CM
CosmoMET
About
Sign In

Privacy Policy

Last updated: March 27, 2026

Overview

CosmoMET ("the Service") is a personal project operated by a single individual. It is not a commercial enterprise. This policy explains what data we collect, why, and how it is handled.

The short version: we collect only what's necessary to make the app work, we don't sell or share your data with anyone, and we don't use analytics or advertising trackers.

What We Collect

Account Information

  • Email address (used for login only)
  • Hashed password (we cannot read your password)

Fitness Data

  • Activity entries (exercises, sets, reps, duration)
  • Body weight logs
  • Computed daily summaries (step-equivalents, calories)

Technical Data

  • Session cookies (for authentication only, not tracking)
  • Standard server logs (IP address, timestamp, request path) retained for up to 30 days for security purposes

What We Do NOT Collect

  • No analytics or tracking scripts (no Google Analytics, no Mixpanel, no Plausible)
  • No advertising identifiers or pixels
  • No third-party cookies
  • No device fingerprinting
  • No location data
  • No health data beyond what you explicitly enter
  • No data from other apps or services

How Your Data Is Used

Your data is used exclusively to:

  • Authenticate you and maintain your session
  • Calculate and display your step-equivalents, trends, and progress
  • Adjust step-equivalent values based on your recorded body weight

Your data is never sold, shared, rented, or provided to any third party for any purpose.

Data Storage and Security

  • Data is stored in a PostgreSQL database on a self-hosted server
  • The server is located in the United States
  • All connections use HTTPS encryption (via Cloudflare)
  • Passwords are hashed using industry-standard algorithms (bcrypt/scrypt)
  • The database is not accessible from the public internet

As a self-hosted, single-operator service, there are no third-party cloud providers with access to your data. The database runs on the same private network as the application.

Data Retention

Your fitness data is retained for as long as your account exists. If you request account deletion, all associated data (activity entries, weight logs, daily summaries) will be permanently deleted within 30 days.

Server logs are automatically purged after 30 days.

Your Rights

You have the right to:

  • Access — request a copy of all data associated with your account
  • Correction — request corrections to inaccurate data
  • Deletion — request permanent deletion of your account and all data
  • Export — request your data in a portable format

To exercise any of these rights, contact: [email protected]

Children's Privacy

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect data from minors. If you believe a minor has created an account, please contact us immediately.

Changes to This Policy

This policy may be updated from time to time. Changes will be posted on this page with an updated date. We encourage you to review this page periodically.

Contact

For privacy-related questions or requests, contact: [email protected]

See also: Terms of Service · Medical Disclaimer