Cosmos One
Privacy Policy
Last Updated: 26 March 2026
Introduction
Cosmos One ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website (cosmosone.cloud) and the services operated under the Cosmos One brand.
Cosmos One operates a family of products and services, including:
- Cosmos Services - a cloud-based API platform providing AI chat, authentication, subscription management, and usage tracking to registered applications
- Consumer applications - including Cosmos Scanner, Cosmos Calendar, LumenWrite, and others, each of which may have its own supplementary privacy policy addressing app-specific data practices
When you interact with any Cosmos One service that uses Google Sign-In, the authentication is handled centrally through our OAuth consent screen. This Privacy Policy covers how we handle data collected through that authentication and through the Cosmos One website.
By using any Cosmos One service, you agree to the practices described in this Privacy Policy. Individual apps may provide additional privacy disclosures specific to their functionality.
Overview
Cosmos One builds AI-powered productivity tools for document scanning, writing, calendar management, and more. Our apps are available on Android, Chrome Web Store, and the web.
Key Privacy Points:
- Authentication is handled via Google OAuth - we never see or store your Google password
- We request only non-sensitive Google OAuth scopes:
openid,email, andprofile - AI requests are processed by third-party providers (OpenAI, Anthropic) via the Cosmos Services platform and are not stored long-term
- Subscription management is handled by RevenueCat (via Google Play for Android, App Store for iOS, or Stripe for web and Chrome apps)
- We do not sell your personal data or use it for advertising
- Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements
Google User Data
Data Accessed from Google
When you sign in with your Google account through any Cosmos One service, we access the following information from your Google account:
| Google User Data | Source | Purpose |
|---|---|---|
| Google Account ID (sub) | Google OAuth / ID Token | Uniquely identify your account across sessions |
| Email address | Google OAuth / ID Token | Account identification and communication |
| Email verification status | Google OAuth / ID Token | Confirm your email is verified by Google |
| Display name | Google OAuth / ID Token | Display your name in the application interface |
| Profile picture URL | Google OAuth / ID Token | Display your avatar in the application interface |
We request only the following non-sensitive OAuth scopes: openid, email, and profile. We do not request access to your Google Drive, Gmail, Calendar, or any other Google service data through the Cosmos One consent screen.
Some individual apps (such as Cosmos Calendar) may request additional Google API scopes for their specific functionality. These are documented in each app's own privacy policy.
How Google User Data Is Used
- Authentication and account creation: Your Google Account ID and email address are used to create and identify your account within Cosmos Services
- Personalisation: Your display name and profile picture are shown in the application interface
- Communication: Your email address may be used for critical account-related communications (such as confirming account deletion requests)
We do NOT use your Google user data for:
- Advertising, ad targeting, or ad personalisation
- Training machine learning or AI models
- Building user profiles for sale or sharing with third parties
- Any purpose unrelated to providing the core functionality of our services
How Google User Data Is Shared
We share Google user data only with the following parties, and only as necessary to provide our services:
- AI providers (OpenAI, Anthropic): Receive chat prompts submitted by users through Cosmos Services. Google profile data (name, email, picture) is NOT sent to AI providers.
- RevenueCat: Receives a Cosmos-internal user identifier only for subscription management. Google profile data is NOT shared with RevenueCat.
- Resend: Receives your email address and name only when you submit an account deletion request, for the purpose of delivering the confirmation email to our support team.
- Supabase: Hosts the Cosmos Services database. Acts as a data processor and does not independently access or use your data.
- Cloudflare: Hosts the Cosmos One website and API. Acts as infrastructure provider and does not independently access or use your data.
