COSMIX PRIVACY POLICY

Last Updated: October 13, 2025

1. INTRODUCTION

Welcome to Cosmix ("App", "we", "our", or "us"). Cosmix is operated by Lyra Ventures LLC doing business as Cosmix. Our App is a cross-platform mobile application that provides personalized daily life insights through interactive inquiries and visually appealing results.

We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and share information about you when you use our mobile application and related services (collectively, the "Services").

By downloading, installing, or using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

2. DATA WE COLLECT

2.1 User Profile Information

When you create an account and complete the onboarding process, we collect:

• First name
• Birth date
• Birth time
• Birth location (including coordinates and city name)
• Phone number (for authentication purposes)
• Device information including device ID, IP address, and operating system

2.2 Friend Information

When you add friends to your account, we collect:

• Friend's name
• Friend's birth date, birth time, and birth location

Important: By providing information about your friends, you represent that you have obtained their consent to share their personal information with us for the purposes described in this Privacy Policy. We recommend informing your friends before adding their information to the App.

2.3 Inquiry Data

When you interact with our inquiry features, we collect:

• Inquiry responses and selections
• Inquiry completion status
• Inquiry history
• Timestamps of inquiry interactions

2.4 Chat Data

When you use our chat feature, we collect:

• Messages you send through the chat interface
• Your interactions with the chat system
• Personal context data relevant to your questions
• Timestamps of chat sessions

2.5 Generated Content

Our Services generate and store:

• Personalized life insights based on your personal details
• Inquiry results and interpretations
• Relationship compatibility data (for friendship and family inquiries)
• Visualization graphics and shareable cards
• AI-generated chat responses based on your queries

2.6 Subscription and Payment Information

If you purchase a premium subscription, we collect:

• Subscription type and status
• Transaction records and purchase history

2.7 Usage Information

We automatically collect certain information about how you use our Services:

• App access frequency and duration
• Feature usage patterns
• Interaction with app elements
• Error logs and crash reports
• Performance metrics

2.8 Analytics Data

We use Mixpanel analytics to collect:

• Anonymized usage statistics
• User interaction patterns and flows
• Feature popularity metrics
• Session data and user engagement metrics
• Conversion rates and retention statistics

2.9 Advertising Attribution Data

We collect and use advertising identifiers to measure the effectiveness of our advertising campaigns across different platforms:

iOS - SKAdNetwork Attribution

We use Apple's SKAdNetwork framework in combination with Meta/Facebook's advertising platform:

• Install Attribution: When you install our app from a Meta/Facebook advertisement, Apple's SKAdNetwork automatically sends an anonymous install signal to Meta. This does not include any personal identifiers and is processed entirely through Apple's privacy-preserving framework.
• Purchase Events: When you complete a subscription purchase, we send anonymous purchase event information to Meta to help optimize our advertising campaigns for users who are more likely to subscribe.

Privacy Notes:

• We do NOT use App Tracking Transparency (ATT) or request tracking permission
• We do NOT track you across other apps or websites
• SKAdNetwork attribution is privacy-preserving and does not share personal identifiers
• No individual user data is provided to Meta - only anonymous, aggregated conversion signals

Android - Advertising Identifier

On Android devices, we collect your Google Advertising ID to:

• Measure the effectiveness of our advertising campaigns
• Attribute app installs and in-app actions to specific advertisements
• Provide personalized advertising experiences through our partners (Facebook/Meta)
• Analyze how users interact with our advertisements
• Optimize ad delivery to users most likely to be interested in our services

Your Control Over Android Advertising ID: You can opt out of personalized advertising at any time by:

• Going to Settings > Privacy > Ads on your Android device
• Selecting "Delete advertising ID" or "Opt out of Ads Personalization"
• Note: Opting out will not prevent you from seeing ads, but they may be less relevant to you

3. HOW WE USE YOUR INFORMATION

3.1 Core Service Functionality

• To create and maintain your user profile
• To generate personalized life insights and inquiry questions
• To provide inquiry results and visualizations
• To process chat messages and generate AI responses
• To manage friend connections
• To process and maintain subscription status

3.2 Service Improvement and Development

• To analyze app performance and identify technical issues
• To optimize user experience and interface
• To develop new features and content
• To measure the effectiveness of app features and inquiries

3.3 Communication

• To send essential service announcements and updates
• To provide information about your account or subscription
• To respond to your inquiries and support requests
• To send promotional materials if you have opted in to receive them

