Cosmos Services
Privacy Policy
Last Updated: March 24, 2026
Introduction
Cosmos Services ("we", "our", or "the Platform"), operated by Cosmos One, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our API platform.
Cosmos Services is a cloud-based API platform that provides AI chat services, authentication, subscription management, and usage tracking. You do not interact with Cosmos Services directly — instead, you use it through client applications (Android, iOS, web, or Chrome extension) that are registered on the Platform. When you sign in to one of these apps with your Google account, the app communicates with Cosmos Services on your behalf.
Note on client applications: Individual client applications registered on this Platform may access additional Google APIs or third-party services beyond what the Platform itself handles. Those additional data practices are governed by each client application's own privacy policy. This document covers only data handled by Cosmos Services.
By using Cosmos Services or any application powered by it, you agree to the practices described in this Privacy Policy.
Overview
Cosmos Services is a cloud-based API platform that provides AI chat services, authentication, subscription management, and usage tracking for client applications. When you sign in to a client app with your Google account, the app communicates with Cosmos Services on your behalf to provide AI features, manage your subscription, and enforce usage quotas.
Key Privacy Points:
- Authentication is handled via Google OAuth (PKCE) — we never see or store your Google password
- AI requests are processed by third-party providers (OpenAI, Anthropic) — not stored long-term
- Usage data (token counts, costs) is recorded for quota enforcement
- Subscription management is handled by RevenueCat (via Google Play for Android, App Store for iOS, or Stripe-powered checkout for web and Chrome apps)
- Debug logging includes PII redaction when enabled
- We do not sell your personal data or use it for advertising
- Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements
Google User Data
This section specifically describes how Cosmos Services accesses, uses, stores, shares, and protects data obtained from Google APIs, in compliance with the Google API Services User Data Policy.
Data Accessed from Google
When you sign in to an application powered by Cosmos Services using your Google account, we access the following Google user data:
| Google User Data | Source | Purpose |
|---|---|---|
| Google Account ID (unique identifier, known as "sub") | Google OAuth / ID Token | Uniquely identify your account across sessions |
| Email address | Google OAuth / ID Token | Account identification and communication |
| Email verification status | Google OAuth / ID Token | Confirm your email is verified by Google |
| Display name | Google OAuth / ID Token | Display your name in the application interface |
| Profile picture URL | Google OAuth / ID Token | Display your avatar in the application interface |
The Google OAuth scopes used by Cosmos Services are limited to basic profile information (openid, profile, email). These are non-sensitive scopes. Client applications that require additional Google API scopes (such as Calendar, Drive, or other services) manage those permissions independently under their own Google Cloud projects and privacy policies.
How Google User Data Is Used
We use Google user data solely for the following purposes:
- Authentication and account creation: Your Google Account ID and email are used to create and identify your Cosmos Services account. This is the only method of user authentication.
- Personalization: Your display name and profile picture are shown in the application interface so you can confirm you are signed into the correct account.
- Communication: Your email address may be used to contact you about critical account or service issues.
We do not use Google user data for:
- Advertising, ad targeting, or ad personalization
- Training machine learning or AI models
- Building user profiles for sale or sharing
- Any purpose unrelated to providing the core functionality of the application
How Google User Data Is Shared
Google user data is shared only in the following limited circumstances:
- AI providers (OpenAI, Anthropic): If you use AI chat features, your chat prompts (which you compose and submit) are sent to third-party AI providers for response generation. Your Google profile data (name, email, Google ID, profile picture) is not sent to AI providers.
- RevenueCat: Your Cosmos internal user identifier (a randomly generated UUID, not your Google ID or email) is shared with RevenueCat for subscription management. RevenueCat also sends us subscription event data (purchase status, product ID, transaction IDs, period dates). Your Google profile information (name, email, profile picture) is not shared with RevenueCat.
- Database hosting (Supabase): Your account data is stored in a PostgreSQL database hosted by Supabase. Supabase acts as a data processor and does not independently access or use your data.
We do NOT:
- Sell Google user data to any third party
- Share Google user data with data brokers
- Provide Google user data to advertisers
- Share Google user data with any party not listed above
- Use Google user data for any purpose not disclosed in this policy
How Google User Data Is Stored and Protected
| Data | Storage Location | Protection Method |
|---|---|---|
| Google Account ID (sub) | PostgreSQL database (Supabase) | Encrypted at rest, access-controlled |
| Email address | PostgreSQL database (Supabase) | Encrypted at rest, access-controlled |
| Display name | PostgreSQL database (Supabase) | Encrypted at rest, access-controlled |
| Profile picture URL | PostgreSQL database (Supabase) | Encrypted at rest, access-controlled |
| Google OAuth tokens | Server memory only (during auth flow) | Not persisted; used transiently during sign-in |
Security measures protecting Google user data:
- Encryption in transit: All communication between clients, our servers, and Google APIs uses TLS/HTTPS encryption.
