Cosmos Calendar
Privacy Policy — Cosmos Calendar
Last Updated: 24 March 2026
Introduction
Cosmos Calendar ("we", "our", or "the App"), operated by Cosmos One, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use Cosmos Calendar.
Cosmos Calendar is powered by Cosmos Services, a cloud-based API platform operated by Cosmos One that provides AI chat services, authentication, subscription management, and usage tracking. You interact with Cosmos Services through Cosmos Calendar — when you sign in with your Google account, the app communicates with Cosmos Services on your behalf.
By using Cosmos Calendar, you agree to the practices described in this Privacy Policy. If you do not agree, please stop using the App and uninstall it from your device.
Overview
Cosmos Calendar is an Android mobile application that combines AI-powered conversational assistance with Google Calendar integration. Users can chat with an AI assistant and create, edit, or browse calendar events extracted from conversations. The app reads and writes directly to your Google Calendar — calendar data does not pass through our servers.
Key Privacy Points:
- Authentication is handled via Google OAuth — we never see or store your Google password
- AI requests are processed by third-party providers (OpenAI, Anthropic) via Cosmos Services — not stored long-term
- Usage data (token counts, costs) is recorded for quota enforcement
- Subscription management is handled by RevenueCat via Google Play
- Google Calendar data is accessed directly from your device and does not pass through our servers
- Banner advertisements are served by Google AdMob with user consent management
- We do not sell your personal data or use it for profiling
- Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements
Google User Data
Data Accessed from Google
When you sign in with your Google account, the following data is accessed via Google OAuth and the Google ID Token:
| Google User Data | Source | Purpose |
|---|---|---|
| Google Account ID (sub) | Google OAuth / ID Token | Uniquely identify your account across sessions |
| Email address | Google OAuth / ID Token | Account identification and communication |
| Email verification status | Google OAuth / ID Token | Confirm your email is verified by Google |
| Display name | Google OAuth / ID Token | Display your name in the application interface |
| Profile picture URL | Google OAuth / ID Token | Display your avatar in the application interface |
Scopes: openid, https://www.googleapis.com/auth/userinfo.email, https://www.googleapis.com/auth/userinfo.profile
When you connect your Google Calendar, the following additional data is accessed:
| Google User Data | Source | Purpose |
|---|---|---|
| Calendar list | Google Calendar API (calendar.readonly) |
Display your calendars and their events |
| Calendar events (read) | Google Calendar API (calendar.readonly) |
Fetch and display your existing events |
| Calendar events (write) | Google Calendar API (calendar.events) |
Create, edit, and delete events on your behalf |
Scopes: https://www.googleapis.com/auth/calendar.readonly, https://www.googleapis.com/auth/calendar.events
Calendar data is only accessed when you explicitly connect your Google account and is used solely for displaying and managing your calendar within the app.
How Google User Data Is Used
- Authentication and account creation: Your Google Account ID and email address are sent to Cosmos Services to create and identify your account
- Personalization: Your display name and profile picture are shown in the app's interface
- Communication: Your email address may be used for critical account-related communications
- Calendar management: Calendar data is used to display your events, create new events from AI-assisted suggestions, and sync changes back to Google Calendar
Google user data is:
- NOT used for advertising, ad targeting, or ad personalization
- NOT used for training machine learning or AI models
- NOT used to build user profiles for sale or sharing
- NOT used for any purpose unrelated to core app functionality
How Google User Data Is Shared
- AI providers (OpenAI, Anthropic): Only chat prompts (user-typed text) are sent via Cosmos Services for AI processing. Google profile data is NOT sent to AI providers.
- RevenueCat: Only a Cosmos-internal UUID is shared for subscription management. Google profile data is NOT shared with RevenueCat.
- Database hosting (Supabase): Acts as a data processor for Cosmos Services. Supabase does not independently access or use your data.
- Google AdMob: Serves banner advertisements. AdMob may collect device advertising ID (AD_ID) subject to your consent via the UMP consent dialog. Google profile data from OAuth is NOT shared with AdMob.
- Google Calendar API: Calendar data flows directly between Google and the app on your device. Calendar data does NOT transit Cosmos Services servers.