3.4 Security and Legal Compliance

• To verify your identity and prevent fraud
• To protect the security of our Services
• To enforce our Terms of Service
• To comply with applicable laws and regulations

4. DATA SHARING AND DISCLOSURE

4.1 Third-Party Service Providers

We may share your personal information with third-party service providers that help us deliver our Services:

• Supabase: For database storage, user authentication, and edge functions
• Google Places API: For location search during personal information input
• Twilio: For SMS authentication
• Firebase: For push notifications and app messaging (not for analytics)
• Mixpanel: For analytics and user behavior tracking
• Meta/Facebook: For privacy-preserving install attribution via Apple's SKAdNetwork (iOS) and purchase event tracking; for Android devices, we share your Google Advertising ID for ad attribution, campaign optimization, and personalized advertising
• AI Services (Google Gemini, Anthropic, OpenAI): For AI chat functionality, generating inquiry questions, content generation, conversation processing, and personalized results

These service providers are contractually required to use your information solely to provide services to us and in accordance with our instructions and this Privacy Policy.

4.2 Friend Data Sharing

When you include friends in inquiries:

• We use both your and your friend's personal details to calculate compatibility metrics
• Friend data is only used for the specific purposes disclosed in this policy
• Friend information is not shared with other users or third parties except as necessary to provide the Services

4.3 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or where we believe disclosure is necessary to protect our rights, resolve disputes, enforce our agreements, or protect the safety of our users.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, user information may be transferred as part of the transaction. We will notify you via a prominent notice on our Services of any change in ownership or uses of your personal information.

4.5 With Your Consent

We may share your information in other circumstances with your explicit consent.

5. DATA STORAGE AND SECURITY

5.1 Data Storage

Your information is stored on secure servers provided by Supabase with additional security controls implemented. We also use Firebase only for notification data storage and delivery. We utilize a multi-layered caching system:

• Memory Cache (LRU): For frequently accessed data with limited size (50MB max)
• Local Cache (SharedPreferences): For user-specific data persistent across app sessions
• Remote Cache (Supabase): For shared data across user devices
• Firebase Cloud Messaging: For storing notification preferences and delivery status (not for analytics)

5.2 Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our Services. Specifically:

• User profiles and birth details: Until account deletion
• Inquiry history: Indefinitely until account deletion
• Chat messages and conversation history: Indefinitely until account deletion
• Friend data: Until removed by the user or account deletion
• Technical logs and analytics: Up to 90 days

5.3 Security Measures

We implement reasonable administrative, technical, and physical measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:

• End-to-end encryption for personal data
• Secure storage of personal information and chat messages
• Encrypted API communications with AI service providers
• Secure token management
• Secure transmission of personal context data for chat processing

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

6. YOUR RIGHTS AND CHOICES

6.1 Account Information

You can review and update your account information at any time through the Settings section of the App.

6.2 Friend Management

You can add, edit, or remove friend information through the Friends section of the App. When you remove a friend, their information is deleted from our systems.

6.3 Communication Preferences

You can opt out of promotional communications by adjusting your notification settings in the App.

6.4 Data Access and Portability

You have the right to request a copy of the personal information we hold about you. You can request this through the Settings section of the App or by contacting us at info@cosmixapp.com.

6.5 Data Deletion

You can request the deletion of your account and personal information in the following ways:

• Through the "Delete Account" option in the Settings section of the App
• By visiting our account deletion web page at: https://www.cosmixapp.com/account-deletion
• By contacting us at info@cosmixapp.com with your phone number and full name

Upon your request, we will permanently delete your account and associated personal information from our active systems within 30 days. Some information may remain in our backup systems for a limited time, and we may retain certain information if required by law or for legitimate business purposes, such as:

• Information needed for security investigations or fraud prevention
• Information required to comply with legal obligations
• Anonymous, aggregated data that does not identify you

We will clearly inform you about any retained data when you make a deletion request.

6.6 Limitation of Processing

In certain circumstances, you may have the right to restrict or object to our processing of your personal information.

