⚠️ This is a draft policy. Legal review pending.
Privacy Policy
Last updated: March 2026
1. Who we are
cosys is a formal correspondence management service for small companies.
We are operated by the cosys team. If you have any questions about this
policy, you can contact us at
hello@mycosys.io.
2. What data we collect
We collect the following categories of data when you use cosys:
-
Account information — your name, email address, and
authentication credentials (managed via AWS Cognito).
-
Company and entity information — the name, registration
details, and branding configuration of companies and legal entities you
set up within cosys.
-
Correspondence metadata — reference numbers, subjects,
senders, recipients, dates, statuses, and notes attached to
correspondence records you create.
-
Uploaded documents — files you attach to correspondence
records. These are stored in our secure document storage.
-
Usage data — basic system logs used for debugging and
service reliability. We do not use tracking cookies or third-party
analytics.
3. How we use your data
We use your data solely to provide the cosys service. Specifically:
- To authenticate you and manage access to your account.
- To store and display your correspondence records and documents.
- To generate correspondence reference numbers.
- To maintain an audit log of changes within your company's account.
- To monitor service health and investigate errors.
We do not sell, rent, or share your data with third parties for marketing
or analytics purposes.
4. Data storage
Your data is stored on Amazon Web Services (AWS) infrastructure. We prefer
EU-region storage (eu-west-1, Ireland) to keep data within the European
Economic Area wherever possible.
Uploaded documents are stored in a private S3 bucket. Access is controlled
via signed URLs that expire after a short period. S3 bucket policies
prohibit public access.
5. Your rights
Under applicable data protection law (including GDPR where it applies),
you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — request correction of inaccurate data.
- Erasure — request deletion of your data ("right to be forgotten").
- Portability — request your data in a machine-readable format.
- Objection — object to processing of your data in certain circumstances.
To exercise any of these rights, contact us at
hello@mycosys.io. We will respond
within 30 days.
Company administrators can also initiate a full company data deletion
(offboarding) from within the cosys platform, which removes all associated
correspondence, documents, and user records.
6. Cookies
cosys uses essential session cookies only. These are required for you to
stay logged in. We do not use tracking cookies, advertising cookies, or
third-party analytics scripts.
7. Contact
For any privacy-related questions or requests, contact us at:
hello@mycosys.io