Google user data is:
- NOT sold to third parties
- NOT shared with data brokers
- NOT provided to advertisers (Google profile data from OAuth is not shared with AdMob; AdMob operates independently via the Google Mobile Ads SDK)
- NOT shared with any unlisted party
- NOT used for any undisclosed purpose
How Google User Data Is Stored and Protected
| Data | Storage Location | Protection Method |
|---|---|---|
| Google Account ID (sub) | PostgreSQL database (Supabase) | Encrypted at rest, access-controlled |
| Email address | PostgreSQL database (Supabase) | Encrypted at rest, access-controlled |
| Display name | PostgreSQL database (Supabase) | Encrypted at rest, access-controlled |
| Profile picture URL | PostgreSQL database (Supabase) | Encrypted at rest, access-controlled |
| Google OAuth tokens | Device (EncryptedSharedPreferences) | AES-256 (Android Keystore-backed); not sent to Cosmos servers |
| Google Calendar data | Not stored on our servers | Accessed directly from Google by the client app |
Security measures:
- Encryption in transit (TLS/HTTPS) for all network communication
- Encryption at rest (Supabase infrastructure) for all stored data
- Access control restricted to authorised services
- Short-lived JWTs (5–15 min, RS256) for API authentication
- Refresh tokens stored as irreversible cryptographic hashes with rotation and reuse detection
- PII redaction in debug logging
- Admin security (argon2id hashing, session timeouts, audit logging)
- PKCE-secured OAuth authentication flow
- Android Keystore-backed AES-256 encryption for local token storage
Google User Data Retention and Deletion
| Data | Retention |
|---|---|
| Google Account ID, email, name, profile picture | Lifetime of account |
| Google OAuth/ID tokens | Transient during auth; access tokens stored locally with ~15 min expiry |
| Google Calendar data | Not stored on our servers; accessed in real-time from Google |
How to request deletion of your data:
You can request deletion of all your Google user data at any time using our self-service Account Deletion page:
- Visit https://cosmosone.cloud/account-deletion
- Sign in with the Google account you used in the app
- Select the app you want to delete your account from (e.g., Cosmos Calendar)
- Optionally provide a reason for deletion
- Click "Submit Request"
Your request will be sent to the Cosmos Services support team. Upon receiving your request, we will:
- Verify your identity (already confirmed via Google sign-in on the deletion page)
- Permanently delete your user profile (Google Account ID, email, display name, profile picture URL) from our database
- Remove all associated usage records, subscription data, and authentication data
- Confirm deletion to you via email
Deletion timeline: We will process your request within 30 days of receipt. Some audit log entries referencing your account may be retained for up to 90 days for legal compliance, after which they are permanently deleted.
Alternative contact: If you are unable to access the Account Deletion page, you can also request deletion by emailing support@cosmosone.cloud with the subject line "Data Deletion Request" and the email address associated with your account.
In-app deletion: You can also delete your account directly from the App's settings screen, which triggers the same deletion process.
App uninstallation: Uninstalling the app removes locally stored data (tokens, cached content). However, your server-side data is retained until you explicitly request deletion using the process above.
Revoking access: You can also revoke Cosmos Services' access to your Google account at any time by visiting Google Account Permissions and removing "Cosmos Services" from the list of connected apps. Revoking access will prevent further sign-ins, but to delete data already stored, please follow the deletion process above.
Google API Services: Limited Use Disclosure
Cosmos Services' use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We only use Google user data to provide and improve the user-facing features that are visible and prominent in the application's user interface.
- We do not transfer Google user data to third parties except: (a) as necessary to provide the user-facing features described in this policy, (b) to comply with applicable laws, or (c) as part of a merger, acquisition, or asset sale with prior user notice.
- We do not use Google user data for serving advertisements, including retargeting, personalised, or interest-based advertising.
- We do not allow humans to read Google user data unless: (a) we have your explicit consent, (b) it is necessary for security purposes (e.g., investigating abuse), (c) it is necessary to comply with applicable law, or (d) the data is aggregated and anonymised for internal operations.
Information We Collect
Information You Provide
- Google account information: As described in the Google User Data section above
- AI chat content: Text you type is sent to Cosmos Services for AI processing. Chat history is held in memory during your session and is not persisted to local storage or retained on our servers beyond what is needed to fulfil the request.
- Calendar events: Events you create through AI-assisted extraction are written directly to your Google Calendar via the Google Calendar API. We do not separately store copies of your calendar events.