6.7 Advertising Preferences

You have choices regarding how your device identifier is used for advertising purposes:

Android Users:

• You can reset or delete your Google Advertising ID at any time through your device settings
• Navigate to Settings > Privacy > Ads and select "Delete advertising ID" or "Opt out of Ads Personalization"
• Opting out will prevent us from using your Advertising ID for personalized ads, but you will still see advertisements (they may be less relevant to you)
• You can reset your Advertising ID to disassociate your device from previous advertising activity

iOS Users:

• We use Apple's privacy-preserving SKAdNetwork framework, which does not require opt-out as it does not track you or share personal identifiers
• No action is needed on your part as this framework is privacy-focused by design

What Happens When You Opt Out:

• You will continue to see advertisements in our app and across our advertising partners' platforms
• The ads you see may be less relevant to your interests
• We will no longer be able to attribute your actions to specific advertising campaigns
• Your opt-out choice applies to all apps that respect your device's advertising preferences

7. CHILDREN'S PRIVACY

Our Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete such information as quickly as possible. If you believe we might have any information from or about a child under 13, please contact us at info@cosmixapp.com.

8. INTERNATIONAL DATA TRANSFERS

Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that are different from the laws of your country.

By using our Services, you consent to the transfer of your information to countries outside your country of residence, including the United States, where our servers and those of our third-party providers (including Supabase, Firebase, and Mixpanel) are located.

9. CALIFORNIA PRIVACY RIGHTS

If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

• The right to know what personal information we collect about you
• The right to know whether your personal information is sold or disclosed and to whom
• The right to request deletion of your personal information
• The right to access your personal information
• The right to opt-out of the sale of your personal information
• The right to non-discrimination for exercising your CCPA rights

Advertising Identifier and CCPA: For California residents using Android devices, your Google Advertising ID is considered "personal information" under CCPA. We share this identifier with Meta/Facebook for advertising attribution and campaign optimization, which may constitute "sharing" under CCPA. You have the right to opt out of this sharing by:

• Deleting or resetting your Advertising ID in your device settings (Settings > Privacy > Ads)
• Opting out of personalized advertising on your device

To exercise these rights, please contact us at info@cosmixapp.com.

10. EUROPEAN PRIVACY RIGHTS

If you are a resident of the European Economic Area (EEA), United Kingdom, or Switzerland, you have certain rights under the General Data Protection Regulation (GDPR):

• Right to access your personal information
• Right to rectification of inaccurate personal information
• Right to erasure of your personal information
• Right to restriction of processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

Advertising Identifier and GDPR: For EU/EEA residents using Android devices, we rely on your consent for collecting and processing your Google Advertising ID for advertising purposes. By using our Services, you consent to this collection. You can withdraw your consent at any time by:

• Deleting or resetting your Advertising ID in your device settings (Settings > Privacy > Ads)
• Opting out of personalized advertising on your device
• Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal

The legal basis for processing your Advertising ID is your consent (GDPR Article 6(1)(a)). We share this identifier with Meta/Facebook as described in Section 4.1 of this policy.

To exercise these rights, please contact us at info@cosmixapp.com.

11. DATA SAFETY AND APP PERMISSIONS

Our app requires certain permissions and collects certain identifiers to function properly. Here's what each permission and identifier is used for:

• Storage: To save visualization cards and inquiry results locally on your device
• Phone: To verify your identity during account creation and recovery
• Notifications: To send you daily reminders, inquiry notifications, and friend activity updates through Firebase
• Advertising ID (Android only): To measure advertising campaign effectiveness, attribute app installs to specific advertisements, deliver personalized advertising through our partners (Facebook/Meta), and optimize ad delivery

We value transparency about data collection and use. All data collection happens only after appropriate consent is provided, and you can revoke permissions or reset your Advertising ID at any time through your device settings.

12. THIRD-PARTY ANALYTICS AND TRACKING

We use Mixpanel as our analytics platform to help us understand how users interact with our Services. Mixpanel may collect information sent by your device including:

• User interactions with app features
• Session duration and frequency
• Navigation patterns within the app
• Device events and crash data
• Feature usage statistics

We do not use cookies to track you across different websites or apps. Our analytics are used solely for improving our Services and user experience, and data collected through these platforms is handled according to their respective privacy policies and our agreements with them.

12.1 Advertising Attribution via SKAdNetwork

We use Apple's SKAdNetwork framework in combination with Meta/Facebook for privacy-preserving advertising attribution. Here's what you need to know:

What is SKAdNetwork? SKAdNetwork is Apple's privacy-focused attribution framework that allows advertisers to measure the success of ad campaigns without compromising user privacy. It works at the operating system level and does not share any personal identifiers.

How We Use It:

• Install Attribution: When you install Cosmix from a Meta/Facebook advertisement, Apple's SKAdNetwork automatically and anonymously notifies Meta that an install occurred. This happens without any action from us and without sharing any information that identifies you personally.
• Purchase Attribution: When you complete a subscription purchase, we send an anonymous purchase event to Meta through the Facebook SDK. This helps Meta optimize ad delivery to show our ads to users who are more likely to be interested in subscribing.