- Encryption at rest: All database records are encrypted at rest via Supabase's infrastructure-level encryption.
- Access control: Database access is restricted to authorized application services only; no human has routine access to production user data.
- Authentication tokens: Access tokens are short-lived (5–15 minutes) JWTs signed with RS256. Refresh tokens are stored as irreversible cryptographic hashes with rotation and reuse detection.
- PII redaction: Debug logging (when enabled) automatically redacts personally identifiable information including email addresses and tokens.
- Admin security: Administrative access to the platform uses argon2id password hashing, session timeouts, and full audit logging.
Google User Data Retention and Deletion
Retention periods:
| Data | Retention |
|---|---|
| Google Account ID, email, name, profile picture | Retained for the lifetime of your account |
| Google OAuth/ID tokens | Not retained; used transiently during authentication only |
How to request deletion of your data:
You can request deletion of all your Google user data at any time using our self-service Account Deletion page:
- Visit https://cosmosone.cloud/account-deletion
- Sign in with the Google account you used in the app
- Select the app you want to delete your account from
- Optionally provide a reason for deletion
- Click "Submit Request"
Your request will be sent to the Cosmos Services support team. Upon receiving your request, we will:
- Verify your identity (already confirmed via Google sign-in on the deletion page)
- Permanently delete your user profile (Google Account ID, email, display name, profile picture URL) from our database
- Remove all associated usage records, subscription data, and authentication data
- Confirm deletion to you via email
Deletion timeline: We will process your request within 30 days of receipt. Some audit log entries referencing your account may be retained for up to 90 days for legal compliance, after which they are permanently deleted.
Alternative contact: If you are unable to access the Account Deletion page, you can also request deletion by emailing support@cosmosone.cloud with the subject line "Data Deletion Request" and the email address associated with your account.
App uninstallation: Uninstalling a client application removes locally stored data (tokens, cached content). However, your server-side data is retained until you explicitly request deletion using the process above.
Revoking access: You can also revoke Cosmos Services' access to your Google account at any time by visiting Google Account Permissions and removing "Cosmos Services" from the list of connected apps. Revoking access will prevent further sign-ins, but to delete data already stored, please follow the deletion process above.
Google API Services: Limited Use Disclosure
Cosmos Services' use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We only use Google user data to provide and improve the user-facing features that are visible and prominent in the application's user interface.
- We do not transfer Google user data to third parties except: (a) as necessary to provide the user-facing features described in this policy, (b) to comply with applicable laws, or (c) as part of a merger, acquisition, or asset sale with prior user notice.
- We do not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
- We do not allow humans to read Google user data unless: (a) we have your explicit consent, (b) it is necessary for security purposes (e.g., investigating abuse), (c) it is necessary to comply with applicable law, or (d) the data is aggregated and anonymized for internal operations.
Information We Collect
Information You Provide
Google Account Information
- Google ID (sub): Unique identifier from Google OAuth
- Email address: Used for account identification
- Display name: Shown in application interfaces
- Profile picture URL: Displayed in application interfaces
- Purpose: Authentication and user identification across client applications
See the Google User Data section above for full details on how Google account information is handled.
AI Chat Content
- Prompts and messages: Submitted to the Platform via client applications
- Processing: Forwarded to third-party AI providers (OpenAI or Anthropic) for response generation
- Storage: Chat content is not permanently stored on our servers; it is processed in transit and returned to the client application
Subscription Information
- Subscription status: Active, expired, trial, etc.
