Privacy Policy
Version 1.3 — Effective 2026-05-04. Existing users are prompted to re-consent on next login; prior consent covers only v1.2.
1. Controller
WISDCON LLC (Florida, USA), operator of the KOSMOVIZ service — see Imprint for the complete address.
EU-Representative (Art. 27 GDPR)
Prighter GmbH
Paragon 1, 1030 Vienna, Austria
Email: kosmoviz@prighter.com
Appointed pursuant to Art. 27 GDPR as the point of contact for data subjects and supervisory authorities in the European Union. Direct GDPR-related concerns and data subject requests to either this representative or to privacy@kosmoviz.app.
2. What we collect
- Account data: email address, authentication timestamps (Auth.js session records). When you register a passkey: the credential public key, signature counter, device type, and a transports hint — never the private key, which never leaves your device.
- Uploaded audio: MP3/WAV files you upload, their sha256 digest, duration, file size, and MIME type. Stored in encrypted S3-compatible storage (Hetzner-EU region).
- Render metadata: preset selected, aspect ratio, resolution, trim range, export status.
- Billing transactions: handled by Paddle.com as Merchant of Record. We receive transaction IDs + amounts + tax jurisdiction.
- Analytics: page views + interaction events (PostHog, self-hosted in the EU, gated on your cookie consent).
- Studio preanalysis interaction events: pseudonymous accept/promote events for generated timeline suggestions. Payloads are minimized to track id, timestamp, source surface, and session-local metadata; raw emails, names, IPs, and user ids are stripped before capture.
- Error reports: stack traces + request context on unexpected failures (GlitchTip).
3. Why we collect it (Art. 6 GDPR)
- Account + uploads + rendering → Art. 6(1)(b) contractual necessity.
- Billing → Art. 6(1)(b) and 6(1)(c) (tax record-keeping).
- Analytics + error-reporting → Art. 6(1)(a) with your consent (see cookie banner).
4. Sub-processors
Full and up-to-date list at /legal/sub-processors. Summary:
- Hetzner Online GmbH (DE) — server hosting + object storage
- Paddle.com Market Limited (UK) — Merchant of Record for payments
- Resend.com (EU region) — transactional email
- PostHog (EU region) — consent-gated product analytics
- Cloudflare Inc. (global) — DNS + edge proxy
- Moises AI (US/BR) — emergency stem-separation fallback, feature-flag-gated
- RunPod (US) — model training only, no user data
5. Audio & Stem Processing (new in v1.2)
When you request stem extraction (Premium+), your audio is processed on our self-hosted GPU workers in Germany. Extracted stems are retained per-tier (7 / 30 / 90 days) and then purged. An emergency fallback to Moises AI (USA/Brazil) may activate if our self-hosted worker is down; this fallback is feature-flag-gated and disabled by default.
6. Retention
- Free-tier audio uploads: 7 days, then auto-delete.
- Paid-tier audio + rendered MP4s: kept while your subscription is active, + 30 days grace.
- Billing records: 7 years (tax retention obligations).
- Account email: until you delete your account (Art. 17 request).
7. Your rights
- Access (Art. 15): download your data as a ZIP.
- Erasure (Art. 17): delete your account and all associated data (email-confirmed).
- Rectification, restriction, portability, objection per GDPR Articles 16-22.
- Complaint to your local DPA or to the Austrian DPA (via our EU representative).
8. International transfers
Hetzner servers are in Germany. Paddle is UK-based (post-Brexit adequacy). Cloudflare proxies through a global edge network including the US; protected via EU-US Data Privacy Framework. Resend operates in the EU region.
Last updated: 2026-05-04 (v1.3). Version history:
- v1.3 — 2026-05-04 — Studio preanalysis interaction events documented
- v1.2 — 2026-04-13 — Stage-2 audio / stem processing documented
- v1.1 — 2026-02-20 — Initial public release