, for which no industry standard has been adopted.
6.3 Marketing Communications
We may send newsletters, product announcements, promotions, and other marketing communications consistent with applicable law. You may opt out of receiving marketing emails at any time by:
- clicking the "unsubscribe" link included in the communication;
- updating your communication preferences in your account settings, where available; or
- contacting us directly.
Even if you opt out of marketing communications, we may continue to send non-promotional messages relating to your account, billing and subscriptions, security alerts, service updates, legal notices, and support communications.
6.4 Account Information and Settings
Where available, you may review, update, or correct certain account information by logging into your account and editing your profile and billing settings. You may also contact us to request access to, correction of, or deletion of personal information we maintain about you, subject to applicable legal and contractual requirements.
6.5 Inputs and Outputs
Because Cobble processes Inputs and Outputs primarily on an ephemeral basis, standard API inference requests may not be retrievable after processing is complete unless you have enabled optional persistence features such as saved conversations, datasets, or workflow histories.
Where Customer Content is intentionally stored at your direction, you may delete such content through the applicable product interfaces or by contacting us, subject to operational, legal, and contractual limitations.
7. Accessing, Correcting, and Deleting Your Information
You may request to:
- confirm whether we process your personal information;
- access personal information we maintain about you;
- correct inaccuracies;
- delete certain personal information;
- obtain a portable copy of certain information where technically feasible; or
- restrict or object to certain processing where provided by law.
We may need to verify your identity before responding to a request. We may deny or limit requests where permitted by law, including where fulfilling the request would:
- violate legal obligations;
- interfere with security or fraud prevention;
- infringe the rights of others;
- conflict with recordkeeping obligations; or
- require us to retain information necessary to provide the Services.
To submit a privacy request, please contact us at legal@cobble.network.
8. U.S. State Privacy Rights
Residents of certain U.S. states may have additional rights under applicable privacy laws, including the California Consumer Privacy Act, Virginia Consumer Data Protection Act, Colorado Privacy Act, Connecticut Data Privacy Act, Utah Consumer Privacy Act, and Texas Data Privacy and Security Act, among others.
Depending on your state of residence, you may have rights to:
- confirm whether we process your personal information;
- access and obtain copies of personal information;
- correct inaccuracies;
- delete certain personal information;
- obtain data portability;
- opt out of certain forms of processing, such as targeted advertising, sale of personal information, or profiling that produces legal or similarly significant effects; and
- limit or require consent for certain processing of sensitive personal information.
The precise scope of these rights varies by jurisdiction.
8.1 Categories of Personal Information
The following table summarizes the categories of personal information we collect, the sources, and the categories of recipients. We collect this information for the purposes described in Section 4 and retain it as described in Section 10.
| Category | Examples | Sources | Disclosed To |
|---|---|---|---|
| Identifiers | Name, email address, IP address, account identifiers, API keys | You; automatic collection | Service providers; infrastructure providers |
| Commercial information | Subscription plans, transaction records, Credits purchases | You; payment processors | Payment processors; service providers |
| Financial information | Billing contact, partial payment details (card brand, last four digits) | You; payment processors | Payment processors |
| Internet or network activity | Usage data, log data, pages viewed, API request metadata | Automatic collection | Service providers; infrastructure providers |
| Professional information | Company or organization name, role | You | Service providers |
| Sensitive personal information | Account log-in credentials (used solely for authentication); any personal information you choose to include in Inputs | You | Service providers; model and infrastructure providers (Inputs only, to generate Outputs) |
| Communications | Support tickets, sales inquiries, feedback | You | Service providers |
We use sensitive personal information only for the purposes permitted by applicable law, such as providing the Services, authentication, and security, and not to infer characteristics about individuals.
8.2 Exercising State Privacy Rights
To exercise your rights, please submit a request to legal@cobble.network. We may verify your identity and authority before responding. You may designate an authorized agent to submit requests on your behalf, subject to verification.
If we deny your request, you may have the right to appeal the decision by replying to our response or contacting us at the same address. If your appeal is denied, you may contact your state Attorney General.
We will not discriminate against you for exercising your privacy rights.
9. International Users & Data Location
The Services are hosted and operated in the United States, and Cobble is offered only to users located in the United States and authorized U.S. territories. The Services are not intended for persons located in the European Union, European Economic Area, or United Kingdom, and Cobble does not market or offer the Services in those jurisdictions.