- Product and provider: Which subscription plan via which app store
- Period dates: Current subscription period start and end dates
- Purpose: Determining service entitlements and quota allocation
Automatically Collected Information
Usage Data
- Request counts and timestamps
- Token usage (input and output token counts per AI request)
- Cost calculations for quota enforcement
- Rate limit counters
Authentication Metadata
- Token issuance and refresh timestamps
- Token rotation counters
- Session activity timestamps (for admin accounts)
Audit Logs (Admin Actions Only)
- Administrative login events
- Application configuration changes
- User management actions (block/unblock)
- System settings modifications
Information We Do NOT Collect
- Your Google password (OAuth means we never see it)
- Payment or credit card information (handled by app stores or Stripe via RevenueCat)
- Device identifiers or hardware fingerprints
- Location data
- Contacts, photos, or other device data
How We Use Your Information
Core Functionality
- Authentication: Verify your identity via Google OAuth tokens
- AI Services: Forward your prompts to AI providers and return responses
- Quota Enforcement: Track usage costs against your allocated quota (rolling 7-day window)
- Rate Limiting: Enforce per-user request limits to ensure fair usage
- Subscription Management: Determine your service tier and entitlements
- Trial Management: Track your free trial period (default 7 days, configurable per app)
Platform Operations
- Security: Detect and prevent unauthorized access, token reuse attacks, and abuse
- Monitoring: System health, error tracking, and performance monitoring
- Audit: Record administrative actions for compliance and troubleshooting
Data Storage and Security
Storage Architecture
| Data | Location | Protection |
|---|---|---|
| User profiles | PostgreSQL database (Supabase) | Encrypted at rest |
| Usage records | PostgreSQL database (Supabase) | Encrypted at rest |
| Subscription state | PostgreSQL database (Supabase) | Encrypted at rest |
| Refresh tokens | PostgreSQL database (Supabase) | Stored as cryptographic hashes only |
| JWT signing keys | PostgreSQL database (Supabase) | AES-256 encryption |
| Admin passwords | PostgreSQL database (Supabase) | argon2id hashing |
| Session data | Server memory | HttpOnly, Secure, SameSite cookies |
| Rate limit counters | Redis (production) / memory (dev) | Ephemeral, auto-expiring |
| AI request content | Not stored | Processed in transit only |
Security Measures
- Transport: All API communication over TLS/HTTPS
- Authentication tokens: Short-lived JWT access tokens (5–15 minutes) with RS256 signing
- Refresh tokens: Stored as cryptographic hashes with rotation detection and reuse prevention
- Admin passwords: Hashed using argon2id with strict password policies
- Session management: Idle timeout, absolute expiration, and revocation on security events
- PII redaction: Automated scrubbing of personally identifiable information in debug logs
- Encryption at rest: Database-level encryption for all stored data
Data Sharing and Disclosure
Third-Party Service Providers
| Third Party | Data Shared | Purpose |
|---|---|---|
| OpenAI | Chat prompts (user-composed text) | AI response generation |
| Anthropic | Chat prompts (user-composed text) | AI response generation |
| RevenueCat | Cosmos internal user identifier (UUID) | Subscription management |
| Supabase | All stored user data (as data processor) | Database hosting |
| Google Play Store (Android) | Standard purchase flows | App distribution, in-app billing |
| Apple App Store (iOS) | Standard purchase flows | App distribution, in-app billing |
| Stripe (Web / Chrome) | Payment processing via RevenueCat | Subscription billing for web and Chrome apps |
Important: Your Google profile data (name, email, profile picture) is not shared with AI providers or RevenueCat.
We Do NOT:
- Sell your personal information to third parties
- Share your data with advertisers
- Use your content to train AI models
- Share your usage data with other users or client applications
- Provide your data to data brokers
Legal Disclosure
We may disclose your information if required by law, legal process, or government request, or to protect the rights, property, or safety of Cosmos Services, our users, or the public.
Third-Party Services
Google OAuth
- Purpose: User authentication and identity verification
- Data shared: Standard OAuth flow (authorization code exchange)
- Scopes:
openid,profile,email(non-sensitive) - Privacy Policy: https://policies.google.com/privacy
OpenAI
- Purpose: AI language model inference
- Data shared: Chat prompts and conversation context
- Privacy Policy: https://openai.com/policies/privacy-policy
Anthropic
- Purpose: AI language model inference
- Data shared: Chat prompts and conversation context
- Privacy Policy: https://www.anthropic.com/privacy
RevenueCat
- Purpose: Subscription management and billing coordination
- Data shared: Cosmos internal user identifier (UUID), subscription events
- Privacy Policy: https://www.revenuecat.com/privacy
Google Play Store (Android)
- Purpose: App distribution, in-app purchases, subscription billing
- Data shared: Standard Google Play purchase flows
- Privacy Policy: https://policies.google.com/privacy
Apple App Store (iOS)
- Purpose: App distribution, in-app purchases, subscription billing
- Data shared: Standard App Store purchase flows
- Privacy Policy: https://www.apple.com/legal/privacy/
Stripe (Web / Chrome Extension Billing)
- Purpose: Payment processing for web and Chrome extension subscriptions (via RevenueCat)
- Data shared: Payment information is handled by Stripe; we do not see or store credit card details
- Privacy Policy: https://stripe.com/privacy
Supabase (Database Hosting)
- Purpose: PostgreSQL database hosting (data processor)
- Data stored: User profiles, usage records, subscription state, audit logs
- Privacy Policy: https://supabase.com/privacy
Data Retention
Active Accounts
| Data | Retention Period |
|---|---|
| User profile (Google ID, email, name, picture) | Duration of account |
| Usage records | Rolling 7-day window for quota; historical aggregates retained |
| Subscription state | Duration of account |
| Audit logs | 90 days |
| Rate limit counters | Ephemeral (expires within minutes) |
| Expired refresh tokens | Removed on rotation |
| AI chat content | Not retained (processed in transit) |
Account Deletion
You can request deletion of your account and all associated data at any time using our self-service Account Deletion page:
- Visit https://cosmosone.cloud/account-deletion
- Sign in with the Google account you used in the app
- Select the app you want to delete your account from
- Optionally provide a reason for deletion
- Click "Submit Request"
Alternatively, you can email support@cosmosone.cloud with the subject "Data Deletion Request" if you are unable to use the web form.
