Discovery Services About Podcast

Sign in Start the discovery

AI implementation for small business. No hype. Just ground truth.

NavigateDiscovery Services About Podcast

LegalPrivacy Contact

© 2026 Cosa. All rights reserved.

Est. 2025 — Architected for the Peak.

Privacy

Your audit data, handled with care.

Last updated 3 May 2026. Contact privacy@cosaconsult.com for questions or to exercise your rights.

What we collect

Account info: email and display name when you sign up.
Audit content: written answers, voice recordings, screen recordings, and analyses you provide or that the platform produces from your input.
Payment info: handled by Stripe — we never see your full card number.
Usage telemetry: error reports and product analytics (page views, click events) so we can fix bugs and improve flows. No identifying content from your audit answers is included.

How we use it

To run the audit you signed up for and deliver the playbook.
To send transactional emails (sign-in codes, audit notifications, reminders).
To improve the platform — error reports and aggregate analytics only.

Who can see your audit content

You and the Cosa team analysts working on your audit.
Your nominated end-users only see their own intake (not other end-users' answers).
Stakeholders see the published playbook deliverable, plus visibility into their nominees' progress.
Cosa never sells, shares, or trains third-party AI models on your audit content. Where we use Vertex AI for analysis, the contractual no-train terms apply.

How long we keep it

Audit data is retained for the duration of the engagement plus 12 months for retainer continuity.
Recordings older than 24 months are automatically deleted unless you request earlier removal.
You can request deletion of your account and all associated data at any time by emailing privacy@cosaconsult.com.

Subprocessors

Stripe — payment processing.
Supabase — database and file storage.
Google Cloud Vertex AI — screen-recording analysis and voice transcription (no-train enterprise tier).
Mailgun — transactional email.
Sentry — error monitoring (best-effort PII scrubbing).
PostHog — product analytics (no audit content, only UI events).

Your rights

You can access, correct, export, or delete your data at any time. Contact privacy@cosaconsult.com to exercise any of these rights.
We respond to verified requests within 30 days.

Changes

If we make material changes to this policy, we'll email registered stakeholders before they take effect.

See also our terms of service.