aikoo — Privacy Policy

(COSA, Inc.)

Last Updated: February 5, 2026

This Privacy Policy ("Policy") describes how COSA, Inc. ("Company," "we," "us," or "our") collects, uses, stores, and shares information in connection with the AI character-based chat service known as "aikoo", including our websites, mobile applications, and related services (collectively, the "Services").

By accessing or using the Services, you acknowledge that you have read and understood this Policy.

1. Scope and Applicability

This Policy applies to all users of the Services, including registered users and individuals who access or use the Services without creating an account ("Guest Users").

This Policy should be read together with the aikoo Terms of Service. In the event of a conflict, the applicable provisions of the Terms of Service shall govern, except where this Policy provides additional or more specific protections regarding personal information.

2. Information We Collect

The information we collect depends on how you interact with the Services. We collect information that you provide directly, information collected automatically through your use of the Services, and information obtained from third parties where permitted by law.

2.1 Information You Provide Directly

We may collect information you voluntarily provide, including:

  • Account and Profile Information — Such as username, display name, email address, profile details, and authentication information.
  • User-Generated Content — Such as chat messages, prompts, conversation history, posts, images, audio, or other content you submit through the Services.
  • Communications — Such as inquiries, customer support messages, feedback, or other communications you send to us.

Please note that due to the nature of the Services, the content you voluntarily submit may include personal or sensitive topics (for example, emotional state, relationships, or financial concerns). You are responsible for the information you choose to share.

2.2 Information Collected Automatically

When you access or use the Services, we may automatically collect certain information, including:

  • Device and Technical Information — Such as IP address, device identifiers, operating system, browser type, app version, and language settings.
  • Usage and Interaction Data — Such as access times, pages or features used, session duration, navigation patterns, and interaction logs.
  • Log and Metadata Information — Including system logs, error reports, and performance metrics.

We may use cookies, SDKs, and similar technologies to collect this information. Additional details are provided in our Cookie Policy, where applicable.

Advertising and Analytics Technologies

We may work with third-party analytics and advertising service providers to help us understand usage of the Services, measure performance, improve user experience, and support business operations. These providers may use cookies, device identifiers, or similar technologies in accordance with applicable law. Information collected through these technologies is used in aggregated or de-identified form where possible.

2.3 Information from Third Parties

We may receive limited information from third parties, including:

  • Third-Party Authentication Providers — Such as Google or Apple, if you choose to sign in using those services, subject to your permissions.
  • Service Providers and Partners — Including payment processors, analytics providers, and infrastructure vendors, in connection with providing and improving the Services.
  • Public or Referral Sources — Such as referrals from other users or publicly available information, where permitted by law.

2.4 Information We Do Not Intentionally Collect

The Services are not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe that a child has provided personal information to us, please contact us so we can take appropriate action.

3. Required Information and Service Availability

Certain information is necessary to provide the Services. If you choose not to provide required information, or request deletion of such information, some features or the entire Services may become unavailable to you.

4. How We Use Information

We use the information we collect for the following purposes, to the extent permitted by applicable law:

  • Service Provision and Operation — To provide, operate, maintain, and support the Services, including account creation, authentication, customer support, and core functionality.
  • AI Response Generation and Improvement — To process user inputs in order to generate AI-driven responses, and to improve the quality, safety, relevance, and performance of our AI systems. This may include analyzing user interactions and AI-generated outputs in aggregated or de-identified form.
  • Service Improvement and Development — To analyze usage trends, diagnose technical issues, develop new features, enhance user experience, and optimize system performance.
  • Security and Safety — To detect, prevent, investigate, and respond to fraud, abuse, security incidents, violations of our Terms of Service, and other harmful or unauthorized activities.
  • Communications — To communicate with you regarding your account, service updates, policy changes, security notices, and customer support matters. Where permitted by law, we may also send service-related announcements or informational messages.
  • Billing and Transactions — To process payments, manage subscriptions, maintain transaction records, and respond to billing-related inquiries.
  • Legal and Compliance Purposes — To comply with applicable laws, regulations, legal processes, and governmental requests, and to protect the rights, safety, and property of the Company, our users, and others.
  • Business Operations — To support internal business operations, including audits, reporting, analytics, corporate transactions, and business planning.