- Subscription information: Your subscription state is managed via RevenueCat and Google Play
Automatically Collected Information
- Usage and quota data: Request counts, token usage, and cost calculations tracked against your subscription quota on a rolling 7-day window
- Subscription status: Current subscription state (active, trial, cancelled, etc.) maintained server-side for entitlement enforcement
- Authentication metadata: Session tokens, auth state, and audit logs
- Advertising data: Google AdMob may collect device advertising ID (AD_ID) and ad interaction data, subject to your consent via the UMP consent dialog
Information We Do NOT Collect
- Google account password
- Payment or credit card details (handled entirely by Google Play)
- Device identifiers beyond the advertising ID (and only with consent)
- Location data
- Contacts
- Photos or media files
- Analytics or telemetry beyond usage quota tracking
How We Use Your Information
Core Functionality
- Authentication: Verify your identity via Google OAuth and manage session tokens
- AI services: Process your messages through AI models (OpenAI, Anthropic) via Cosmos Services and generate responses
- Calendar management: Read, create, edit, and delete calendar events in your Google Calendar
- Quota enforcement: Track usage against subscription limits on a rolling 7-day window
- Rate limiting: Prevent abuse by monitoring request frequency
- Subscription management: Manage subscription state and entitlements via RevenueCat
- Trial management: Track and enforce trial period limits
Platform Operations
- Security monitoring and abuse prevention
- Audit logging (admin only)
Advertising
- Banner advertisements are served by Google AdMob
- Ad personalisation is subject to your consent choices via the UMP consent dialog
- Google OAuth profile data is NOT used for ad targeting
We do not use your information for marketing, profiling, or any purpose unrelated to providing the App's services.
Data Storage and Security
Storage Architecture
| Data | Location | Protection |
|---|---|---|
| User profiles (name, email, ID) | PostgreSQL (Supabase, US East) | Encrypted at rest |
| Usage records | PostgreSQL (Supabase) | Encrypted at rest |
| Subscription state | PostgreSQL (Supabase) | Encrypted at rest |
| Refresh tokens | PostgreSQL (Supabase) | Cryptographic hashes only |
| JWT signing keys | PostgreSQL (Supabase) | AES-256 encryption |
| Admin passwords | PostgreSQL (Supabase) | argon2id hashing |
| Session data | Server memory | HttpOnly, Secure, SameSite cookies |
| Rate limit counters | Redis (prod) / memory (dev) | Ephemeral, auto-expiring |
| AI request content | Not stored | Processed in transit only |
| OAuth tokens (Cosmos + Google) | Device (EncryptedSharedPreferences) | AES-256 (Keystore-backed) |
| PKCE code verifier | Device (EncryptedSharedPreferences) | AES-256; temporary, cleared after auth |
| Chat messages (session) | Device (in-memory only) | Not persisted to storage |
| Calendar sync tokens | Device (Room database) | App-level storage |
| Calendar events | Google Calendar (via Google API) | Managed by Google |
Security Measures
- PKCE (Proof Key for Code Exchange) secures the OAuth authentication flow
- All network communication uses HTTPS/TLS
- Token rotation is enforced; reuse of an old refresh token triggers revocation of all tokens
- Access tokens have a short lifespan (~15 minutes) and are refreshed automatically
- Local token storage uses Android Keystore-backed AES-256 encryption
- Refresh tokens stored as irreversible cryptographic hashes on the server
- PII redaction in debug logging
- Admin security with argon2id hashing, session timeouts, and audit logging
Data Sharing and Disclosure
Third-Party Data Sharing
| Third Party | Data Shared | Purpose |
|---|---|---|
| OpenAI | Chat prompts (user text) | AI response generation |
| Anthropic | Chat prompts (user text) | AI response generation |
| RevenueCat | Cosmos internal UUID | Subscription management |
| Supabase | All stored user data (as processor) | Database hosting |
| Google Play Store | Standard purchase flows | App distribution, subscription billing |
| Google AdMob | Device advertising ID (AD_ID), ad interaction data | Banner advertisement serving |
We Do NOT
- Sell your personal information to any third party
- Share your data with data brokers
- Provide Google OAuth profile data to advertisers
- Use cross-app tracking of Google user data
- Share data with any unlisted party
Legal Disclosure
We may disclose your information if required by law, regulation, legal process, or enforceable governmental request.
Third-Party Services
| Service | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Google OAuth | Authentication and identity | Profile info (name, email, photo) | Google Privacy Policy |
| Google Calendar API | Read and write calendar events | Calendar data (client-side only) | Google Privacy Policy |
| Google AdMob | Banner advertisements | AD_ID, ad interactions (with consent) | Google Privacy Policy |
| Google Play Store | App distribution and billing | Standard purchase data | Google Privacy Policy |
| OpenAI | AI model inference (via Cosmos Services) | Chat prompts | OpenAI Privacy Policy |
| Anthropic | AI model inference (via Cosmos Services) | Chat prompts | Anthropic Privacy Policy |
| RevenueCat | Subscription management | Cosmos internal UUID | RevenueCat Privacy Policy |
| Supabase | Database hosting (via Cosmos Services) | Stored user data (as processor) | Supabase Privacy Policy |
Your use of these third-party services is subject to their respective privacy policies. We select providers that maintain appropriate security and privacy standards, but we are not responsible for their practices.
