COSI is built on a simple principle: we only store what's necessary to make the product work. We do not track you for advertising.
Effective date: April 5, 2026
We want to be explicit about what COSI does not do:
Your comfort and physiological data is yours. It lives in your personal database. It is never shared with advertisers or used for any purpose other than providing you with the COSI service.
COSI uses minimal, essential storage to make authentication and settings work:
| Storage item | Where | Purpose | Duration |
|---|---|---|---|
| Firebase Auth token | Browser localStorage / app secure storage | Keeps you logged in across sessions. Set automatically by Firebase Authentication. | Until sign-out or token expiry (~1 hour, auto-refreshed) |
| onboarding_complete | SharedPreferences (app only) | Remembers that you completed the onboarding flow so you aren't shown it again. | Persistent until app uninstall or account deletion |
| comfort_goal | SharedPreferences (app only) | Your selected comfort challenge from onboarding, used to personalise the home screen. | Persistent until changed or account deletion |
| space_type | SharedPreferences (app only) | Your space type from onboarding, used to tailor environment suggestions. | Persistent until changed or account deletion |
| privacy_consent_granted | SharedPreferences (app only) | Records that you accepted the data consent during onboarding. Also stored in Firestore. | Persistent until account deletion |
| temperature_unit | SharedPreferences (app only) | Your preferred temperature display unit (°C or °F). | Persistent until changed |
None of the above data is shared with third parties. Firebase Authentication is the only external service that handles authentication cookies, and it operates under Google's Firebase Privacy Policy.
COSI uses Firebase Authentication (by Google) to manage user accounts. Firebase sets a minimal authentication session cookie/token in your browser when you sign in on the web, and in secure device storage when using the app.
This token is used exclusively to authenticate your requests to COSI's backend. It is not used to track your browsing across other websites, and it is not shared with advertisers.
For more information on how Firebase handles authentication data, see the Firebase Privacy and Security documentation.
You can remove COSI's stored data at any time:
In the COSI app:
Go to Profile → Account Settings → Delete Account to permanently delete all your account data, including all Firestore records and app preferences. Alternatively, clearing your app's data/cache in your phone's settings will remove local SharedPreferences.
In your web browser (if you've used COSI on the web):
Clear browser storage by going to your browser settings → Privacy → Clear Browsing Data → Cookies and Site Data. This will sign you out of any web-based COSI session.
On iOS: Delete the COSI app to remove all local storage.
On Android: Go to Settings → Apps → COSI → Storage → Clear Data.
If you have questions about this Cookie & Tracking Policy or how COSI handles your data, contact us:
Email: hello@somacomfort.com
Privacy Policy: somacomfort.com/privacy