Privacy Policy

Cosmos App by EpicRecap
Effective Date: April 9, 2026
Last Updated: April 9, 2026

1. Introduction

Welcome to Cosmos (“the App”), operated by EpicRecap (“we,” “us,” or “our”), a business owned by Jhawahar Raju, based in Coimbatore, Tamil Nadu, India. This Privacy Policy explains how we collect, use, store, protect, and share your personal information when you use the Cosmos App and its associated services, including our website at cosmos.epicrecap.com.

By creating an account or using the App, you agree to the collection and use of your information as described in this Privacy Policy. If you do not agree, please do not use the App.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Name, email address, phone number, and password when you create an account.
• Profile Information: Bio, location, profile photo, and any other details you choose to add to your profile.
• Coaching Application Data: Goals, reasons for joining, preferred plan duration, and other information submitted through coaching program applications (GBL, Elite Club).
• Assessment Responses: Answers to life assessment questionnaires covering six categories (Self, Health, Relationship, Wealth, Money, Career), including numerical ratings and open-ended responses.
• Journal Entries: Mood selections, energy levels, and written reflections you record in your journal.
• Gratitude Entries: Text entries submitted through the gratitude feature.
• Community Content: Posts, comments, reactions, and other content you create or share within the community.
• Practice Data: Records of which daily practices you complete, your streaks, and your progress.
• Messages: Communications between you and your coach within the App.
• Support and Feedback: Messages submitted through the support and feedback features within the App.
• Payment Information: When making payments through Razorpay or other payment gateways, your payment details are processed by the respective payment provider. We store transaction references, amounts, and payment status — not your full card or bank account details.

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, time spent in the App, practice completion patterns, course progress, and engagement metrics.
• Device Information: Device type, operating system, browser type, and screen resolution.
• Log Data: IP address, access times, and error logs for debugging and security purposes.
• Cookies and Local Storage: The App uses local storage to save your theme preference (light/dark mode) and session data. We do not use third-party advertising cookies.

2.3 Information from Third Parties

• Zoho Billing: Subscription status, plan details, and billing cycle information for managing your membership tier.
• Razorpay: Payment confirmation and transaction status for self-serve purchases.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Providing the Service: To operate the App, manage your account, deliver coaching services, track your practice progress, and enable community features.
• Personalization: To customize your experience, including practice recommendations, course suggestions, and daily content.
• Coaching Services: To allow your assigned coach to view your assessment scores, practice completion, journal entries (where applicable), and progress data to provide personalized guidance.
• Communication: To send you notifications about practice reminders, coach messages, application status updates, subscription changes, and important service updates.
• Analytics and Improvement: To understand how users interact with the App, identify popular features, detect issues, and improve the overall experience.
• AI-Powered Features (Future): To generate personalized monthly progress reports (Cosmic Blueprint), provide AI-based insights and recommendations, and create nudges based on your activity patterns.
• Security: To detect and prevent fraud, abuse, and unauthorized access.
• Legal Compliance: To comply with applicable laws, regulations, and legal obligations.

4. Data Sharing and Disclosure

4.1 We Do NOT Sell Your Data

Your personal data will never be sold to third parties. Your data will not be used for promotions, advertisements, or marketing campaigns outside of EpicRecap and the Cosmos App.

4.2 Who We May Share Data With

We may share your information with the following parties, strictly for the purposes of operating and improving the App:

• Your Assigned Coach (Jey / EpicRecap): If you are enrolled in a coaching program (GBL or Elite Club), your coach has access to your assessment scores, practice completion data, journal entries, call history, and messaging within the App.
• Service Providers and Stakeholders: We may share data with trusted third parties who are directly involved in the design, development, hosting, and maintenance of the App and its servers. These parties include our hosting provider (Vercel), database provider (Supabase), payment processors (Razorpay, Zoho Billing), and any development collaborators working on the App. All such parties are bound by confidentiality obligations.
• Legal Requirements: We may disclose your information if required to do so by law, court order, or governmental authority.

4.3 Community Content Visibility

Content you post in community spaces (posts, comments, reactions) is visible to other community members based on their tier access. Your profile information (name, bio, location, tier, badges, recognitions, streak) is visible to other members. Personal coaching data (assessment scores, journal entries, coach notes, call history, prescribed practices) is private and never visible to other community members.

5. Data Storage and Security

5.1 Where Your Data Is Stored

Your data is stored on secure servers managed by Supabase (database) and Vercel (application hosting). These providers use industry-standard security measures including encryption in transit (HTTPS/TLS) and at rest.

5.2 Security Measures

We take reasonable measures to protect your personal information, including:

• Encrypted data transmission using HTTPS/TLS.
• Row Level Security (RLS) policies on all database tables ensuring users can only access their own data.
• Secure authentication using Supabase Auth with hashed passwords.
• Environment variable protection for API keys and secrets.
• Access controls limiting data access to authorized personnel only.

5.3 Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users within 72 hours of becoming aware of the breach, where feasible, and will take prompt action to mitigate any harm.

5.4 No Absolute Guarantee

While we strive to protect your data using commercially reasonable measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our services. Specifically:

• Account Data: Retained while your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.
• Coaching Data: Assessment responses, call history, and coaching notes are retained for the duration of your coaching program and for 12 months after program completion for continuity purposes.
• Community Content: Posts and comments you create remain in the community even if you delete your account, but will be anonymized (author shown as “Deleted Member”).
• Usage Analytics: Aggregated and anonymized usage data may be retained indefinitely for analytical purposes.
• Payment Records: Transaction records are retained as required by Indian tax and financial regulations.

7. Your Rights

You have the following rights regarding your personal data:

• Access: You can request a copy of the personal data we hold about you.
• Correction: You can update or correct your personal information through your profile settings or by contacting us.
• Deletion: You can request deletion of your account and associated personal data by contacting us at the email address below.
• Data Portability: You can request your data in a commonly used, machine-readable format.
• Withdrawal of Consent: You can withdraw your consent for data processing at any time by discontinuing use of the App and requesting account deletion.
• Opt-Out of Communications: You can opt out of non-essential notifications through the App settings.
• Grievance Redressal: If you have concerns about how your data is handled, you may contact our grievance officer at the email address below. We will acknowledge your concern within 48 hours and aim to resolve it within 30 days.

To exercise any of these rights, contact us at accounts@epicrecap.com or through the support section within the App.

8. Children's Privacy

The Cosmos App is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal data, we will take steps to delete such information promptly.

9. Third-Party Links and Services

The App may contain links to external services (such as Google Calendar for call scheduling, YouTube for course videos, or payment gateways). These third-party services have their own privacy policies, and we are not responsible for their data practices.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the “Last Updated” date at the top. For significant changes, we will notify you via in-app notification or email.

11. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of India, including the Information Technology Act, 2000, and the Digital Personal Data Protection Act, 2023 (DPDPA), as applicable. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the courts in Coimbatore, Tamil Nadu, India.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

EpicRecap
Owner: Jhawahar Raju
Email: accounts@epicrecap.com
Website: www.epicrecap.com
App: cosmos.epicrecap.com
Location: Coimbatore, Tamil Nadu, India

This policy has been prepared as a good-faith effort toward compliance with applicable Indian laws including the Digital Personal Data Protection Act, 2023 (DPDPA).