This Privacy Policy explains how Cosmic-al S.A.S. de C.V. ("Cosmic-al", "we", "us", or "the Company") collects, uses, and safeguards information when you use the Cosmical-portals application and related services (the "Service"). By using the Service, you agree to the practices described here.
1. Scope and Roles (Data Controller vs. Data Processor)
To ensure compliance with global data protection standards, we distinguish between two processing roles:
- Account Management Data: Cosmic-al acts as a Data Controller for the corporate, billing, and account profile information provided directly by our business users to manage their platform licenses.
- Conversational & Customer Data: When the Service processes messages, logs, or user identifiers from end-users communicating with our business clients via integrated Meta APIs (WhatsApp, Messenger, Instagram), Cosmic-al acts strictly as a Data Processor. This data is processed solely under the operational instructions of our business clients, who remain the primary Data Controllers and owners of that information.
2. Information We Collect
We collect the following categories of information to enable our multi-tenant orchestration services:
- Account & Profile Data: Sourced when you sign in (including through Meta / Facebook Login): names, email addresses, phone numbers, and profile pictures.
- Platform & API Unique Identifiers: Technical audit strings provided by Meta APIs, such as Page-Scoped IDs (PSID), Instagram-Scoped IDs (IGSID), and Phone Number IDs.
- Conversations and Content Logs: Complete text, time-stamps, interaction statuses, and processing logs generated during communications between end-users and integrated AI features or customer support agents.
- Inferred Analytical Metadata: Internal analytical data automatically derived from conversation processing, including customer intents, real-time sentiment flags, and automated text summaries used for workspace optimization.
- Usage Analytics: Pages visited, features used, approximate device and browser information, IP addresses, and diagnostic framework logs.
3. How We Use Your Information
- To provide, operate, maintain, and secure the multi-tenant architecture of the Service.
- To authenticate identities and secure workspace environments.
- To store, deliver, and ensure the historical persistence of your conversations.
- To analyze workspace usage, prevent system abuse, and improve platform performance.
- To comply with global legal obligations and enforce our Terms.
4. Legal Basis for Processing
Where applicable law requires a specific legal basis, we rely on: the performance of our contract with you, your explicit consent (which may be withdrawn at any time), our legitimate interests in operating and securing the Service, and absolute compliance with international legal obligations.
5. Sharing and Infrastructure Partners
We do not sell, rent, or lease your personal or conversational data. We share information only with:
- Service & Infrastructure Providers: Third-party cloud hosting, secure databases, and computational language processing APIs that facilitate, maintain, or enhance the core functionality of the Service, under strict confidentiality obligations.
- Strict AI Training Restriction: The Company explicitly guarantees that communication content, chat histories, and conversational logs processed by the Service are never shared, transferred, or utilized for training, developing, or improving general-purpose third-party Artificial Intelligence models. Data usage is strictly restricted to real-time execution as requested by the active workspace.
- Identity Providers: Services like Meta / Facebook, strictly to the extent required to authenticate accounts and synchronize active webhooks.
- Authorities: Competent judicial bodies when strictly mandated by law, subpoena, or to preserve the safety and rights of users.
6. International Transfers
Cosmical-portals is offered globally. Your information may be transferred to, stored, and processed in countries other than your own, including El Salvador and the countries where our critical cloud infrastructure providers operate. We implement appropriate global safeguards to ensure data security during these technical transfers.
7. Data Retention
We retain personal and operational data for as long as your workspace account remains active, or as strictly required to provide the Service, resolve platform disputes, and comply with legal frameworks.
8. Security
We apply administrative, technical, and organizational measures (including encryption in transit and at rest) to protect your information within our multi-tenant ecosystem. While no system is 100% secure, we continuously update our architecture following best industry security practices.
9. Your Rights and Data Deletion
Depending on your jurisdiction, you may hold the right to access, correct, delete, restrict, or export your personal data, and to object to specific processing activities.
To exercise these rights, or to submit a formal Data Deletion Request, users and end-users may utilize the account management features provided directly within our web platform interface or contact our privacy desk directly at: b2b@cosmic-al.com. Valid deletion requests will be permanently executed within seventy-two (72) business hours.
10. Children
The Service is not directed to, nor does it knowingly collect data from, children under the age of 13 (or the minimum legal age required in your local jurisdiction).
11. Changes to This Policy
We reserve the right to update this Policy as our technical framework evolves. Material changes will be notified via the platform dashboard or through official email communication.
12. Contact Information
Cosmic-al S.A.S. de C.V. — Official Support Desk Email: b2b@cosmic-al.com