Legal

Privacy Policy

How we collect, use and protect your data — and the rights you have under the GDPR.

Last updated: June 10, 2026
Working draft — have your legal counsel review this page and replace the bracketed placeholders before publishing.

1. Who we are

Cosmiq is operated by [Company legal name], registered at [registered address] (“Cosmiq”, “we”). We are the data controller for the personal data described in this policy. You can reach us at privacy@cosmiq.studio.

2. What data we collect

  • Account data — name, email address, password hash, plan and language preferences.
  • Content — prompts you write, reference files you upload, and the assets you generate (your Spaces, templates and library).
  • Billing data — plan, invoices and payment status. Card details are processed by our payment provider; we never store full card numbers.
  • Usage data — features used, renders started, device and browser information, IP address, approximate location.
  • Support data — messages you send us and related context.

3. Why we process it

  • To provide the service (contract) — running your generations, storing your assets, billing your plan and credits.
  • To improve and secure Cosmiq (legitimate interest) — debugging, abuse prevention, aggregate product analytics.
  • To send you product updates (consent) — you can unsubscribe at any time.
  • To meet legal obligations — accounting, tax and lawful requests.

4. AI model providers

When you run a generation, the relevant parts of your prompt and reference files are sent to the third-party model provider you selected (for example OpenAI, Anthropic, Google or ByteDance) so the output can be produced. Providers act under data processing agreements; we do not allow them to use your content to train their models where the provider offers that control.

5. Who we share data with

Hosting and storage providers, the payment processor, the model providers above, analytics (only with your consent) and professional advisers where required. We never sell personal data.

6. International transfers

Where data leaves the EEA, we rely on adequacy decisions or Standard Contractual Clauses with additional safeguards.

7. How long we keep it

Account and content data: for the life of your account and up to [30] days after deletion. Invoices: as long as tax law requires. Usage logs: up to [12] months.

8. Your rights

Under the GDPR you can request access, rectification, erasure, restriction, portability, and object to processing based on legitimate interest. Where processing is based on consent, you can withdraw it at any time. Write to privacy@cosmiq.studio — we respond within one month. You can also lodge a complaint with your local supervisory authority.

9. Cookies

See our Cookie Policy for what we set and how to change your choice.

10. Children

Cosmiq is not directed at children under 16 and we do not knowingly process their data.

11. Changes

We will notify you of material changes by email or in the app before they take effect.