We may combine information collected through the Services with information obtained from other lawful sources in order to support service functionality, improve AI performance, enhance security, and optimize user experience.

5. AI Processing and Training

User inputs and interactions may be processed by artificial intelligence systems operated by the Company or by trusted third-party service providers acting on our behalf.

We may use user inputs, usage data, and AI-generated outputs in aggregated, anonymized, or de-identified form for purposes including, but not limited to:

  • improving the quality, accuracy, reliability, and safety of our AI models;
  • testing, evaluating, and validating AI systems;
  • conducting research and development of new models, features, and technologies; and
  • preventing misuse and enhancing trust and safety mechanisms.

We do not use user content in a manner that identifies you personally for targeted advertising or profiling.

However, we may use aggregated, anonymized, or de-identified information derived from user interactions to support analytics, service optimization, advertising performance measurement, and business insights. Any advertising-related use of information is conducted in compliance with applicable law and subject to the user rights and choices described in this Privacy Policy.

6. Aggregated and De-Identified Data

We may create aggregated, anonymized, or de-identified data derived from personal information or user interactions.

Such data does not reasonably identify you as an individual. We may use and share this data for lawful purposes, including analytics, AI training, research, marketing insights, benchmarking, and business development.

We do not attempt to re-identify de-identified data except to verify that it remains properly de-identified.

7. Public or Shared Content

Certain features of the Services may allow you to make content, characters, or interactions publicly available or accessible to other users.

If you choose to make content public or share it with others, you acknowledge that such content may remain available even if you modify or delete your account, to the extent necessary to preserve the experience of other users.

We will not display personally identifiable information as part of public content unless you explicitly choose to include it.

8. Legal Bases for Processing

Where required by applicable law, we process personal information based on one or more of the following legal grounds:

  • Your consent
  • Performance of a contract or steps taken at your request prior to entering into a contract
  • Compliance with legal obligations
  • Legitimate business interests, such as improving the Services, ensuring security, and preventing misuse, where such interests are not overridden by your rights

If you have questions about the legal basis for specific processing activities, you may contact us using the information provided in this Policy.

9. How We Share Information

We may share information we collect in the following circumstances, to the extent permitted by applicable law:

Affiliates

We may share information with our parent company, COSA, Inc., and our affiliates for purposes consistent with this Privacy Policy, including service operation, security, compliance, and improvement.

Service Providers and Vendors

We may share information with trusted third-party service providers who perform services on our behalf, such as cloud hosting, payment processing, AI infrastructure, analytics, customer support, security monitoring, and content moderation. These providers are contractually required to use information only as necessary to provide services to us and to protect it appropriately.

Legal and Safety Reasons

We may disclose information if we believe in good faith that such disclosure is necessary to:

  • comply with applicable laws, regulations, legal processes, or governmental requests;
  • enforce our Terms of Service or other agreements;
  • protect the rights, property, or safety of the Company, our users, or others.

Business Transfers

In connection with a merger, acquisition, reorganization, financing, or sale of all or a portion of our business or assets, information may be disclosed or transferred as part of that transaction, subject to appropriate confidentiality protections.

With Your Direction or Consent

We may share information with third parties when you explicitly direct us to do so or provide your consent.

10. International Data Transfers

The Services are operated globally. Your information may be transferred to, stored, or processed in countries outside of your state, province, or country of residence, including the United States and Japan.

Where required by applicable law, we take appropriate safeguards to ensure that international transfers of personal information provide an adequate level of protection, such as contractual protections and security measures.

11. Data Retention

We retain personal information for only as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by applicable law.

Retention periods may vary depending on factors such as:

  • the nature and sensitivity of the information;
  • the purposes for which the information is processed;
  • applicable legal, regulatory, or contractual requirements; and
  • the need to resolve disputes, enforce agreements, or ensure the security and integrity of the Services.

