Privacy Policy

Last updated: June 22, 2021

The privacy of your data—and it is your data, not ours!—is a big deal to us. We’ll only ever access your account to help you with a problem or squash a software bug. We’ll never open any uploaded files unless you ask us to. We log all access to all accounts by IP address, so we can always verify that no unauthorized access has happened for as long as the logs are kept.

For clarity, “we” are Notioneer, Inc. and “Cosmic” are all the services offered under the Cosmic name, including Cosmic and AuthRocket.

Identity & access

When you sign up for Cosmic, we ask for your name, company name, and email address. That’s so you can personalize your new account, and we can send you invoices, updates, or other essential information. We may also send you non-essential information (like info about other services we offer), but you may opt-out at any time. We’ll never sell your personal info to third parties, and we won’t use your name or company in marketing statements without your permission, either.

When you pay for Cosmic, we ask for your credit card, billing address, and tax ID. That’s so we can charge you for service, calculate taxes due, and send you invoices. Your credit card is passed directly to our payment processor and doesn’t ever go through our servers. We store a record of the payment transaction, including the last 4 digits of the credit card number, for account history, invoicing, and billing support. We store your billing address and tax ID to calculate any taxes due, to detect fraudulent transactions, and to print on your invoices.

When you write Cosmic with a question or to ask for help, we’ll keep that correspondence, and the email address, for future reference. When you browse our marketing pages or use our services, we’ll track that for statistical purposes (like conversion rates and testing new designs). We also store any information you volunteer, like surveys, for as long as it makes sense.

The only times we’ll ever share your info:

Your rights with respect to your information

You may have heard about certain privacy regulations across the world, such as the General Data Protection Regulation (“GDPR”) in Europe or the California Consumer Privacy Act (“CCPA”). Both the GDPR and CCPA give people under their jurisdiction certain rights with respect to their personal information collected by us on the Site. If you are covered by the GDPR or CCPA, Notioneer recognizes and will comply with the set of rights by which you are covered, except as limited by applicable law. For all other persons, we will still endeavor to afford you similar benefits. The rights under GDPR (which are the broadest set) include:

Most of these rights and benefits can be exercised by signing in and directly updating your account information. If you have questions about exercising these rights or need assistance, please contact us at .

Processors we use

As part of the services we provide, we use third party processors to process some or all of your personal information. Such processors include cloud hosting and infrastructure, logging, error tracking, email delivery, financial processing, and customer support services.

Law enforcement

Notioneer won’t hand your data over to law enforcement unless a court order says we have to. We reject requests from local and federal law enforcement when they seek data without a court order. And unless we’re legally prevented from it, we’ll always inform you when such requests are made.

Security & Encryption

All data is encrypted via SSL/TLS when transmitted from our servers to you. All passwords use the Bcrypt one-way hash algorithm. Data isn’t encrypted while it’s live in our database (since it needs to be ready to send to you when you need it), but we go to great lengths to secure your data at rest.

Deleted data

When you cancel one or more services, service data is promptly deleted from the databases where it is stored. Copies of that data may persist in backups for a month, and logs of activity relating to that data may persist for a year. If you cancel your entire account, some non-service data (like billing history) may be kept as part of our own records.

Location of services & data

Our sites and services are operated primarily in the United States. If you are located in the European Union or elsewhere outside of the United States, please be aware that any information you provide to us will be transferred to the United States. Some services may also transfer data to other countries if configured by you to do so. By using our sites, participating in any of our services, or providing us with your information, you consent to these transfers.

Changes & questions

Notioneer may update this policy periodically. You can access, change or delete most of your personal information at any time by logging in. For anything else, or if you have any trouble, contact our support team.

Questions about this privacy policy? Please get in touch and we’ll be happy to answer them!

Notioneer policies are open source, licensed under CC BY 4.0.
Adapted from Basecamp open-source policies / CC BY 4.0.