Cobble
Sign in

Last updated June 5, 2026

Privacy Policy

Last updated: June 5, 2026

Cobble Technologies LLC, a New York limited liability company ("Cobble," "we," "us," or "our") respects your privacy. This Privacy Policy explains what information we collect, how we use it, who we share it with, how we protect it, and the choices you have. It applies to the Cobble platform at cobble.nyc and to any related services (the "Services").

1. Summary

  • We collect what we need to run the Services: account information, the building documents you upload, the questions you ask the chat, and basic usage information.
  • We do not sell, rent, or trade your personal information. Our business model is subscription revenue from buildings — not advertising or data brokerage.
  • We do not use your documents to train AI models — ours or any third party's.
  • We name our sub-processors (Section 4) so you can audit who has access to what.
  • You can export or delete your data at any time.

2. Information We Collect

Account information. Name, email address, and (for paid plans) billing details. Authentication is handled by Clerk; we receive only the account identifiers we need to associate you with your building.

Building documents and data. The governance documents you upload (bylaws, proprietary lease, offering plans, house rules, meeting minutes, vendor contracts, invoices, etc.), the structured records that result from them (proposed projects, action items, role responsibilities, contractors, units, residents), discussion threads attached to projects, answers you explicitly save from chat, and any data you enter manually (custom compliance tasks, notes, ownership assignments).

Chat queries. The questions you ask Cobble's AI document chat stream through our LLM provider in real time and are not persisted server-side after the response completes. We do retain a single per-user timestamp marking the first time you used the chat — used only to drive in-product onboarding cues. Answers you explicitly save via the "Save this answer" affordance are stored under your building's record (see "Building documents and data" above) and remain until you delete them.

Public records data. When you set up a building, we retrieve publicly available data about that address from NYC government sources (HPD, DOB, DOF, OATH, NYC Open Data, ACRIS). We store these results in our database to make them quickly accessible to your board, and we periodically re-fetch them (on demand when a board member clicks "Refresh records," and automatically on a weekly schedule) so newly-filed violations, complaints, and recorded documents surface in your dashboard activity stream.

Usage information. Standard server logs (timestamps, IP addresses, user agents, page paths, error traces) and product analytics (which features are used, how often, where users get stuck). Analytics are powered by PostHog, which includes session replay — a recording of the visual interactions you have with the Services (clicks, scrolls, navigation). Replays are used internally to debug issues and improve the product; they are not shared with third parties for advertising. We do not use third-party advertising or tracking cookies.

Communications. When you email us or open a support ticket, we keep that record so we can follow up.

3. How We Use Your Information

  • Provide the Services — authentication, document processing, AI answers, compliance tracking, and everything else you signed up for.
  • Improve the Services — analyze aggregated usage data and quality of AI answers. We do not use your documents to train AI models.
  • Communicate with you — service announcements, security notices, billing receipts, and (if you opt in) product updates.
  • Maintain security and integrity — detect abuse, prevent fraud, enforce our Terms of Service.
  • Comply with the law — respond to legal process, protect rights and safety.

4. Building Documents and Building Data

Cobble ingests documents and data on behalf of your building cooperative or condominium. This includes governance documents (bylaws, proprietary leases, offering plans, house rules, amendments), operational records (meeting minutes, vendor contracts, invoices), and financial information you choose to upload (budgets, reserve balances).

Building data is treated as the property of the building entity, not of individual users. Access to building data is controlled by the board of the building, mediated through Clerk Organizations. When a board member's access is revoked, the documents and data remain with the building. When a building cancels its subscription, building data is available for export for thirty (30) days and is then permanently deleted within sixty (60) days, except as required to be retained for legal, accounting, or fraud-prevention purposes.

