Privacy Policy

Mosaic Singularity Inc. (“Company,” “we,” “us,” or “our”) operates Permission Zero, a personal operating system platform available via web, iOS, Android, telephone, and SMS (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access or use the Service. By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide Directly

• Account Information. When you create an account, we collect your first name, last name, and email address.
• Phone Number. We collect your phone number for identity verification and, where you opt in, to deliver Service communications via SMS.
• Preferences and Configuration. We collect the choices you make when configuring the Service, including your selected AI personality, voice preference, and personal operating system name.
• Payment Information. Payment processing is handled by Stripe, Inc. (“Stripe”). We do not receive or store your full credit card number, CVV, or banking credentials. We receive a tokenized payment method identifier, billing cycle preference, and subscription status from Stripe. Stripe’s collection and use of your payment information is governed by the Stripe Privacy Policy.
• Communications. When you contact our support team or interact with the Service, we may collect the content of those communications.
• Marketing Preferences. Where you opt in, we record your consent to receive marketing communications via email and/or SMS.

1.2 Information Collected Automatically

• Device and Usage Data. We may collect information about the device and browser you use to access the Service, including IP address, operating system, browser type, referring URLs, pages viewed, and timestamps.
• Cookies and Similar Technologies. We use strictly necessary cookies to maintain session state and authentication. We do not use third-party advertising cookies. For more information, see Section 8 below.

1.3 Information from Third Parties

We may receive limited information from third-party service providers (such as Stripe) necessary to maintain your subscription and process payments. We do not purchase data about you from data brokers.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To create and maintain your account and provide the Service.
• To personalize your experience, including your AI personality and voice preferences.
• To process payments, manage subscriptions, and administer free trials.
• To verify your identity through email and phone verification.
• To communicate with you about your account, including transactional notifications.
• To send marketing communications where you have provided explicit consent.
• To respond to your support inquiries and requests.
• To detect, prevent, and address fraud, security incidents, and technical issues.
• To comply with legal obligations and enforce our Terms of Use.
• To improve, analyze, and develop the Service.

3. Legal Bases for Processing (EEA/UK Users)

If you are located in the European Economic Area or the United Kingdom, our legal bases for processing your personal data are:

• Performance of a Contract. Processing necessary to provide the Service under our Terms of Use.
• Consent. Where you have opted in to marketing communications or SMS messaging.
• Legitimate Interests. Processing necessary for fraud prevention, security, and improving the Service, where those interests are not overridden by your rights.
• Legal Obligation. Processing necessary to comply with applicable law.

4. How We Share Your Information

We do not sell your personal information. We may share your information only in the following circumstances:

• Service Providers. With trusted third-party vendors who process data on our behalf to operate the Service (e.g., Stripe for payment processing, cloud hosting providers, SMS delivery services). These providers are contractually obligated to use your data only as directed by us and in accordance with this policy.
• Legal Requirements. When required by law, regulation, legal process, or governmental request.
• Protection of Rights. When we believe disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.
• Business Transfers. In connection with a merger, acquisition, reorganization, or sale of assets, in which case your information may be transferred as a business asset. We will provide notice before your information is subject to a different privacy policy.
• With Your Consent. In any other circumstances where you have given explicit consent.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you close your account, we will delete or anonymize your personal data within ninety (90) days, except where retention is required by law (e.g., tax and accounting records) or necessary to resolve disputes, enforce our agreements, or protect our legal rights. Payment records may be retained as required by applicable financial regulations.

6. Data Security

We implement industry-standard administrative, technical, and physical safeguards designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS 1.2+) and at rest, access controls, regular security assessments, and secure software development practices. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

7. Your Rights and Choices

7.1 All Users

• Access and Portability. You may request a copy of the personal data we hold about you in a structured, commonly used, machine-readable format.
• Correction. You may request correction of inaccurate or incomplete personal data.
• Deletion. You may request deletion of your personal data, subject to certain exceptions required by law.
• Marketing Opt-Out. You may withdraw consent to marketing communications at any time by following the unsubscribe instructions in any marketing message or by contacting us at the address below.
• SMS Opt-Out. You may opt out of SMS communications at any time by replying STOP to any SMS message or by contacting us.

7.2 EEA/UK Residents (GDPR)

In addition to the rights above, you have the right to:

• Restrict processing of your personal data in certain circumstances.
• Object to processing based on our legitimate interests.
• Withdraw consent at any time where processing is based on consent.
• Lodge a complaint with your local data protection authority.

7.3 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act:

• The right to know what personal information we collect, use, and disclose.
• The right to request deletion of your personal information.
• The right to opt out of the sale or sharing of personal information. We do not sell or share your personal information as defined by the CCPA/CPRA.
• The right to non-discrimination for exercising your privacy rights.

To exercise any of these rights, please contact us using the information in Section 13. We will respond to verifiable requests within the timeframes required by applicable law.

8. Cookies and Tracking Technologies

The Service uses strictly necessary cookies to maintain authentication state and session functionality. These cookies are essential for the operation of the Service and cannot be disabled. We do not use third-party advertising or behavioral tracking cookies. We do not participate in cross-site tracking. If we introduce optional analytics cookies in the future, we will update this policy and obtain your consent where required by law.

9. SMS and Telephone Communications

By providing your phone number and opting in, you consent to receive the following types of communications:

• Transactional SMS. Verification codes, account security alerts, and service notifications.
• Service Communications. Messages from your Personal OS, including alignment prompts and check-ins.
• Marketing SMS (opt-in only). Promotional messages, product updates, and community announcements. You may opt out at any time by replying STOP.

Message and data rates may apply. Message frequency varies. Consent to receive SMS is not a condition of purchase. For help, reply HELP or contact us at the address below.

10. Children’s Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal data from a child without verification of parental consent, we will take steps to delete that information.

11. International Data Transfers

Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that are different from those of your jurisdiction. Where we transfer personal data outside the EEA or UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or other lawful transfer mechanisms.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on this page with a revised “Last Updated” date and, where required by law, by email or in-app notification. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised policy. We encourage you to review this page periodically.

13. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have a complaint, please contact us at: