Privacy Policy

Last updated: May 1, 2026

This Privacy Policy describes how LENZ FINLAND IN LATAM ("Lenz Latam", "we", "us") collects, uses, and protects information when you use Cocos Platform ("the Service") at cocosagents.com and app.cocosagents.com.

This policy complies with the Mexican Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP) and, where applicable, the EU General Data Protection Regulation (GDPR).

1. Data Controller

The data controller is LENZ FINLAND IN LATAM, with operations in Mexico. For privacy-related matters contact us at privacy@cocosagents.com.

2. Information We Collect

2.1 Information you provide directly

• Account information: name, email, company, role.
• Authentication credentials managed via Amazon Cognito.
• Content you submit to the Service (prompts, documents, knowledge base entries).
• Payment information processed by third-party payment processors (we do not store full card data).

2.2 Information from connected third-party accounts

When you connect an external account (Google, LinkedIn, Meta) via OAuth, we receive the access tokens and the data scoped by your consent. Specifically:

• Google: profile, email, calendar events (read/write).
• LinkedIn: profile, email, ability to publish posts on your behalf.
• Meta (Facebook + Instagram): Page list, ability to publish posts and read engagement.

Tokens are stored encrypted and used solely to execute actions you have approved through the Service.

2.3 Information collected automatically

• Usage data (pages visited, features used, timestamps).
• Technical data (IP address, browser, device, OS).
• Cookies and similar technologies (see Section 8).

3. How We Use Information

We process personal data for the following purposes:

• Provide, operate, and maintain the Service.
• Execute the AI agents' tasks you request (e.g., post to LinkedIn, schedule a calendar event).
• Authenticate users and prevent fraud.
• Send transactional communications (login alerts, billing, security notices).
• Improve the Service via aggregated, non-identifying analytics.
• Comply with legal obligations.

4. Legal Basis (for users in the EU/EEA)

We process personal data based on: (a) performance of a contract with you; (b) your explicit consent (e.g., OAuth scopes); (c) our legitimate interests in operating and securing the Service; and (d) compliance with legal obligations.

5. Data Sharing

We do not sell personal data. We share data only with:

• Service providers bound by confidentiality (AWS for hosting, Anthropic and Amazon Bedrock for LLM inference, payment processors, analytics).
• Connected platforms when you authorize an action (e.g., Cocos posts to LinkedIn on your behalf).
• Legal authorities when required by law or to protect our rights and the rights of users.
• Successors in the event of a merger, acquisition, or sale of assets, with continued protection.

6. Data Retention

We retain personal data while your account is active and for the time required to fulfill the purposes described, comply with legal obligations, resolve disputes, and enforce our agreements. You can request deletion at any time (see Section 7).

7. Your Rights

Under LFPDPPP (ARCO rights) and GDPR, you may request to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Cancel/erase your data (where legally possible).
• Object to certain processing activities.
• Revoke consent previously granted (e.g., disconnect an OAuth integration).
• Data portability — receive your data in a structured, machine-readable format.

Send requests to privacy@cocosagents.com. We respond within 20 business days as required by Mexican law.

8. Cookies

We use strictly necessary cookies for authentication and security, plus optional analytics cookies. You can disable non-essential cookies via your browser settings without affecting the core functionality of the Service.

9. International Transfers

Our infrastructure runs primarily on Amazon Web Services (us-east-1, United States). When data is transferred outside Mexico or the EU/EEA, we rely on appropriate safeguards, including AWS's compliance with applicable data protection frameworks.

10. Security

We apply technical and organizational measures including encryption at rest and in transit (TLS), tenant isolation, audit logs, role-based access control, and least-privilege practices. No system is 100% secure; we will notify you of any breach as required by law.

11. Children

The Service is not directed to children under 16. We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

12. Changes to This Policy

We may update this policy. The "Last updated" date will reflect changes. Material changes will be notified via email or in-app notice at least 14 days before they take effect.

13. Contact

Privacy requests: privacy@cocosagents.com
General contact: hola@lenzlatam.com