5. AI Processing

Documents you upload are processed by AI systems to enable search, question-answering, document extraction, and other intelligent features. Specifically:

  • LLM provider. We use Google AI Studio (Gemini) as our large-language-model provider. Document content is transmitted to Google for processing, subject to Google's API terms which prohibit the use of customer data for model training.
  • OCR provider. For scanned PDFs, we use Google's Gemini 2.5 Pro to extract text. Same no-training commitment applies.
  • No training on your data. We do not use your documents, queries, or any account-specific content to train, fine-tune, or improve any AI models — ours or any third party's. Our LLM provider is configured to not retain or train on inputs.
  • Authenticated chat queries are not retained. The questions you ask in the signed-in product stream to and from the LLM provider in real time and are discarded server-side once the response completes. We keep only a single timestamp per user marking the first time you used the chat, used only to drive in-product onboarding cues. If you explicitly save an answer with the "Save this answer" button, that saved Q+A is stored under your building's record (see Section 2 "Building documents and data") and persists until you delete it.
  • Demo chat queries. Questions asked on our public /demo page are logged with the requesting IP address and a per-browser session id (no account is associated) for rate-limiting and product research. Demo logs are retained for thirty (30) days.

Meeting Recordings

When a board member uses Cobble's meeting transcription feature, our sub-processor Recall.ai joins the meeting as a visible participant (displayed as "Cobble Notes" in the participant list). Recall.ai records the meeting's audio and transcribes it via its transcription provider, Deepgram. The resulting text transcript is sent to our LLM provider (Google AI Studio / Gemini) to generate a plain-English summary and propose structured action items, projects, and attendance for board review.

  • What we retain. The text transcript, the AI-generated summary, and the structured proposals you accept into your building's record. These persist until you delete them or your subscription ends (see Section 9).
  • What we do not retain. The raw audio recording. Recall.ai deletes the audio per its data retention policy after transcription completes; Cobble never stores audio files on our infrastructure.
  • Bot is visible. Cobble's bot appears in the participant list and is announced in the meeting platform's UI. Cobble does not support hidden/covert recording.
  • Your responsibility for attendee notice. You are responsible for informing meeting attendees that the meeting is being recorded and transcribed. New York is a one-party consent jurisdiction, but your board may meet with participants in other jurisdictions or simply want to follow best practices. The Cobble schedule form requires you to confirm you will inform attendees before the bot is dispatched.
  • You can cancel. A scheduled bot can be canceled at any time from the /meetings page before or during the meeting; the recording stops immediately and the audio is deleted by Recall.ai per its policy.

6. Sub-Processors

We use the following third-party service providers to operate Cobble. Each is bound by a written contract requiring confidentiality and appropriate data protection. We do not sell, rent, or trade your data to any third party for marketing purposes.

Sub-processorWhat they receive
ClerkAccount credentials, sign-in events, organization membership
VercelApplication hosting, edge runtime, build artifacts
Vercel BlobEncrypted storage of your uploaded documents (private; access controlled by signed URLs)
NeonPostgreSQL database (account info, structured building data, extracted document text)
Google AI Studio (Gemini)Document text and questions submitted to the chat or OCR pipeline (queries are not retained by us; Google's no-training commitment applies)
PostHogProduct analytics + session replay (clicks, scrolls, navigation, error events). Used internally to debug issues and understand which features get used.
ResendTransactional email (account notifications, invites, password resets)
Recall.aiMeeting audio capture + transcription orchestration when you use Cobble's meeting recording feature. Audio is deleted by Recall.ai per its retention policy after transcription completes.
DeepgramSpeech-to-text transcription of meeting audio (subprocessor of Recall.ai).
NYC Open DataWe send publicly-available identifiers (BBL, BIN, address) to retrieve public records; this is one-way (we receive data, not the other way around)

This list will be updated when sub-processors change. We do not use any advertising sub-processors and do not share data for cross-context behavioral advertising.

7. NYC Public Records Data

We retrieve and display publicly available data from New York City government sources, including but not limited to HPD, DOB, DOF, OATH, ACRIS, and NYC Open Data. This data is publicly available; we surface and contextualize it but do not modify the underlying records. Inaccuracies in city data may appear in Cobble. We are not affiliated with or endorsed by any NYC government agency.