We do NOT:
- Sell your data to third parties
- Share your data with data brokers
- Provide your data to advertisers
- Share your data with any party not listed above
- Use your data for any undisclosed purpose
How Google User Data Is Stored and Protected
| Data | Storage Location | Protection Method |
|---|---|---|
| Google Account ID (sub) | PostgreSQL database (Supabase) | Encrypted at rest, access-controlled |
| Email address | PostgreSQL database (Supabase) | Encrypted at rest, access-controlled |
| Display name | PostgreSQL database (Supabase) | Encrypted at rest, access-controlled |
| Profile picture URL | PostgreSQL database (Supabase) | Encrypted at rest, access-controlled |
| Google OAuth tokens | Server memory only (during auth flow) | Not persisted; used transiently during sign-in |
Security measures include:
- Encryption in transit: All data transmitted over TLS/HTTPS
- Encryption at rest: Database encrypted at rest via Supabase infrastructure
- Access control: Database access restricted to authorised services only
- Short-lived tokens: JWT access tokens expire within 5-15 minutes (RS256 signed)
- Refresh token security: Stored as irreversible cryptographic hashes with rotation and reuse detection
- Secure cookies: HttpOnly, Secure, SameSite=Strict attributes on all session cookies
- PII redaction: Sensitive data redacted from debug and application logs
Google User Data Retention and Deletion
| Data | Retention |
|---|---|
| Google Account ID, email, name, profile picture | Lifetime of account, until deletion is requested |
| Google OAuth / ID tokens | Not retained; used transiently during authentication only |
How to request deletion of your data:
You can request deletion of all your Google user data at any time using our self-service Account Deletion page:
- Visit https://cosmosone.cloud/account-deletion
- Sign in with the Google account you used in the app
- Select the app you want to delete your account from
- Optionally provide a reason for deletion
- Click "Submit Request"
Your request will be sent to the Cosmos One support team. Upon receiving your request, we will:
- Verify your identity (already confirmed via Google Sign-In on the deletion page)
- Permanently delete your user profile (Google Account ID, email, display name, profile picture URL) from our database
- Remove all associated usage records, subscription data, and authentication data
- Confirm deletion to you via email
Deletion timeline: We will process your request within 30 days of receipt. Some audit log entries referencing your account may be retained for up to 90 days for legal compliance, after which they are permanently deleted.
Alternative contact: If you are unable to access the Account Deletion page, you can request deletion by emailing support@cosmosone.cloud with the subject line "Data Deletion Request" and the email address associated with your account.
App uninstallation: Uninstalling an app removes locally stored data (tokens, cached content). However, your server-side data is retained until you explicitly request deletion using the process above.
Revoking access: You can revoke Cosmos One's access to your Google account at any time by visiting Google Account Permissions and removing "Cosmos One" from the list of connected apps. Revoking access will prevent further sign-ins, but to delete data already stored, please follow the deletion process above.
Google API Services: Limited Use Disclosure
Cosmos One's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We only use Google user data to provide and improve the user-facing features that are visible and prominent in the application's user interface.
- We do not transfer Google user data to third parties except: (a) as necessary to provide the user-facing features described in this policy, (b) to comply with applicable laws, or (c) as part of a merger, acquisition, or asset sale with prior user notice.
- We do not use Google user data for serving advertisements, including retargeting, personalised, or interest-based advertising.
- We do not allow humans to read Google user data unless: (a) we have your explicit consent, (b) it is necessary for security purposes (e.g., investigating abuse), (c) it is necessary to comply with applicable law, or (d) the data is aggregated and anonymised for internal operations.
Information We Collect
Information You Provide
- Google account information: As described in the Google User Data section above
- AI chat content: Prompts and messages you submit through apps powered by Cosmos Services are forwarded to AI providers for processing and are not stored long-term
- Subscription information: Managed by RevenueCat; we do not directly handle payment or credit card information
- Account deletion requests: Your email, name, selected app, and optional reason for deletion
- App-specific data: Individual apps may collect additional information as described in their own privacy policies
Automatically Collected Information
- Usage metrics: Request counts, token usage, and cost calculations for quota enforcement and rate limiting
- Authentication metadata: Sign-in timestamps, session information
- Rate limiting data: Temporary records to prevent abuse (automatically deleted after 24 hours)
Information We Do NOT Collect
- Your Google password
- Payment or credit card information (handled by Google Play, App Store, or Stripe)
- Device identifiers or advertising IDs (through Cosmos Services)
- Precise location data
- Contact lists or phone numbers
- Photos or media (unless explicitly provided by you within an app's functionality)
How We Use Your Information
- Authentication: Verifying your identity when you sign in with Google
- Core functionality: Providing AI services, managing subscriptions, enforcing usage quotas
- Account management: Processing account deletion requests, managing user preferences
- Security: Detecting and preventing abuse, enforcing rate limits
- Communication: Sending account-related notifications (such as deletion confirmations)
We do NOT use your information for advertising, profiling, or any purpose unrelated to providing our services.