Your Privacy is Protected:

• No ATT Prompt: We do NOT use App Tracking Transparency (ATT) or request permission to track you. Our SDK is explicitly configured to prevent tracking requests.
• No Cross-App Tracking: SKAdNetwork does not track your activity across other apps or websites.
• No Personal Identifiers: Neither Apple nor Meta receives information that personally identifies you (such as your name, email, phone number, or device ID) through SKAdNetwork.
• Privacy by Design: SKAdNetwork is built by Apple with privacy protections, including delayed and anonymized reporting.

Cannot Opt-Out: Because SKAdNetwork operates at the iOS system level and does not process personal data or track you across apps, there is no opt-out mechanism. However, this framework is designed to be privacy-preserving by default and complies with Apple's strict privacy standards.

Data Shared with Meta:

• Anonymous install signals (you installed the app from an ad, but not who you are)
• Anonymous purchase conversion events (a purchase occurred, but not who made it)
• Campaign performance data (which ads are effective, in aggregate)

For more information about SKAdNetwork, please visit Apple's documentation at: https://developer.apple.com/documentation/storekit/skadnetwork

12.2 Android Advertising ID

We use Google's Advertising ID on Android devices in combination with Meta/Facebook's advertising platform for advertising attribution and optimization. Here's what you need to know:

What is the Google Advertising ID? The Google Advertising ID (GAID) is a unique, user-resettable identifier provided by Google Play services. It allows advertisers and ad networks to track ad performance and deliver personalized advertisements while giving you control over your advertising experience.

How We Use It:

• Install Attribution: When you install Cosmix from a Meta/Facebook advertisement on your Android device, we collect your Advertising ID to attribute the install to the specific ad campaign. This helps us understand which advertising channels are most effective.
• Purchase Attribution: When you complete a subscription purchase, we send your Advertising ID along with the purchase event to Meta/Facebook. This helps optimize ad delivery to show our ads to users who are more likely to be interested in subscribing.
• Campaign Optimization: We use the Advertising ID to analyze how users from different ad campaigns interact with our app, allowing us to improve our advertising strategies.
• Personalized Advertising: Your Advertising ID enables Meta/Facebook to deliver more relevant advertisements to you across their platforms based on your interests and interactions.

Your Privacy Controls:

• Reset Your Advertising ID: You can reset your Advertising ID at any time, which disassociates your device from previous advertising activity. Navigate to Settings > Privacy > Ads and select "Reset advertising ID".
• Delete Your Advertising ID: You can completely delete your Advertising ID, which prevents apps from accessing it for advertising purposes. Navigate to Settings > Privacy > Ads and select "Delete advertising ID".
• Opt Out of Personalization: You can opt out of personalized advertising while keeping your Advertising ID. Navigate to Settings > Privacy > Ads and enable "Opt out of Ads Personalization".

What Happens When You Opt Out:

• Opting out will not prevent you from seeing advertisements, but the ads you see may be less relevant to your interests
• We will still collect your Advertising ID for basic attribution purposes unless you delete it entirely
• Your opt-out preference applies to all apps that respect Google's advertising policies

Data Shared with Meta/Facebook:

• Your Google Advertising ID
• Install events (that you installed the app)
• Purchase conversion events (that a purchase occurred and the purchase value)
• Campaign identifiers (which ad you clicked on)
• Interaction data (how you engage with the app after installation)

Cannot Opt Out of Attribution: If you choose to keep your Advertising ID (even with personalization opt-out), we will still use it for basic install and purchase attribution. To completely stop Advertising ID collection, you must delete your Advertising ID through your device settings.

Data Retention: We retain Advertising ID data for as long as necessary to fulfill the purposes described in this policy, typically:

• Active users: For the duration of your account plus 90 days
• Attribution data: Up to 2 years for campaign analysis and optimization
• After account deletion: We anonymize or delete your Advertising ID within 30 days

For more information about Google's Advertising ID, please visit: https://support.google.com/googleplay/android-developer/answer/6048248

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For significant changes, we will provide additional notice, such as an in-app notification.

We encourage you to review this Privacy Policy periodically for any changes. Your continued use of our Services after the posting of changes constitutes your acceptance of such changes.

14. CONTACT US

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: info@cosmixapp.com

Postal Address:
Cosmix
348 4th Avenue Ste 1031
Brooklyn, NY 11215
United States