Early Access

Legal

Privacy Policy

Last updated: 23 April 2026 · Governed by UK GDPR and the Data Protection Act 2018

1. Who we are

COSINE is a product of Blackswan Strategy Partners Limited, a private limited company registered in England and Wales (company number 17158315). Registered office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ. We are the data controller for personal data processed through this website and the COSINE service.

Contact us at: privacy@getcosine.com

2. What data we collect and why

2.1 Data you provide directly

DataPurposeLegal basis
Email address (early access request)To contact you about early access and product updatesLegitimate interests (Art. 6(1)(f))
LinkedIn GDPR export fileTo enrich your network and surface recommendationsContract performance (Art. 6(1)(b))
Declared capability profile (gaps, sectors, levels)To match your skills against company gapsContract performance (Art. 6(1)(b))

2.2 Data we enrich from third-party sources

When you upload a LinkedIn export, we query proprietary commercial databases to enrich the companies in your network with firmographic data (headcount, funding stage, sector, hiring signals). This data relates to companies and their publicly-known leadership, not to private individuals.

Where enrichment surfaces data about named individuals (e.g. "no CTO named"), the source is publicly available professional data. We do not store this data beyond the session unless you save a recommendation.

2.3 Usage data

We collect standard server logs (IP address, browser type, pages visited, timestamps) for security and performance monitoring. We do not use third-party analytics scripts or advertising trackers.

3. How long we keep your data

DataRetention period
Early access emailUntil you unsubscribe or request deletion, or 2 years of inactivity
LinkedIn export fileDeleted after processing (within 24 hours of upload)
Enriched network dataFor the duration of your active subscription, then deleted within 30 days of cancellation
Server logs90 days

4. Who we share data with

We do not sell your data. We share it only with:

  • Infrastructure providers — hosting and database services operating under data processing agreements, with servers located in the UK or EEA.
  • Data enrichment providers — commercial databases queried to enrich company records. Queries contain company names and domains only; your personal details are not shared.
  • Legal or regulatory authorities — if required by law or to protect our legal rights.

Any transfer of personal data outside the UK is protected by UK adequacy regulations or standard contractual clauses.

5. Your rights under UK GDPR

You have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure — ask us to delete your data ("right to be forgotten") where we have no overriding legitimate reason to retain it.
  • Restriction — ask us to pause processing your data in certain circumstances.
  • Portability — receive your data in a machine-readable format.
  • Object — object to processing based on legitimate interests. We will stop unless we can demonstrate compelling grounds.
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing.

To exercise any of these rights, email privacy@getcosine.com. We will respond within one calendar month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

6. Cookies

We use only essential session cookies required for the service to function. We do not use advertising, tracking, or analytics cookies. No cookie consent banner is required.

7. Security

We use TLS encryption for all data in transit. Data at rest is encrypted using AES-256. Access to personal data is restricted to authorised personnel under a need-to-know basis. We conduct periodic security reviews and maintain an incident response process.

If we become aware of a personal data breach that poses a risk to your rights, we will notify the ICO within 72 hours and affected individuals without undue delay where required by UK GDPR.

8. Changes to this policy

We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated by email to active users at least 14 days before they take effect. The “last updated” date at the top of this page will always reflect the current version.