Privacy
Last updated June 2026
Cosign is built so that we do not need your personal data to operate. There are no accounts, and your signing keys never leave your device. This page explains what that means in practice.
No accounts
Cosign does not require an account, email, or password. You connect signers and squads directly, and nothing about you is registered with us.
Keys stay on your device
Signing keys are generated and stored on your iPhone, in the iOS Keychain, or on a connected hardware signer. They never leave the device and we never receive them. Recovery phrases are shown only on your device, behind Face ID.
What the relay does
The Cosign relay proxies Solana RPC requests and helps decode proposals into readable actions. It forwards requests to the Solana network and returns the results. It cannot sign transactions or move funds.
Rate limiting by IP
To keep the relay healthy and prevent abuse, requests are rate-limited by IP address. IP addresses are used transiently for this purpose and are not used to build a profile of you.
No personal-data storage
We do not store personal data. We do not sell or share data, because we do not collect it in the first place. Any operational logs are minimal and used only to keep the service running.
On-chain data is public
Squads, vaults, proposals, and transactions live on the Solana blockchain and are public by design. Cosign reads this public data to show you proposals. It is visible to anyone using the network, independent of this app.
Changes to this policy
If this policy changes, we will update the date at the top of this page. Because Cosign does not have accounts, material changes will be reflected in the app and on this page rather than by direct notice.