When personal information is no longer necessary for these purposes, we will delete, anonymize, or de-identify it, subject to reasonable technical and operational limitations.

Business and Legal Retention

In certain circumstances, we may retain specific information for legitimate business or legal purposes, including:

  • maintaining the continuity of shared or public content;
  • ensuring service stability and functionality;
  • preventing fraud, abuse, or other misuse of the Services;
  • resolving disputes and enforcing our agreements; and
  • complying with applicable laws and legal obligations.

Where feasible, such retained information will be subject to appropriate access controls, data minimization practices, and periodic review. In all cases, retained information will be limited to what is reasonably necessary for the applicable purpose and protected in accordance with this Privacy Policy.

12. Data Security

We implement reasonable administrative, technical, and organizational measures designed to protect personal information against unauthorized access, disclosure, alteration, or destruction.

These measures may include access controls, encryption, monitoring, and internal policies. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

13. Children's Privacy

The Services are not intended for children under the age of 13.

We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it promptly.

If you believe that a child under 13 has provided personal information to us, please contact us using the contact details provided in this Privacy Policy.

14. Your Rights and Choices

Depending on your location and applicable law, you may have certain rights regarding your personal information, including the right to:

  • access personal information we hold about you;
  • request correction or updating of inaccurate information;
  • request deletion of certain personal information;
  • object to or restrict certain processing activities;
  • withdraw consent where processing is based on consent.

We may need to verify your identity before responding to requests, and certain information may be exempt from requests as permitted by law. Requests may be submitted using the contact information provided in this Privacy Policy.

15. U.S. State Privacy Rights

Depending on your state of residence, you may have additional rights under applicable U.S. privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively, "CCPA/CPRA"), and similar state laws.

These rights may include the right to:

  • know the categories of personal information we collect, use, disclose, and share;
  • access specific pieces of personal information we have collected about you;
  • request deletion of personal information, subject to legal exceptions;
  • request correction of inaccurate personal information;
  • opt out of certain uses of personal information, such as targeted advertising where applicable;
  • limit the use or disclosure of sensitive personal information, where required by law;
  • not be discriminated against for exercising your privacy rights.

We will not deny services, charge different prices, or provide a different level or quality of service solely because you exercise your rights under applicable privacy laws.

16. California Privacy Notice

For purposes of the CCPA/CPRA, we collect the following categories of personal information, as defined by California law:

  • identifiers, such as name, email address, or account identifiers;
  • internet or other electronic network activity information, such as usage data, device information, and log data;
  • commercial information, such as purchase and subscription history;
  • user-generated content, including chat messages and interactions;
  • inferences drawn from the use of the Services to improve functionality and user experience.

We collect this information for the purposes described in this Privacy Policy, including service operation, security, analytics, research, and improvement.

We do not sell personal information in exchange for monetary consideration. We do not knowingly sell or share the personal information of consumers under 16 years of age.

17. Do Not Sell or Share

We do not sell personal information as defined under the CCPA/CPRA.

We may share limited information with service providers and partners for analytics, infrastructure, security, and service improvement purposes, but such sharing is conducted under contractual restrictions and does not constitute a sale of personal information under applicable law.

If applicable law changes our obligations regarding "sale" or "sharing," we will update this Privacy Policy accordingly.

18. Exercising Your Rights

You or an authorized agent may submit a request to exercise your privacy rights by contacting us using the information below.

To protect your privacy and security, we may require verification of your identity before processing a request. Authorized agents may be required to provide proof of authorization.

We will respond to verified requests within the timeframes required by applicable law.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or business operations.

When we make material changes, we will provide notice as required by law, such as by posting an updated version on our Services or by other appropriate means. The "Last Updated" date at the top of this Privacy Policy indicates when it was most recently revised.

20. Contact Information

If you have questions about this Privacy Policy, our information practices, or wish to exercise your privacy rights, please contact us at:

COSA, Inc.

Email: support@mail.aikoo.me

If you are contacting us regarding privacy rights under U.S. law, please include sufficient information for us to verify your request.