Data Storage and Security
| Data | Location | Protection |
|---|---|---|
| User profiles | PostgreSQL (Supabase, US East) | Encrypted at rest |
| Usage records | PostgreSQL (Supabase) | Encrypted at rest |
| Subscription state | PostgreSQL (Supabase) | Encrypted at rest |
| Refresh tokens | PostgreSQL (Supabase) | Cryptographic hashes only |
| Session data | Server memory | HttpOnly, Secure, SameSite cookies |
| Rate limit counters | Cloudflare KV | Ephemeral, auto-expiring (24h TTL) |
| AI request content | Not stored | Processed in transit only |
| Website content | Cloudflare R2 / KV | Access-controlled |
Data Sharing and Disclosure
| Third Party | Data Shared | Purpose |
|---|---|---|
| OpenAI | Chat prompts (user text only) | AI response generation |
| Anthropic | Chat prompts (user text only) | AI response generation |
| RevenueCat | Cosmos internal user ID | Subscription management |
| Supabase | All stored user data (as processor) | Database hosting |
| Resend | Email, name (deletion requests only) | Email delivery |
| Cloudflare | Website content, rate limit keys | Infrastructure hosting |
| Google Play Store | Standard purchase flows | App distribution and billing |
We will never sell, rent, or trade your personal information. We may disclose information if required by law, court order, or governmental regulation.
Third-Party Services
Each third-party service we use has its own privacy policy governing how they handle data:
- Google OAuth: https://policies.google.com/privacy
- OpenAI: https://openai.com/policies/privacy-policy
- Anthropic: https://www.anthropic.com/privacy
- RevenueCat: https://www.revenuecat.com/privacy
- Supabase: https://supabase.com/privacy
- Resend: https://resend.com/legal/privacy-policy
- Cloudflare: https://www.cloudflare.com/privacypolicy/
- Google Play Store: https://policies.google.com/privacy
- Stripe (web/Chrome payments): https://stripe.com/privacy
Your Privacy Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data (see the deletion section above)
- Portability: Request your data in a machine-readable format
- Objection: Object to certain types of processing
- Restriction: Request restriction of processing
To exercise any of these rights, contact us at support@cosmosone.cloud.
For Users in the European Union / European Economic Area (GDPR)
If you are located in the EU/EEA, we process your personal data based on the following legal bases:
- Contract performance: Processing necessary to provide the services you requested
- Legitimate interests: Security, fraud prevention, and service improvement
- Consent: Where you have given explicit consent (e.g., signing in with Google)
You have the right to lodge a complaint with your local data protection authority.
For Users in California (CCPA)
If you are a California resident, you have the right to:
- Know what personal information we collect and how it is used
- Request deletion of your personal information
- Opt out of the sale of your personal information (we do not sell personal information)
- Non-discrimination for exercising your privacy rights
Children's Privacy
Cosmos One services are not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly.
International Data Transfers
Cosmos One is operated from Australia. Our infrastructure providers may process data in the following locations:
- Supabase: US East (N. Virginia, us-east-1)
- Cloudflare: Global edge network
- AI providers (OpenAI, Anthropic): United States
- Google APIs: Various global locations
By using our services, you consent to the transfer of your data to these locations. We ensure appropriate safeguards are in place for international transfers.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this Privacy Policy periodically.
For material changes that affect how we handle your Google user data, we will provide prominent notice (such as a banner on our website or an email notification).
Contact Information
If you have any questions or concerns about this Privacy Policy, please contact us:
- Email: support@cosmosone.cloud
- Subject Line: Cosmos One Privacy
- Website: https://cosmosone.cloud
- Response Time: Within 5 business days
Summary
| Aspect | Details |
|---|---|
| Operator | Cosmos One |
| Google scopes requested | openid, email, profile (non-sensitive) |
| Google user data collected | Account ID, email, name, profile picture |
| Data sold to third parties | No |
| Data used for advertising | No |
| AI provider data sharing | Chat prompts only; no Google profile data |
| Data storage location | Supabase (US East), Cloudflare (global) |
| Data encryption | In transit (TLS) and at rest |
| Account deletion | Self-service at cosmosone.cloud/account-deletion |
| Deletion timeline | Within 30 days |
| Age restriction | 13+ |
| Governing jurisdiction | Australia |
| Google API compliance | Google API Services User Data Policy, Limited Use |