COSAI
Book a Demo

Privacy Policy

Last updated: March 19, 2026

This Privacy Policy describes how COSAI (“we,” “us,” or “our”) collects, uses, shares, and protects your personal information when you visit our website at cosai.cloud (the “Site”) or use our AI assistant service, Aldric, and related products (collectively, the “Services”).

1. Information We Collect

1.1 Information You Provide

We collect information you provide directly to us, including:

  • Account Information: Name, email address, company name, job title, and role when you create an account or submit an application.
  • Payment Information: Billing address and payment method details. Payment processing is handled by Stripe, Inc. We do not store your full credit card number on our servers.
  • Communications: Any messages, feedback, or support requests you send to us.
  • Integration Data: When you connect third-party services (such as Gmail, Google Calendar, or Slack) to Aldric, we access and process data from those services on your behalf in accordance with the permissions you grant.
  • Voice and Vision Data: When you interact with Aldric via voice, audio is processed in real time by Google Gemini for transcription, intent recognition, and speech synthesis. When camera features are active, image frames are sent to Gemini for visual understanding. We do not store raw audio recordings or camera frames after processing is complete. On-device memory is encrypted using AES-GCM (CryptoKit) before syncing to the cloud.

1.2 Information Collected Automatically

When you use our Site or Services, we automatically collect certain information, including:

  • Device Information: Browser type, operating system, device identifiers, and screen resolution.
  • Usage Data: Pages visited, features used, actions taken, timestamps, and referring URLs.
  • Log Data: IP address, access times, and server logs for security and debugging purposes.
  • Cookies and Similar Technologies: We use cookies, local storage, and similar technologies to maintain sessions, remember preferences, and analyze usage patterns. See Section 7 for more details.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Services, including Aldric's AI capabilities.
  • Process transactions and send related information, including purchase confirmations and invoices.
  • Send you technical notices, updates, security alerts, and administrative messages.
  • Respond to your comments, questions, and customer service requests.
  • Monitor and analyze trends, usage, and activities in connection with the Services.
  • Detect, investigate, and prevent security incidents, fraud, and other harmful activities.
  • Personalize and improve your experience with the Services.
  • Comply with legal obligations.

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: We share data with third-party vendors who perform services on our behalf, such as payment processing (Stripe), hosting (Vercel, Supabase), email delivery, and analytics. These providers are contractually obligated to use your data only as necessary to provide their services.
  • AI Model Providers: Portions of your interactions may be sent to AI model providers (Google Gemini for voice and vision, Anthropic Claude for reasoning tasks) for processing. These providers operate under strict data processing agreements and do not use your data to train their models.
  • Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request.
  • Protection of Rights: We may disclose information where we believe it is necessary to protect the rights, property, or safety of COSAI, our users, or others.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Services. We also retain information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements. Audit trail data is retained in accordance with our data retention schedule and applicable regulatory requirements.

When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as fraud prevention or financial record keeping).

5. Data Security

We implement industry-standard technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
  • Row-level security (RLS) policies ensuring users can only access their own data.
  • Regular security audits and vulnerability assessments.
  • Least-privilege access controls for all internal systems.
  • Secure authentication via magic links (passwordless) and Google OAuth.

No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to legal exceptions.
  • Portability: Request a machine-readable copy of your data.
  • Opt-out: Unsubscribe from marketing communications at any time using the link in our emails.
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at contact@cosai.cloud. We will respond to your request within 30 days.

7. Cookies and Tracking Technologies

We use the following types of cookies:

  • Essential Cookies: Required for the Site to function (e.g., session management, authentication).
  • Analytics Cookies: Help us understand how visitors interact with the Site so we can improve the experience.

We do not use advertising or third-party tracking cookies. You can control cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of the Site.

8. Third-Party Integrations

When you connect third-party services to Aldric, we access data from those services according to the permissions you grant via OAuth. We request only the minimum scopes necessary to perform the actions you authorize. You can revoke access to any connected service at any time through your account settings.

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

9. Children's Privacy

The Services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where required.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our Site with a revised “Last updated” date. Your continued use of the Services after any changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

COSAI
Email: contact@cosai.cloud