FAQ

Fast answers to the most common integration and compliance questions.

Does COHESION replace my AI provider?

No. COHESION is middleware. It sits between your AI provider and your operator’s UI. You keep your existing provider; COHESION scores how well humans exercise judgment over its outputs.

Does COHESION see my prompts or model outputs?

No. COHESION receives behavioral telemetry only: time-to-decision, decision kind, modification extent, hover count, scroll depth, alternative-views-checked. Never prompt text, never model output text.

How much data do I need before I get a JIS?

50 interactions or 10 days of monitoring, whichever comes first. Before that, minimum_data_met: false.

How is a key stored?

Peppered SHA-256, pepper held in Cloudflare Secrets Store. Plaintext never touches D1 or logs after the 7-day dual-read cutover window. See security.

Can I self-rotate a key?

Yes. POST /v1/admin/key/rotate. The new key is returned exactly once.

Can I get an EU-resident instance?

Today via contractual path (DPA + SCCs). Dedicated EU-resident D1 cluster targeted Q3 2026. See data residency.

What is “invisible maintenance”?

COHESION can inject subtle, safety-netted interventions (calibration injections, recommendation withholding, unranked presentation) so operators cannot rubber-stamp. Operators are informed at onboarding that maintenance is active; they cannot identify which specific interactions are maintenance. See maintain judgment quality.

How does COHESION map to EU AI Act Article 14?

Each of the 7 judgment dimensions maps to an Article 14 sub-clause. See trust.

Is there a free tier?

Starter tier includes 10,000 requests per month. Contact sales for pilot terms.

Do you support SSO / SAML / OIDC / SCIM?

Not yet. Today: X-API-Key. See SSO roadmap.

How do I report a security issue?

[email protected]. Triage within 48 hours, critical fix within 14 days, safe-harbor clause included.

Next step

Support for anything not answered here.