Home

Cosmo Star Privacy Policy

Your Privacy Matters. Cosmo Star is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our services.

1. Information We Collect

1.1 Information You Provide Directly

We collect information that you voluntarily provide to us, including:

  • Account Information: Name, email address, company name, job title, and contact details
  • Project Information: Project requirements, specifications, technical details, and business objectives
  • Communication Data: Messages, feedback, support requests, and correspondence with us
  • Payment Information: Billing address, payment method details (processed securely through third-party payment processors)

1.2 Information Collected Automatically

When you access our services, we automatically collect certain information:

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages visited, time spent on pages, click patterns, and navigation paths
  • Technical Data: Log files, error reports, performance metrics, and diagnostic data
  • Cookies and Tracking: Session cookies, preference cookies, and analytics cookies

1.3 Information from Third Parties

We may receive information from:

  • Business partners or affiliates with whom you interact
  • Third-party authentication services (e.g., OAuth providers)
  • Public databases and data aggregators
  • Analytics and marketing platforms

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 Service Delivery

  • Provide, maintain, and improve our software development services
  • Process and complete transactions
  • Manage user accounts and authentication
  • Deliver technical support and customer service

2.2 Communication

  • Respond to inquiries and support requests
  • Send service-related notifications and updates
  • Provide project status updates and reports
  • Send marketing communications (with your consent)

2.3 Analytics and Improvement

  • Analyze usage patterns and trends
  • Monitor and improve service performance
  • Develop new features and services
  • Conduct research and statistical analysis

2.4 Security and Compliance

  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations and regulatory requirements
  • Enforce our Terms of Service and other policies
  • Protect our rights, property, and safety

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on:

  • Contract Performance: Processing necessary to fulfill our contractual obligations
  • Legitimate Interests: Processing necessary for our legitimate business interests
  • Consent: Processing based on your explicit consent (which you may withdraw at any time)
  • Legal Compliance: Processing required to comply with legal obligations

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We may share information with third-party service providers who assist us in:

  • Cloud hosting and infrastructure services
  • Payment processing and billing
  • Analytics and performance monitoring
  • Customer support and communication tools

4.2 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction.

4.3 Legal Requirements

We may disclose your information if required by law or in response to:

  • Valid legal processes (subpoenas, court orders, etc.)
  • Government or regulatory requests
  • Protection of our legal rights and interests
  • Investigation of potential violations or fraud

5. Data Security

We implement industry-standard security measures to protect your information:

5.1 Technical Safeguards

  • Encryption of data in transit (SSL/TLS) and at rest
  • Secure authentication and access controls
  • Regular security audits and vulnerability assessments
  • Intrusion detection and prevention systems
  • Secure development practices and code reviews

5.2 Organizational Measures

  • Employee training on data protection and security
  • Strict access controls and need-to-know basis
  • Incident response and breach notification procedures
  • Regular backup and disaster recovery planning

Important: While we take reasonable measures to protect your data, no method of transmission or storage is 100% secure. You acknowledge that you provide information at your own risk.

6. Data Retention

We retain your personal information for as long as necessary to:

  • Provide our services and fulfill the purposes described in this policy
  • Comply with legal, accounting, or reporting requirements
  • Resolve disputes and enforce our agreements
  • Maintain business records and historical data

When information is no longer needed, we will securely delete or anonymize it.

7. Your Rights and Choices

7.1 Access and Control

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete information
  • Deletion: Request deletion of your personal data (subject to legal obligations)
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Request restriction of processing in certain circumstances
  • Objection: Object to processing based on legitimate interests

7.2 Marketing Communications

You may opt out of marketing communications at any time by:

  • Using the unsubscribe link in our emails
  • Updating your account preferences
  • Contacting us directly

7.3 Cookies and Tracking

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our services.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place, including:

  • Standard contractual clauses approved by regulatory authorities
  • Privacy Shield certification (where applicable)
  • Adequacy decisions by relevant data protection authorities

9. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child without parental consent, we will take steps to delete that information promptly.

10. Cookie Policy

We use cookies and similar tracking technologies for various purposes:

Essential Cookies

Required for basic site functionality, authentication, and security.

Performance Cookies

Help us understand how visitors interact with our services to improve user experience.

Functional Cookies

Remember your preferences and personalize your experience across sessions.

Analytics Cookies

Collect aggregated data about site usage, traffic patterns, and performance metrics.

11. Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

  • Notify affected users without undue delay
  • Report the breach to relevant authorities as required by law
  • Take immediate steps to contain and remediate the breach
  • Provide information about the nature and extent of the breach
  • Offer guidance on protective measures you can take

12. Third-Party Links and Services

Our services may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those external sites or services. We encourage you to review the privacy policies of any third-party services you access.

13. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in our data practices or services
  • New legal or regulatory requirements
  • Technological advancements or security improvements
  • Feedback from users or stakeholders

We will notify you of material changes by:

  • Posting the updated policy on our website with a new "Last Updated" date
  • Sending an email notification (for significant changes)
  • Displaying a prominent notice on our services

14. Your California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

14.1 Right to Know

You have the right to request information about:

  • Categories of personal information we collect
  • Sources from which we collect personal information
  • Business purposes for collecting or selling personal information
  • Categories of third parties with whom we share personal information

14.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions.

14.3 Right to Opt-Out

You have the right to opt-out of the sale of your personal information. Note: We do not sell personal information.

14.4 Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

15. European Union Data Protection (GDPR)

If you are located in the European Union or European Economic Area, you have specific rights under the General Data Protection Regulation (GDPR):

15.1 Data Controller

Cosmo Star acts as the data controller for personal information processed through our services.

15.2 Legal Basis for Processing

We process your data based on:

  • Performance of a contract with you
  • Legitimate business interests
  • Your explicit consent
  • Compliance with legal obligations

15.3 Your GDPR Rights

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

16. Data Processing Agreements

For enterprise clients, we offer Data Processing Agreements (DPAs) that outline:

  • The nature and purpose of data processing
  • Types of personal data and categories of data subjects
  • Obligations and rights of both parties
  • Technical and organizational security measures
  • Sub-processor management and approval
  • Data breach notification procedures

17. Automated Decision-Making

We may use automated systems for:

  • System performance monitoring and optimization
  • Security threat detection and prevention
  • Service usage analytics and reporting

We do not use automated decision-making or profiling in ways that produce legal effects or significantly affect you without human involvement.

18. Data Protection Officer

For data protection inquiries or to exercise your rights, you may contact our Data Protection Officer through the channels specified in your service agreement or project documentation.

19. Data Retention Periods

We retain different types of data for varying periods:

  • Account Information: Duration of account + 2 years
  • Project Data: Project completion + 5 years
  • Communication Records: 3 years from last interaction
  • Financial Records: 7 years (legal requirement)
  • Technical Logs: 90 days to 1 year
  • Analytics Data: 26 months (anonymized)

20. Security Measures

We implement comprehensive security measures including:

20.1 Technical Security

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Multi-factor authentication (MFA)
  • Regular security patches and updates
  • Penetration testing and vulnerability scanning
  • Web Application Firewall (WAF)

20.2 Administrative Security

  • Role-based access control (RBAC)
  • Regular employee security training
  • Background checks for personnel with data access
  • Incident response and disaster recovery plans

21. International Compliance

Our privacy practices comply with:

  • General Data Protection Regulation (GDPR) - EU
  • California Consumer Privacy Act (CCPA) - USA
  • Personal Information Protection and Electronic Documents Act (PIPEDA) - Canada
  • Data Protection Act - UK
  • Other applicable international privacy laws

22. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature. Currently, there is no industry consensus on how to respond to DNT signals. We do not currently respond to DNT signals, but we respect your privacy choices through our cookie settings.

23. Contact Information

For privacy-related questions, concerns, or to exercise your rights:

  • Review the documentation provided with your service agreement
  • Contact your designated account manager
  • Reach out through official support channels

24. Additional Information

24.1 Mobile Applications

If you use our mobile applications, we may collect additional information such as:

  • Mobile device identifiers
  • Location data (with your permission)
  • Push notification tokens
  • App usage statistics

24.2 Developer APIs

If you use our APIs or developer tools:

  • API usage data will be logged for security and billing purposes
  • Error logs may contain request/response data
  • Rate limiting and abuse prevention measures apply

25. Compliance Certifications

Cosmo Star maintains various compliance certifications and follows industry standards:

  • ISO 27001 (Information Security Management)
  • SOC 2 Type II (Security and Availability)
  • OWASP Top 10 security guidelines
  • Industry-specific compliance as required by client contracts

Questions or Concerns? If you have any questions about this Privacy Policy or our data practices, please don't hesitate to reach out through the appropriate channels outlined in your service documentation.

Consent: By using Cosmo Star's services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
More Details
Site is Blocked
Sorry! This site is not available in your country.