Coterie Security & Privacy
Estate Haus, LLC d/b/a Coterie
See also the Terms of Use.
Privacy and security are too important for legalese. Coterie does not own your data, nor do we sell it to others or use it for advertising. It's your data, period.
This policy applies to all information collected or submitted on Coterie's website and our apps, and to the invitation and event surfaces guests use. Coterie is operated by Estate Haus, LLC d/b/a Coterie.
The short version
- Your directory, your notes, your plans: yours. We store them to serve you and for nothing else.
- Guests are told, in the moment, what an invitation captures — and hosts can see their guests' conversations with their own invitations. We say that plainly here and on the invitation itself.
- The Social Secretary runs on a large language model. Your data is never used to train it — ours or anyone's.
- We never sell data, never advertise, and never message your people except as you direct.
Sign in
Sign-in uses an email magic link or Sign in with Google. Sign in with Google is a private, secure way to log in using your Google account and supports two-factor authentication. It does not give Coterie access to your Google credentials or any data stored on Google.
Your directory, and the people in it who aren't users
Most of the people in your Coterie are not Coterie users. Your directory — names, contact details, tags, notes, interaction history — is information you keep, the way your address book or diary would hold it, visible only to you.
- We store your directory to provide the service to you, and for no other purpose.
- Your notes are private to you, used only in your own search and displayed on the corresponding record. Note text is encrypted in storage and in transit.
- Contact information is only accessible to the user who added it. This isolation is reinforced with software safeguards.
- If someone asks what a host holds about them: a host's private notes are the host's own records — like their diary — and are not disclosed by Coterie.
- Guests can always ask us about, and request deletion of, their own conversations with invitations — see "Guests and invitations" below.
Contacts import
When you import contacts (for example, from your phone), Coterie references your contacts only to use the names and details you choose to import, after your review. Imported information is saved only to your account and is never shared. Coterie never messages your contacts except as you direct.
Guests and invitations
When a host invites you to a gathering, you can use the invitation without creating a Coterie account. Here is exactly what happens:
- What we collect from guests: your conversation with the invitation, your RSVP, and details you volunteer in conversation (a plus-one, a dietary note, "running late"), plus thank-yous and replies after the event.
- What the host sees: the host can see your conversation with their invitation and the information captured from it. Captured details are confirmed to you in the moment — the invitation tells you what it noted, when it notes it.
- What other guests see: nothing about you beyond what the host's visibility settings show (for example, whether a guest list is visible). Your conversation is never visible to other guests.
- What you can do: ask us what conversations we hold for your guest link, and request deletion of your conversation history through the contact form.
Co-hosting
Co-hosts share a gathering's plan and see the joint guest list — names and RSVP states. Co-hosts never see each other's directories, person records, or private notes, and a guest's conversation is visible only to the host who invited them. These walls are enforced in software, not in promises.
The get-home-safe note, and messages to your people
Coterie sends messages to your guests only as you direct: the invitations you send, the confirmations you configure, the notes you approve, and — if you choose it — one get-home-safe message after a gathering ends. The get-home-safe note is a courtesy, not a safety service: we do not track guest location, do not monitor replies for welfare, and take no action when a message goes unanswered. There are no marketing messages to guests, ever, from us or through us.
Public event pages and visitors
Some gatherings have a public event page. Visitors to a public page see only what the host published as public, and can converse with the Social Secretary about only that. If a visitor requests an invitation, we collect the name and contact details they provide and share them with the host for approval; declined requests are not retained.
What we will never do
- Never sell personal information. Never advertising — no ads in the product, no ad targeting from your relationships.
- Never message your guests or contacts except as you direct.
- Never use your directory, notes, or conversations to train AI models — ours or anyone's.
- Never show one host's private notes to anyone else, including co-hosts.
- Never use notifications for marketing.
Email from us
We use your account email for product features like summaries you enable, product-update newsletters, and transactional notices (receipts, support). Unsubscribe from newsletters and non-essential notifications anytime.
Analytics
Our apps collect usage metrics — like the percentage of users who use a feature, or sign-in events — solely to improve the product and catch errors and performance problems. This telemetry is high-level product usage and never includes sensitive data like notes, contact information, or conversation content.
Subscriptions
Payment and card information is handled by Stripe. Payment information is never stored on our servers, is used only for your subscription, and is never shared with any third party.
Information usage and disclosure
We use the information we collect to operate and improve Coterie and to support you. We do not share personal information with outside parties except to the extent necessary to provide Coterie's functionality (for example, the LLM processing described above, and payment processing).
We may disclose information in response to subpoenas, court orders, or other legal requirements; to exercise our legal rights or defend against claims; to investigate or prevent illegal activity, suspected fraud, abuse, or policy violations; or to protect rights, property, or safety.
If we sell to, buy, merge with, or partner with other businesses, user information may be among the transferred assets; this policy's commitments travel with the data.
Security
We implement a variety of measures to keep your information secure. Passwords, where used, are hashed — never stored — using industry-standard methods (currently PBKDF2 with SHA-256, per NIST guidance). All communication with the app and website requires HTTPS. Notes, conversations, and sensitive directory fields are encrypted in storage and in transit. If you enable notifications, we store a delivery token; we never use notifications for marketing. We use cookies on the site and tokens in the app to keep you signed in; server software may hold basic technical data such as IP addresses in temporary logs.
Security vulnerability disclosure
If you believe you've found a security or privacy vulnerability affecting Coterie, please report it through the contact form. Include the product and version affected, what you observed versus expected, and numbered reproduction steps (a short video helps). We'll acknowledge receipt and follow up if we need more. For our members' protection, we don't disclose, discuss, or confirm security issues until investigation is complete and any necessary updates are generally available.
Accessing, changing, or deleting information
- Hosts: access or change your information, or delete your account, in the app. Deleting your account deletes your directory, records, plans, and conversations. Deleting a person from your directory deletes that record and its history.
- Guests: request access to or deletion of your conversation history through the contact form.
- Deleted information may persist in encrypted backups for up to 90 days, accessed only for disaster recovery.
- Coterie may delete information when required for technical, legal, or abuse-prevention reasons, or for extended inactivity, with notice where practicable.
Regional rights and compliance
- California: we comply with applicable California privacy law, including consumer rights to access and delete personal information; we do not sell or share personal information as those terms are defined under California law, and we do not distribute personal information to outside parties without consent.
- European Union / UK: where European data-protection law applies, we process personal information under appropriate legal bases and transfer it internationally only under recognized safeguards; residents may exercise access, correction, deletion, and objection rights via the contact below.
- International transfers: information may be processed and stored outside your country; protections in this policy apply wherever the data is processed.
- Children: Coterie accounts are for people 18 and older. Guests at a host's gathering may include minors (a family dinner, a birthday); information a host keeps about their own family members is the host's directory data under this policy, and guest surfaces are not directed at children.
Third-party links and content
Coterie may display or link to third-party content and services (for example, a host's outside links on an event page). These have independent privacy policies, and we're not responsible for their content or practices.
Changes to this policy
We may update this policy as the product and the law evolve. We'll post changes here and, for material changes, notify you in the app or by email before they take effect. Continued use after notice means the updated policy applies.
Contact
Privacy questions and requests: use the contact form · Estate Haus, LLC d/b/a Coterie.