Overview
COSA Studios ("we," "us," "our") respects your privacy. This policy explains what data we collect, why we collect it, and how we protect it. We believe in minimal data collection — we only gather what's necessary to provide and improve our services.
What We Collect
When You Join the Waitlist
We collect your email address. That's it. We use it solely to notify you when COSA Builder is available and to send occasional development updates. You can unsubscribe at any time.
When You Contact Us
We collect the name, email address, and message content you provide through our contact form. We use this information only to respond to your inquiry.
When You Visit Our Website
We may collect standard web analytics data including pages visited, time spent, browser type, and referring URL. We do not use invasive tracking, fingerprinting, or third-party advertising cookies. We do not sell or share this data with advertisers.
When You Use COSA Builder (Future)
When COSA Builder launches, we will collect account information (email, display name), project data (your world configurations and assets), usage data (for analytics and AI credit tracking), and payment information (processed securely through Stripe — we never store credit card numbers directly). A detailed privacy policy for the Builder platform will be published before launch.
How We Use Your Data
- To provide and maintain our services
- To communicate with you about your account or inquiries
- To send waitlist updates and development news (email only, with unsubscribe option)
- To improve our platform based on aggregate usage patterns
- To process payments securely through Stripe
- To comply with legal obligations
What We Don't Do
- We do not sell your personal data to anyone, ever
- We do not share your data with advertisers
- We do not use invasive tracking or fingerprinting
- We do not send unsolicited marketing beyond what you've opted into
- We do not store payment card details (Stripe handles all payment processing)
Data Security
We implement industry-standard security measures including encrypted connections (HTTPS), secure password hashing, role-based access controls, and regular security reviews. While no system is perfectly secure, we take reasonable precautions to protect your information.
Your Rights
You have the right to access, correct, or delete your personal data at any time. To exercise these rights, contact us at hello@cosastudios.com. We will respond within 30 days.
If you're located in the European Economic Area, you have additional rights under GDPR including data portability and the right to object to processing. We are committed to GDPR readiness.
Children's Privacy
We take children's privacy seriously. COSA Studios does not knowingly collect personal information from children under 13 without parental consent. When COSA Builder launches, we will implement age verification and parental controls in compliance with COPPA and equivalent regulations.
Cookies
Our website uses only essential cookies necessary for basic functionality (session management, CSRF protection). We do not use advertising cookies, social media tracking cookies, or third-party analytics cookies that identify individual users.
Data Retention
Waitlist emails are retained until you unsubscribe or the waitlist period ends. Contact form messages are retained for up to 12 months. Account data (when Builder launches) is retained for the duration of your account plus 90 days after deletion to allow for recovery.
Third-Party Services
We use the following third-party services that may process your data according to their own privacy policies:
- Stripe — payment processing
- BunnyCDN — content delivery
- Google Fonts — web font delivery (no tracking)
Changes to This Policy
We may update this privacy policy from time to time. Significant changes will be communicated via email to registered users and posted on this page. The "last updated" date at the top reflects the most recent revision.
Contact
Questions about this privacy policy? Contact us at hello@cosastudios.com or use our contact form.