Cosmetica

Privacy Policy

Last updated: March 23, 2026

1.Introduction

Welcome to Cosmetica ("we," "our," or "us"). Cosmetica is an AI-powered cosmetic regulatory compliance platform available at getcosmetica.com. We provide tools for formulation analysis, multi-market regulatory compliance, ingredient intelligence, and label generation for the global beauty and personal care industry.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, website, and related services (collectively, the "Service"). By using our Service, you consent to the data practices described in this policy.

2.Information We Collect

2.1 Account Information

When you create an account, we collect information that identifies you, including:

  • Full name and email address
  • Company or organization name
  • Job title and role
  • Password (stored in hashed form; we never store plaintext passwords)

2.2 Product and Formulation Data

To provide our regulatory compliance services, we collect and process product and formulation data that you upload or enter into the platform, including:

  • Product names, descriptions, and categories
  • Ingredient lists, concentrations, and formulation details
  • Label text and packaging information
  • Regulatory submission data and compliance records

2.3 Usage and Analytics Data

We automatically collect certain information when you use our Service, including:

  • Pages visited, features used, and actions taken within the platform
  • Browser type, operating system, and device information
  • IP address and approximate geographic location
  • Referring URLs and search terms used to find our site
  • Session duration and interaction patterns

2.4 Payment Information

Payment processing is handled entirely by Stripe, Inc. We do not directly collect, store, or process your credit card numbers or bank account details. Stripe may collect your payment card number, expiration date, billing address, and related financial information. Please refer to Stripe's Privacy Policy for details on how they handle your payment data.

2.5 Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Service, remember your preferences, and analyze usage patterns. See Section 8 for more details on our cookie practices.

3.How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Operating the Service

  • Creating and managing your account
  • Processing your formulation data to generate compliance analyses
  • Generating regulatory reports, labels, and compliance documentation
  • Providing customer support and responding to your requests

3.2 Compliance Analysis

  • Analyzing your formulations against global regulatory databases
  • Identifying restricted or prohibited ingredients for target markets
  • Generating compliance recommendations and risk assessments

3.3 Improving the Service

  • Understanding how users interact with our platform
  • Identifying bugs, errors, and performance issues
  • Developing new features and improving existing functionality
  • Conducting aggregated, anonymized analytics

3.4 Communications

  • Sending transactional emails (account verification, password resets, billing receipts)
  • Providing regulatory updates and alerts relevant to your products
  • Sharing product updates, feature announcements, and educational content (with your consent)

3.5 Legal Compliance

  • Complying with applicable laws, regulations, and legal processes
  • Enforcing our Terms of Service and other agreements
  • Protecting the rights, safety, and property of Cosmetica, our users, and the public

4.Data Storage & Security

We take the security of your data seriously and implement industry-standard measures to protect it:

  • Infrastructure: Our Service is hosted on Amazon Web Services (AWS) infrastructure with data centers located in the United States.
  • Encryption at Rest: All data stored in our databases and file storage systems is encrypted at rest using AES-256 encryption.
  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
  • Access Controls: We enforce strict access controls and least-privilege principles for our employees and systems.
  • SOC 2 Compliance: Our infrastructure and practices are aligned with SOC 2 Type II standards for security, availability, and confidentiality.
  • Regular Audits: We conduct regular security assessments, vulnerability scans, and penetration testing.

While we strive to protect your data, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

5.Data Sharing

We do not sell your personal information or formulation data to third parties. We share data only in the following limited circumstances:

5.1 Payment Processing

We share necessary billing information with Stripe, Inc. to process subscription payments and manage your billing account.

5.2 Cloud Infrastructure

Your data is stored on Amazon Web Services (AWS) infrastructure. AWS acts as a data processor and is contractually bound to protect your data.

5.3 AI Analysis Providers

To perform regulatory compliance analysis, your formulation data may be sent to AI providers, including Anthropic (via AWS Bedrock), for processing and analysis. These providers process data according to their enterprise data processing agreements and do not retain your data for model training purposes.

5.4 Analytics

We use analytics services to understand how our Service is used. These services collect aggregated, anonymized usage data. They do not receive access to your formulation data or personally identifiable information beyond standard web analytics (e.g., page views, browser type).

5.5 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal process, such as a subpoena, court order, or government request.

6.Your Formulation Data

Our Commitment to Your Formulation Data

We understand that formulation data represents valuable trade secrets and proprietary intellectual property. We treat your formulation data with the highest level of confidentiality:

  • Treated as confidential trade secrets. Your formulation data is treated with the same level of protection as trade secrets under applicable law.
  • Strictly isolated per organization. Each organization's data is logically isolated. No organization can access another's formulation data, analyses, or products.
  • Never shared between tenants. We maintain strict multi-tenant data isolation. Your data is never commingled with or exposed to other customers.
  • Not used to train AI models. Your formulation data is never used to train, fine-tune, or improve any AI or machine learning models. It is processed solely to provide you with compliance analysis results.

You retain full ownership of all formulation data you upload to the Service. We claim no intellectual property rights over your data.

7.Your Rights

Depending on your location, you may have the following rights regarding your personal data under applicable privacy laws including the GDPR and CCPA/CPRA:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Correction: Request correction of inaccurate or incomplete personal data.
  • Right to Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Right to Export: Receive your data in a structured, commonly used, machine-readable format.
  • Right to Portability: Transfer your data to another service provider where technically feasible.
  • Right to Object: Object to certain processing activities, including direct marketing.
  • Right to Restrict Processing: Request that we limit how we use your data in certain circumstances.

To exercise any of these rights, please contact us at privacy@getcosmetica.com. We will respond to your request within 30 days.

8.Cookies

We use cookies and similar tracking technologies to operate and improve our Service:

8.1 Essential Cookies

Required for the Service to function properly. These include session cookies for authentication, CSRF protection tokens, and load balancer cookies. You cannot opt out of essential cookies.

8.2 Analytics Cookies

Help us understand how visitors interact with our website and platform. These cookies collect aggregated, anonymized data such as pages visited, time on site, and feature usage. You may opt out of analytics cookies through your browser settings or our cookie preferences.

8.3 Preference Cookies

Remember your settings and preferences, such as your preferred language, dashboard layout, and display options. These cookies improve your experience but are not strictly necessary.

9.Data Retention

We retain your data according to the following principles:

  • Active Accounts: Your account data, formulation data, and analysis history are retained for as long as your account is active and your subscription is in good standing.
  • Account Closure: When you close your account or request deletion, we will delete or anonymize your personal data and formulation data within 30 days. Certain data may be retained longer where required by law (e.g., billing records for tax compliance).
  • Backups: Encrypted backups may contain your data for up to 90 days after deletion, after which they are permanently purged.

10.Children's Privacy

Our Service is designed for business professionals and is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal data, please contact us at privacy@getcosmetica.com.

11.International Transfers

Your data is processed and stored in the United States. If you are located outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States where our servers are located and our central database is operated.

For transfers of personal data from the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on the EU-US Data Privacy Framework (DPF) and applicable Standard Contractual Clauses (SCCs) to ensure adequate protection of your data. We are committed to complying with the DPF principles regarding the collection, use, and retention of personal information transferred from these regions.

12.Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you via email at the address associated with your account and update the "Last updated" date at the top of this page.

We encourage you to review this policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

13.Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Cosmetica

Privacy Inquiries

Email: privacy@getcosmetica.com

Website: getcosmetica.com

This Privacy Policy is effective as of March 23, 2026. For previous versions, please contact us at privacy@getcosmetica.com.