Privacy Policy

How Cocoon protects your privacy

Effective date: October 29, 2025

1) Who we are

Cocoon is a decentralized network for confidential AI inference. This policy explains what data we collect, how we use it, and your choices.

2) Scope

This policy applies to our website, onboarding forms for developers and GPU owners, support communications, and operational telemetry required to run the network.

3) Data we collect

  • Contact & application data: name, email, Telegram handle, organization, model architecture, expected usage, GPU specs/uptime, region.
  • Operational telemetry (nodes): availability, performance, job success/failure, and aggregate bandwidth/latency metrics. We avoid collecting end-user content.
  • Wallet addresses: TON payout addresses provided by GPU owners and, where applicable, developers.
  • Technical data: IP address, device and browser info, and basic server logs for security and abuse prevention.
  • Cookies: we use only essential cookies for session and abuse prevention. Analytics, if enabled, will be strictly opt-in.

4) How we use data

  • Process applications and onboard developers and GPU owners.
  • Operate, secure, and optimize the network (routing, scheduling, fraud prevention).
  • Handle payouts and account-related communications.
  • Comply with legal obligations and enforce our Terms.

5) Legal bases (EEA/UK)

  • Contract: to provide the services you request.
  • Legitimate interests: network security, prevention of abuse, product analytics (opt-in).
  • Consent: where required, e.g., optional analytics or marketing.
  • Legal obligations.

6) Retention

We keep data only as long as necessary for the purposes above. Operational logs are minimized and retained for a short period unless required to investigate abuse or ensure service reliability.

7) Sharing

  • Vendors/Processors: service providers under contract (e.g., hosting, email). They may process data on our behalf.
  • Legal / safety: where required by law or to prevent harm or abuse.
  • Aggregated insights: we may publish non-identifying statistics about network performance and capacity.

8) International transfers

Data may be processed across multiple regions. When we transfer personal data internationally, we use appropriate safeguards (e.g., SCCs where applicable).

9) Security

We practice data minimization, encrypt data in transit, isolate execution on nodes, and avoid training on customer prompts/outputs. No method of transmission or storage is 100% secure, but we work to protect your data.

10) Your rights

Depending on your location, you may have rights to access, correct, delete, port, or object to processing of your personal data. To exercise rights, contact us using the details below.

11) Children

Our services are not intended for children under 16. We do not knowingly collect data from children.

12) Contact

Email: [email protected] • Security: [email protected]

13) Changes

We may update this policy from time to time. We will post the revised version with a new “Effective date”.

If anything here conflicts with a translated version, this English version controls.