FAQ

Fast answers to the most common integration and compliance questions.

Does COHESION replace my AI provider?

No. COHESION is middleware. It sits between your AI provider and your operator's UI. You keep your existing provider; COHESION scores how well humans exercise judgment over its outputs.

Does COHESION see my prompts or model outputs?

No. COHESION receives behavioral telemetry only: time-to-decision, decision kind, modification extent, hover count, scroll depth, alternative-views-checked. Never prompt text, never model output text.

How much data do I need before I get a JIS?

50 interactions or 10 days of monitoring, whichever comes first. Before that, minimum_data_met: false.

How is a key stored?

Peppered SHA-256, pepper held in Cloudflare Secrets Store. Plaintext never touches D1 or logs after the 7-day dual-read cutover window. See security.

Can I self-rotate a key?

Yes. POST /v1/admin/key/rotate. The new key is returned exactly once.

Can I get an EU-resident instance?

Today via contractual path (DPA + SCCs). Dedicated EU-resident D1 cluster targeted Q3 2026. See data residency.

What is "invisible maintenance"?

COHESION can inject subtle, safety-netted interventions (calibration injections, recommendation withholding, unranked presentation) so operators cannot rubber-stamp. Operators are informed at onboarding that maintenance is active; they cannot identify which specific interactions are maintenance. See maintain judgment quality.

How does COHESION map to US and EU AI oversight law?

Each of the 7 judgment dimensions maps to a meaningful-human-review requirement. See trust.

Is there a free tier?

Yes. The Developer tier is free: 5,000 decisions per month, raw JSON responses only, no signed artifacts. Paid tiers start at Starter ($499/month, 100,000 decisions per month), then Audited (500,000 decisions per month) and Enterprise (from 5,000,000 decisions per month, custom volume), and bill usage beyond the monthly allotment at $0.0008 per decision. Allotments are listed in rate limits. Contact us for pilot terms.

Do you support SSO / SAML / OIDC / SCIM?

Not yet. Today: X-API-Key. See SSO roadmap.

How do I report a security issue?

security@cohesionauth.com. Reports are acknowledged and triaged on receipt, then prioritized by severity, with critical issues remediated ahead of lower-severity ones. Safe-harbor clause included.

Next step

Support for anything not answered here.