Privacy Policy
Last updated: April 8, 2026
Techdome LLC ("Cosmo," "we," "us," or "our") operates the Cosmo desktop application, web application, and related services (collectively, the "Service"). This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.
1. Data We Collect
1.1 Account & Authentication Data
We use Clerk as our authentication provider. When you sign up, Clerk processes your email address, name, profile picture, and OAuth tokens from identity providers (Google, GitHub, etc.). Clerk stores session data and authentication tokens on our behalf. See Clerk's Privacy Policy for details on their processing.
1.2 Organization & Team Data
When you create an organization, we store the organization name, member list, roles, and billing information. All data within Cosmo is tenant-isolated — your organization's data is logically separated from every other organization's data via organization-scoped access controls.
1.3 Integration Credentials (MCP Connections)
Cosmo connects to third-party services (Slack, GitHub, Linear, Notion, etc.) via the Model Context Protocol (MCP). How credentials are stored depends on the mode:
- Desktop app (local mode): OAuth tokens for MCP integrations are stored locally on your device. We do not have access to these tokens.
- Cloud mode: OAuth tokens are stored encrypted on our servers to enable server-side integration features. These tokens are encrypted at rest using AES-256 and are accessible only to the services that need them to maintain your connections.
In both modes, the desktop app communicates directly with third-party services to fetch your data. Cosmo acts as an orchestrator — your Slack messages, GitHub issues, and other integration data flow directly between your device and the respective service. This data does not pass through or get stored on Cosmo's servers unless you explicitly create an artifact from it.
1.4 Artifacts & User-Created Content
Documents, proposals, reports, and other artifacts you create within Cosmo are stored on our cloud infrastructure (Azure East US region, using S3-compatible object storage). This content is:
- Encrypted at rest and in transit (TLS 1.2+)
- Scoped to your organization — no other tenant can access it
- Accessible only to organization members with appropriate permissions
- Retained until you delete it or close your account
1.5 AI Conversation Data
When you interact with the AI features in Cosmo, your messages and the context provided to the AI model are sent to third-party LLM providers:
- Anthropic (Claude models) — Anthropic Privacy Policy
- OpenAI (GPT models) — OpenAI Privacy Policy
We use API access with zero data retention agreements where available — meaning these providers do not use your data to train their models. The data sent includes your prompt, relevant workspace context, and any MCP tool results needed to fulfill your request.
We may store conversation history on our servers to provide continuity across sessions. You can delete your conversation history at any time.
1.6 Usage & Analytics Data
We collect anonymized usage metrics (feature usage, error rates, performance data) to improve the Service. We do not sell this data or use it for advertising.
2. How We Use Your Data
- To provide, maintain, and improve the Service
- To authenticate you and manage your organization
- To facilitate AI-powered features by sending context to LLM providers
- To store and serve artifacts you create
- To process billing and enforce usage quotas
- To send transactional emails (account verification, billing receipts, security alerts)
- To detect, prevent, and address security issues
We do not use your data for advertising, sell your data to third parties, or use your content to train AI models.
3. Third-Party Data Sharing
We share data only with the following categories of providers:
| Provider | Purpose | Data Shared |
|---|---|---|
| Clerk | Authentication | Email, name, OAuth tokens |
| Anthropic / OpenAI | AI processing | Prompts, context, tool results |
| Stripe / Razorpay | Payment processing | Billing details, payment method |
| Microsoft Azure | Infrastructure hosting | All stored data (encrypted) |
| Cloudflare / AWS | Object storage (R2/S3) | Artifacts, files |
We do not share data beyond what is necessary for these services to function. We do not sell personal data.
4. Data Retention
- Account data: Retained while your account is active. Deleted within 30 days of account closure.
- Artifacts: Retained until you delete them or close your account.
- Conversation history: Retained until you delete it. Automatically purged 90 days after account closure.
- Integration credentials: Revoked and deleted when you disconnect an integration or close your account.
- Billing data: Retained as required by applicable tax and financial regulations.
5. Security
We protect your data through:
- Encryption at rest (AES-256) and in transit (TLS 1.2+)
- Tenant isolation — every database query, API call, and WebSocket message is scoped to your organization
- Role-based access control (RBAC) within organizations
- Regular security audits and dependency scanning
- Minimal credential storage — local-mode tokens never leave your device
6. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data
- Export your data in a portable format
- Object to or restrict certain processing
- Withdraw consent where processing is consent-based
To exercise any of these rights, contact us at support@getcosmo.app. We will respond within 30 days.
7. Children’s Privacy
Cosmo is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notification at least 14 days before they take effect. Continued use of the Service after changes take effect constitutes acceptance.
9. Contact
If you have questions about this Privacy Policy or our data practices, contact us at:
Techdome LLC
Email: support@getcosmo.app