Welcome to Kosmo Research ("Company", "we", "our", "us"). This Privacy Policy explains how we collect, use, and protect your personal information when you use our services.
Payment information (processed securely by Stripe/Fiverr)
WhatsApp AI Interviewer — Researchers:
Email address
Account information
Interview campaigns and questions you create
Payment information
WhatsApp AI Interviewer — Participants:
WhatsApp phone number
Text message responses
Voice message recordings and transcripts
AI-generated summaries of responses
Website Visitors:
Basic usage data (pages visited)
Device and browser information
IP address
3. Legal Basis for Processing (GDPR)
We process your data based on:
Contract: To deliver services you purchased
Consent: For participants (collected before interview starts) and marketing communications
Legitimate interest: To improve our services, prevent fraud, and ensure security
4. How We Use Your Information
We use your information to:
Provide and improve our services
Process payments
Send project updates and support messages
Transcribe voice messages and generate research insights
Comply with legal obligations
We do not sell your data to third parties.
5. AI Processing
Our WhatsApp AI Interviewer uses:
OpenAI GPT-4: For AI conversations and analysis
OpenAI Whisper: For voice message transcription
Voice messages are automatically transcribed. Conversations are processed to generate research summaries. We do not use your data to train AI models for other purposes.
6. Data Sharing
We share data only with:
OpenAI (USA): AI processing and transcription
Supabase (EU): Database hosting
Railway (EU/USA): Application hosting
Stripe/Fiverr: Payment processing
Legal authorities: If required by law
All providers are bound by data protection agreements.
7. International Data Transfers
Our primary data is stored in the EU (Supabase). Some processing occurs in the United States (OpenAI). We ensure appropriate safeguards including Standard Contractual Clauses (SCCs) to protect your data during international transfers.
8. Data Storage and Security
Data stored on EU servers (Supabase)
All data encrypted in transit (HTTPS/TLS)
All data encrypted at rest
Access limited to authorized personnel only
Regular security reviews
9. Your Rights (GDPR)
As an EU resident, you have the right to:
Access: Request a copy of your personal data
Rectification: Correct inaccurate data
Erasure: Request deletion of your data
Portability: Export your data in a readable format
AI Interviewer campaigns: Retained until you delete them or close your account
Participant data: Retained until researcher deletes campaign or participant requests deletion
Invoices and financial records: 7 years (legal requirement)
WhatsApp phone numbers: Deleted when campaign is deleted
11. Participant Data (AI Interviewer)
For research participants:
Consent collected before interview starts
Participants informed they are interacting with AI
WhatsApp phone numbers collected only for interview delivery
Voice messages transcribed automatically
Participants can request data deletion at any time
Data shared only with the researcher who created the campaign
Researchers are responsible for:
Informing participants about the research purpose
Ensuring appropriate consent for their specific research
Handling participant data ethically
12. Cookies
We use minimal essential cookies only for site functionality. We do not use advertising, tracking, or analytics cookies. No cookie consent banner is required.
13. Children
Our services are not intended for anyone under 18 years of age. We do not knowingly collect data from children.
14. Data Breaches
In the event of a data breach affecting your personal information, we will:
Notify affected users within 72 hours
Notify relevant supervisory authorities as required
Take immediate steps to mitigate the breach
15. Changes to This Policy
We may update this policy. Changes will be posted on this page with an updated date. Continued use of our services after changes constitutes acceptance.