By using the Services, you acknowledge that your information will be transferred to, processed in, and stored in the United States. If you access the Services from outside the United States in violation of our Terms of Service, you acknowledge that Cobble does not undertake obligations specific to foreign privacy regimes such as the General Data Protection Regulation ("GDPR") or UK GDPR.
10. Data Retention
Cobble retains personal information only for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, provide the Services, comply with legal obligations, resolve disputes, enforce our agreements, and protect the security and integrity of our platform.
Retention periods vary depending on the type of information and the purpose for which it was collected. For example:
- Account and billing information may be retained for the duration of your account and for additional periods required by tax, accounting, and legal obligations.
- Transaction records may be retained to comply with financial reporting and audit requirements.
- Support communications may be retained to improve customer service and document prior interactions.
- Security and operational logs may be retained for limited periods to detect abuse, investigate incidents, and maintain service reliability.
- Inputs and Outputs submitted through standard inference endpoints are generally processed on an ephemeral basis and are not intentionally stored after request completion, except as described in this Privacy Policy.
If you delete your account, we will delete or de-identify your personal information within a commercially reasonable period, subject to:
- legal and regulatory retention obligations;
- backup and disaster recovery cycles;
- fraud prevention and security needs;
- outstanding billing or payment disputes; and
- preservation obligations associated with litigation or investigations.
Unless otherwise required by law or contract, we generally aim to remove or de-identify account-level personal information within approximately thirty (30) days after verified account deletion requests, although some residual copies may remain temporarily in backup systems.
11. Data Security
We implement commercially reasonable administrative, technical, and physical safeguards designed to protect personal information against accidental loss and unauthorized access, use, alteration, and disclosure.
These measures may include:
- encryption in transit using TLS;
- encryption at rest where appropriate;
- access controls and role-based permissions;
- multi-factor authentication for administrative systems;
- firewall and network protections;
- logging and security monitoring;
- vulnerability management;
- incident response procedures; and
- vendor and subprocessor oversight.
Where applicable and commercially reasonable, we design our systems to support enterprise security requirements, including limited-retention architectures and audit logging. However, unless expressly stated in a separately executed written agreement, Cobble does not represent that it is certified under any specific standard such as SOC 2, ISO 27001, HIPAA, or similar frameworks.
No method of transmission over the Internet or electronic storage is completely secure. Accordingly, while we strive to protect your information, we cannot guarantee absolute security.
You are also responsible for maintaining the confidentiality of your account credentials, passwords, API keys, and authentication tokens. Please do not share these credentials with unauthorized persons.
12. Children Under 18
The Services are intended solely for individuals who are at least eighteen (18) years old. We do not knowingly collect personal information from children under 18. If you are under 18, you may not use the Services or provide any personal information to us.
If we learn that we have collected personal information from a child under 18 without appropriate authorization, we will take reasonable steps to delete that information. If you believe that a child under 18 has provided personal information to us, please contact us at legal@cobble.network.
13. California Privacy Notice
If you are a California resident, you may have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, and related regulations.
Subject to applicable law, California residents may have the right to:
- know what categories of personal information we collect and disclose (see Section 8.1);
- access specific pieces of personal information;
- request deletion of certain personal information;
- request correction of inaccurate personal information;
- receive information in a portable format;
- opt out of any sale or sharing of personal information, if applicable;
- limit certain uses of sensitive personal information where required by law; and
- exercise these rights through an authorized agent.
Cobble does not sell personal information for monetary or other valuable consideration and does not share personal information for cross-context behavioral advertising, as those terms are defined under California law. Cobble has no actual knowledge of selling or sharing the personal information of consumers under sixteen (16) years of age.
We will not discriminate against you for exercising your privacy rights. To exercise your rights, see Section 8.2.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our business practices, legal obligations, technologies, or Services.
When we make material changes, we will:
- update the "Last Updated" date at the top of the Privacy Policy;
- post the revised Privacy Policy on our website; and
- provide additional notice where required by applicable law, such as by email or through account notifications.
Your continued use of the Services after the effective date of an updated Privacy Policy constitutes your acknowledgment of the revised policy, subject to any rights you may have under applicable law.
15. Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:
Cobble Network, Inc. Somerset, Kentucky, United States Email: legal@cobble.network