We will process your request within 30 days. Upon deletion:
- Your user profile (Google Account ID, email, display name, profile picture) is permanently deleted
- All usage records and subscription data are permanently deleted
- All authentication tokens and credentials are permanently deleted
- Audit logs referencing your account may be retained for up to 90 days for compliance, then permanently deleted
- Data previously transmitted to third-party AI providers is subject to their respective retention policies
Revoking Google Account Access
You can revoke Cosmos Services' access to your Google account at any time:
- Visit https://myaccount.google.com/permissions
- Find "Cosmos Services" in the list of apps with access to your account
- Click "Remove Access"
This will prevent further sign-ins. To delete data already stored on our servers, follow the account deletion process above.
App Uninstallation
- Uninstalling a client application removes locally stored data (tokens, cached content)
- Server-side data (profile, usage records) is retained until you request account deletion via the process above
Your Privacy Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of your personal data held by the Platform
- Correction: Request correction of inaccurate personal data
- Deletion: Request deletion of your account and associated data (see Account Deletion)
- Portability: Request your data in a machine-readable format
- Objection: Object to certain processing of your personal data
- Restriction: Request restriction of processing in certain circumstances
To exercise any of these rights, contact us at support@cosmosone.cloud.
Children's Privacy
Cosmos Services is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us so we can take appropriate action.
International Data Transfers
Your data may be processed in countries other than your country of residence, including:
- AI providers: OpenAI and Anthropic may process data in the United States
- Database hosting: Supabase PostgreSQL is hosted in the US East (N. Virginia, us-east-1) region
- Google APIs: Google may process data in various global locations per their infrastructure
We ensure appropriate safeguards are in place for international data transfers in accordance with applicable data protection laws.
Changes to This Privacy Policy
We may update this Privacy Policy for:
- Changes in legal requirements
- New features, services, or third-party integrations
- Improvements to security practices
- Changes to data handling procedures
Notification: Updates will be posted on this page with a new effective date. Material changes will be communicated through client applications where practicable.
Contact Information
If you have questions about this Privacy Policy or wish to exercise your privacy rights:
Email: support@cosmosone.cloud Subject Line: [Cosmos Services Privacy] Website: https://cosmosone.cloud Response Time: Within 5 business days
For data deletion requests, visit https://cosmosone.cloud/account-deletion or email support@cosmosone.cloud with the subject "Data Deletion Request."
Summary
| Aspect | Details |
|---|---|
| Google User Data | Accessed via OAuth: Google ID, email, name, profile picture |
| Google Scopes | Non-sensitive only: openid, profile, email |
| Google Data Sharing | Not sold, not used for ads, not used for AI training |
| Limited Use Compliance | Compliant with Google API Services User Data Policy |
| AI Processing | Server-side via OpenAI / Anthropic |
| Chat Content | Processed in transit, not stored on our servers |
| Authentication | Google OAuth (PKCE) — we never see your password |
| Usage Tracking | Token counts and costs for quota enforcement |
| Subscriptions | Managed via RevenueCat (Google Play, App Store, or Stripe) |
| Payment Data | Handled by app stores or Stripe via RevenueCat — we never see it |
| Data Encryption | TLS in transit, encryption at rest, hashed tokens |
| Analytics/Ads | None |
| Data Sales | Never |
| User Control | Access, correction, deletion, portability |
| Data Deletion | Self-service at cosmosone.cloud/account-deletion; processed within 30 days |
| Client App Scopes | Client apps with additional Google API scopes maintain their own privacy policies |
Your Privacy Matters: Cosmos Services is designed with security-first principles. We collect only what is necessary to deliver the service, protect your data with industry-standard encryption, and never monetize your personal information. Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.