We periodically re-fetch these public datasets — both on demand (when a board member clicks "Refresh records") and on a weekly automated schedule — so we can detect newly-filed records and surface them in your dashboard activity stream. For each new record we observe, we store a small reference (the source dataset, the public record identifier, the original filing date, and a short summary) so we can show "recently added" cues and avoid re-notifying you about the same record twice. No new categories of personal information are introduced by this process; the underlying data remains public NYC records.

8. How We Share Information

We share your information only in the following limited circumstances:

  • With sub-processors — see Section 6.
  • With your board — building data is shared among members of your building's Clerk organization, per your board's access decisions.
  • At your direction — when you explicitly export, share, or transmit data through the Services.
  • For legal reasons — if we are required by law, subpoena, or court order, or if necessary to protect rights, safety, or property.
  • In a business transfer — if we are acquired, merged, or sold, your information may be transferred. We will notify you and give you the opportunity to delete your data before such a transfer.

We do not sell, rent, or trade your personal information. We have not done so in the past, and we commit not to do so in the future. Cobble's business model is subscription revenue from buildings — not advertising, data brokerage, or other monetization of user data.

9. Data Retention

  • Account data — retained for the duration of your account.
  • Building documents and data — retained for the duration of your subscription. Upon cancellation, data is available for export for 30 days, then permanently deleted within 60 days of cancellation, except as required to be retained for legal, accounting, or fraud-prevention purposes.
  • Authenticated chat queries — not retained server-side. Only a single per-user timestamp marking first chat use is stored.
  • Saved answers — retained until you delete them or your building's data is deleted (see above).
  • Demo chat logs — 30 days.
  • Product analytics + session replays (PostHog) — retained per PostHog's default retention windows.
  • Server logs — 30 days.
  • Backups — 30 days, encrypted at rest.

10. Security

We use industry-standard technical and organizational measures to protect your information. Data is encrypted in transit (TLS) and at rest (managed by Vercel, Neon, and Vercel Blob). Access to production data is limited to authorized personnel and audited. We use Clerk's hardened authentication infrastructure for account management.

No system is perfectly secure. If a breach occurs that affects your data, we will notify you in accordance with applicable law.

11. Your Rights and Choices

Depending on where you live, you may have rights including:

  • Access. Request a copy of your personal information.
  • Correction. Update inaccurate or incomplete information.
  • Deletion. Request deletion of your personal information. Note that some data may be retained for legal or accounting purposes.
  • Export. Receive a portable copy of your building data.
  • Restriction / objection. Restrict or object to certain processing.
  • Withdraw consent. Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, email privacy@cobble.nyc. We will respond within thirty (30) days, or sooner if required by applicable law. We may need to verify your identity before fulfilling the request.

Right to appeal

If we deny your request, you may appeal by replying to our denial. We will respond to appeals within forty-five (45) days.

12. U.S. State-Specific Rights

California (CCPA/CPRA), Colorado, Connecticut, Virginia, Utah, and other states with comprehensive privacy laws. Residents of these states have additional rights under their state laws, including the right to know, the right to delete, the right to correct, the right to opt out of sale or sharing (we do not sell or share for cross-context behavioral advertising), and the right to non-discrimination.

To exercise these rights, contact privacy@cobble.nyc.

Do Not Track signals. We do not currently respond to "Do Not Track" browser signals because no consistent standard has emerged. We do not engage in cross-site tracking.

Shine the Light (California Civil Code §1798.83). California residents may request information about disclosures of personal information to third parties for direct marketing purposes. We do not share personal information for third-party direct marketing.

13. Children's Privacy

The Services are not directed to children under 18. We do not knowingly collect personal information from children under 18. If you believe a child has provided us personal information, contact us at privacy@cobble.nyc and we will delete it.

14. International Users

Cobble operates from the United States. If you access the Services from outside the U.S., you understand that your information will be transferred to and processed in the U.S., where data-protection laws may differ from those in your jurisdiction.

15. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice in the Services. The "Last updated" date at the top reflects the most recent revision.

16. Contact

Privacy questions, requests, or complaints: privacy@cobble.nyc.