Cosmos
Client Portal
Home Features Pricing Support Client Portal

Compliance

Data Processing & GDPR

How Cosmos handles, protects, and processes customer data.

Roles & responsibilities

  • Cosmos acts as a data processor for customer instances.
  • Each customer is the data controller for their own tenant data.
  • Data location: EU/UK hosting where possible; details available on request.

Security & access

  • Per-tenant isolation with role-based access controls.
  • Encrypted in transit (HTTPS) and encrypted secrets at rest.
  • Audit trails for key actions (support, billing, platform changes).

Data subject rights

  • Access, correction, deletion requests are supported via customer controllers.
  • Export on request (CSV/JSON) for user data where applicable.
  • Retention policies configurable by the controller.

Subprocessors

A minimal set of vetted providers (e.g., hosting, email delivery, payments). Full list available on request; customers will be notified of material changes.

Incident response

Security incidents are triaged promptly with customer notification for any data impact. Backups and disaster recovery are tested periodically.