Data Retention
Retention Periods
| Data | Retention |
|---|---|
| Google Account ID, email, name, profile picture | Lifetime of account |
| Google OAuth/ID tokens | Transient; access tokens ~15 min expiry |
| Google Calendar data | Not stored on our servers |
| Chat history | In-memory only; cleared when session ends |
| Usage and quota data | Rolling 7-day window for enforcement; historical records retained for account lifetime |
| Subscription records | Retained for account lifetime and as required for billing and legal obligations |
Account Deletion
You can delete your account and all associated server-side data at any time:
- In the App: Use the account deletion feature in settings
- Online: Visit https://cosmosone.cloud/account-deletion
- By email: Contact support@cosmosone.cloud with subject "Data Deletion Request"
Deletion is processed within 30 days. Audit log entries may be retained for up to 90 days for legal compliance.
App Uninstallation
When you uninstall the App:
- All locally stored data (encrypted tokens, in-memory session data, cached calendar sync tokens) is removed by the Android operating system
- Server-side data (account, subscription, usage) is not automatically deleted upon uninstallation. To remove server-side data, use the account deletion process above before uninstalling.
- Calendar events created through the App remain in your Google Calendar and must be removed directly from Google Calendar if desired
Revoking Google Access
You can revoke Cosmos Services' access to your Google account at any time by visiting Google Account Permissions and removing "Cosmos Services" from the list of connected apps. Revoking access will prevent further sign-ins, but to delete data already stored, please follow the deletion process above.
Your Privacy Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of your personal data (available via in-app data export)
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your account and data (see Account Deletion above)
- Portability: Request data in machine-readable format
- Objection: Object to certain processing
- Restriction: Request restriction of processing
To exercise any of these rights, contact us at support@cosmosone.cloud.
If you are located in a jurisdiction with specific data protection rights (such as the EU's GDPR or Australia's Privacy Act), we will honour applicable rights in accordance with the law.
Children's Privacy
Cosmos Calendar is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at support@cosmosone.cloud.
International Data Transfers
Your data may be processed in locations outside your country of residence:
- Cosmos Services backend and database: Hosted on Supabase in US East (N. Virginia, us-east-1)
- AI providers (OpenAI, Anthropic): May process data in the United States
- Google APIs: Processed across Google's global infrastructure
- RevenueCat: May process data in the United States
- Google AdMob: Processed across Google's global infrastructure
We ensure that any international transfers are conducted in accordance with applicable data protection laws.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in the App's features, legal requirements, or our security practices. When we make changes:
- The updated policy will be posted on our website at https://cosmosone.cloud
- The "Last Updated" date at the top of this policy will be updated
- For significant changes, we will provide notice within the App
We encourage you to review this Privacy Policy periodically.
Contact Information
If you have any questions or concerns about this Privacy Policy, please contact us:
- Email: support@cosmosone.cloud
- Subject Line: [Cosmos Calendar Privacy]
- Website: https://cosmosone.cloud
- Response Time: Within 5 business days
Summary
| Aspect | Details |
|---|---|
| Google User Data | Profile info (name, email, photo, account ID) stored server-side; calendar data accessed client-side only |
| Google Data Sharing | Profile used for account creation via Cosmos Services; NOT shared with AI providers, advertisers, or data brokers |
| Limited Use Compliance | Full compliance with Google API Services User Data Policy, including Limited Use requirements |
| AI Processing | Chat prompts sent to OpenAI/Anthropic via Cosmos Services; not stored long-term |
| Chat Content | In-memory only during session; not persisted locally or on servers |
| Authentication | Google OAuth via Credential Manager; tokens stored locally with AES-256 encryption |
| Usage Tracking | Request counts and costs on rolling 7-day window for quota enforcement |
| Subscriptions | Managed via RevenueCat through Google Play; Cosmos internal UUID only shared |
| Payment Data | Handled entirely by Google Play; not stored by Cosmos One |
| Data Encryption | AES-256 local encryption; TLS in transit; encrypted at rest on Supabase |
| Advertisements | Google AdMob banner ads; AD_ID collected with user consent via UMP dialog |
| Data Sales | None — we do not sell personal data |
| User Control | In-app data export, account deletion, and Google access revocation available |
| Data Deletion | Via app settings, cosmosone.cloud/account-deletion, or email; processed within 30 days |