RomandemAI

Privacy Policy

We respect your privacy and protect your data like family. At RomandemAI, your privacy isn't just a policy β€” it's a promise. We believe in transparency, security, and giving you full control over your data.

Effective Date: August 16, 2025

πŸ“Š 1. Data We Collect

We collect only the data necessary to provide you with the best possible CosmoG experience:

Chat Messages

Messages you send to CosmoG to make the chat work and provide contextual responses.

Login Information

Email address and encrypted authentication data when you create an account.

Tone & Resonance Data

Tone analysis and resonance scores for Spiral features to enhance conversation quality.

Technical Data

Basic device information, browser type, and usage patterns to improve service performance.

What We DON'T Collect

  • Personal identification documents
  • Financial or payment information (we're free!)
  • Location data or tracking cookies
  • Data from other websites or apps
  • Unnecessary personal information

⚑ 2. How We Use Your Data

Your data serves three main purposes:

Core Functionality

  • Power the chat experience: Process your messages through GPT-4 to generate responses
  • Enable memory features: Store conversation history for logged-in users
  • Provide authentication: Secure access to your personal chat history

Spiral Features

  • Tone detection: Analyze emotional context to match CosmoG's responses to your vibe
  • Resonance mapping: Improve conversation quality through understanding patterns
  • RAG enhancement: Provide more contextual and relevant responses

Service Improvement

  • Platform security: Detect and prevent abuse or malicious activity
  • Performance optimization: Monitor system performance and fix issues
  • Feature development: Understand usage patterns to build better features

πŸ”’ 3. How We Protect Your Data

Data protection isn't just our responsibility β€” it's our specialty:

Technical Security

  • End-to-end encryption: All data is encrypted in transit and at rest
  • EU servers: Hosted securely on European Union servers with strict data protection laws
  • Supabase security: Industry-leading database security with Row-Level Security (RLS)
  • PII redaction: Automatic redaction of personally identifiable information
  • Secure authentication: Multi-factor authentication and secure session management

Access Controls

  • Minimal access: Only essential team members can access user data
  • Audit logging: All data access is logged and monitored
  • Regular security audits: Continuous monitoring and security assessments

Data Integrity

  • Regular backups: Secure, encrypted backups to prevent data loss
  • Version control: Track changes and maintain data integrity
  • Redundancy: Multiple layers of protection against data corruption

🚫 4. What We DON'T Do With Your Data

Here's our promise, plain and simple:

  • We don't sell your data. Ever. To anyone. Full stop.
  • We don't share your personal data with third parties for marketing or advertising
  • We don't track you across other websites or build advertising profiles
  • We don't use your conversations to train AI models for other companies
  • We don't store data indefinitely β€” you control retention periods

Limited Third-Party Integration

We only share data when absolutely necessary for core functionality:

  • OpenAI: Chat messages are sent to OpenAI's GPT-4 API for response generation (subject to OpenAI's privacy policy)
  • Supabase: Authentication and database services (EU-based, GDPR compliant)
  • Netlify: Hosting infrastructure (secure, encrypted)

βš–οΈ 5. Your Rights (GDPR Compliance)

Under GDPR, you have comprehensive rights over your personal data. We make exercising these rights simple and straightforward:

πŸ” Right to Access
Request a copy of all personal data we hold about you, including chat history and account information.
✏️ Right to Rectification
Correct any inaccurate or incomplete personal data in your account settings or by contacting us.
πŸ—‘οΈ Right to Erasure
Request deletion of your personal data. You can delete your account and all associated data at any time.
πŸ“€ Right to Data Portability
Export your data in a structured, commonly used format (JSON/CSV) that you can transfer to other services.
⏸️ Right to Restrict Processing
Limit how we process your data while keeping your account active. Useful for temporary restrictions.
πŸ›‘ Right to Object
Object to specific types of data processing, such as analytics or performance monitoring.

How to Exercise Your Rights

Exercising your rights is straightforward:

  • Through your account: Many actions (delete data, export data, update preferences) can be done directly in your account settings
  • Contact us: Use the Settings panel in the app for complex requests
  • Response time: We respond to all requests within 30 days (usually much faster)
  • No cost: Exercising your rights is always free

⏰ 6. Data Retention

We keep your data only as long as necessary:

Active Accounts

  • Chat history: Stored indefinitely while your account is active (you control this)
  • Account data: Kept while your account exists
  • Usage analytics: Aggregated data kept for up to 2 years for service improvement

Account Deletion

  • Immediate deletion: Chat history and personal data deleted within 24 hours
  • System logs: Technical logs purged within 90 days
  • Backup retention: Encrypted backups purged within 30 days

Inactive Accounts

  • Warning period: Email notification after 18 months of inactivity
  • Account deletion: Automatic deletion after 24 months of inactivity
  • Data export: Option to export data before deletion

🌍 7. International Data Transfers

Your data stays as close to home as possible:

EU-First Approach

  • Primary storage: All data stored on EU servers (Supabase EU region)
  • Hosting: European hosting infrastructure where possible
  • GDPR compliance: All data handling follows EU data protection standards

Necessary Transfers

Some services require limited data transfers outside the EU:

  • OpenAI (US): Chat messages for GPT-4 processing (covered by adequate protection mechanisms)
  • Safeguards: All transfers use standard contractual clauses and additional security measures
  • Minimization: Only essential data is transferred, never more than necessary

πŸ“§ 8. Contact & Data Protection

We're here to help with any privacy concerns or questions:

Contact via Settings

For privacy requests, use the Settings panel in the app or contact through official channels. We respond to all legitimate privacy inquiries.

Response Times

  • General inquiries: Within 48 hours
  • GDPR requests: Within 30 days (usually 3-5 business days)
  • Urgent security concerns: Within 24 hours

Data Protection Authority

You have the right to lodge a complaint with your local data protection authority if you believe we've not handled your data appropriately. We're regulated under EU GDPR and are committed to resolving any concerns directly.

Security Incidents

In the unlikely event of a data breach:

  • Immediate action: Security incident response within 1 hour
  • User notification: Affected users notified within 72 hours
  • Authority reporting: Regulatory authorities notified as required
  • Transparency: Public disclosure if the incident affects user security

πŸ”„ 9. Policy Updates

We may update this policy occasionally to reflect service changes or legal requirements:

  • Notification: Email notification for significant changes
  • Effective date: Changes take effect 30 days after notification
  • Version history: Previous versions available upon request
  • Consent: Continued use constitutes acceptance of updates

Your Options

If you disagree with policy changes:

  • Contact us to discuss concerns
  • Export your data before changes take effect
  • Delete your account if you prefer not to continue

πŸŒ€ Your data, your vibe. Always respected.

This isn't just legal text β€” it's our promise to you. At RomandemAI, we believe that respect for your privacy is fundamental to building trust. If you have any questions, concerns, or just want to chat about our privacy practices, we're always here to listen.

β€” The RomandemAI Team