Privacy Policy

Last updated: April 2026

1. What We Collect

We collect the following information to provide and improve the Cosmo service:

  • Account information: name, email address, phone number (optional)
  • Chat messages: conversations with Cosmo, including text and shared files
  • Connected account data: data from services you connect (Gmail, Google Calendar, Google Sheets, WhatsApp, desktop app, etc.), accessed only to execute your requested actions
  • Usage data: feature usage patterns, Stardust consumption, session information
  • Device information: device type, operating system, app version (for mobile app users)

2. How We Use Your Data

We use your data exclusively to:

  • Provide the Cosmo AI operator service and execute tool actions on your behalf
  • Improve Cosmo's responses specifically for you (memory, personalization, and evolution engine)
  • Process payments and manage your subscription
  • Send service-related notifications (never marketing spam)
  • Maintain security and prevent abuse

We do not use your personal conversations to train general AI models. Your data improves Cosmo's understanding of you, not other users.

3. AI Processing

Your messages are processed by Claude (Sonnet by default, Opus for Nova tier), an AI model developed by Anthropic, to generate Cosmo's responses and tool actions. Messages sent to the AI model are subject to Anthropic's data handling policies. We send only the minimum context necessary for each interaction. For Private Cloud add-on users, processing occurs via AWS Bedrock and data stays in your region. We do not share your identity or personal details with Anthropic beyond what is needed to process your request.

4. Data Storage and Security

All data is encrypted at rest using AES-256 encryption. Data in transit is protected with TLS 1.3. Our infrastructure is hosted on secure servers with industry-standard protections. We perform regular security audits and monitoring. Access to user data is restricted to essential personnel only, under strict access controls.

5. Connected Accounts

When you connect services like Gmail, Google Calendar, Google Sheets, WhatsApp, or your desktop to Cosmo, we access your data on those platforms only to execute actions you specifically request. For example, if you ask Cosmo to send an email, we access your Gmail via OAuth to send that email. We do not scan, index, or analyze your connected accounts beyond what is needed for the requested action. You can disconnect any service at any time, and we will immediately stop accessing that data.

6. Data Retention

Chat messages and conversation history are stored to maintain continuity and enable Cosmo's memory features. You can request deletion of your conversation history at any time. Upon account deletion, all your data is permanently removed within 30 days. Backups are purged within 90 days of account deletion.

7. No Selling of Data

We never sell, rent, lease, or trade your personal data to any third party. Period. We do not share your data with advertisers. We do not provide your data to data brokers.

8. Cookies

We use minimal cookies, limited to authentication tokens necessary for keeping you signed in. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. Children's Privacy

Cosmo is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has created an account, we will delete that account and all associated data promptly.

10. Saudi Arabia Compliance

Our data practices are aligned with the Kingdom of Saudi Arabia's Personal Data Protection Law (PDPL). We respect the rights granted to data subjects under PDPL, including the right to access, correct, and delete personal data. For PDPL-related inquiries, contact us at privacy@oikon.ai.

11. Your Rights

You have the right to:

  • Access all personal data we hold about you
  • Correct inaccurate personal data
  • Request deletion of your personal data
  • Export your data in a standard format
  • Withdraw consent for data processing
  • Lodge a complaint with the relevant supervisory authority

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 14 days before the changes take effect.

13. Contact

For privacy-related questions or requests, contact us at privacy@oikon.ai