Privacy Policy

Last updated: March 30, 2026

Cosmic Reach Creative (“we,” “us,” or “our”) respects your privacy. This policy describes how we collect, use, and protect information when you visit our website or use our services.

Information We Collect

We collect information in the following ways:

  • Contact forms: When you submit a contact or audit intake form, we collect your name, email address, company name, and any details you provide about your business.
  • Booking system: When you book a session, we collect your name, email, and any notes you include. We use Google Calendar to schedule meetings and Google Meet for video calls.
  • Payment processing: Payments are processed securely through Stripe. We do not store credit card numbers on our servers. Stripe's privacy policy governs payment data handling.
  • Analytics: We use Google Analytics (GA4) with anonymized IP addresses to understand how visitors use our site. This data helps us improve the experience and does not personally identify you.
  • CTA tracking: We track which buttons and calls-to-action are clicked to understand user behavior. This data is aggregated and does not include personal information.
  • Mission Control accounts: If you create a Mission Control workspace, we collect your name, email address, and a hashed password. Passwords are stored using bcrypt encryption and are never stored in plain text. We also store session tokens to keep you signed in.
  • Two-factor authentication: If you enable two-factor authentication, we store an encrypted TOTP secret used to verify your authenticator app codes. We do not have access to your authenticator app.
  • Third-party API keys: Mission Control users may provide their own API keys for integrations. These are encrypted using AES-256-GCM with PBKDF2 key derivation and stored securely. Keys are only decrypted server-side when making API calls on your behalf.

How We Use Your Information

We use the information we collect to:

  • Respond to inquiries and manage bookings
  • Deliver services including audits, reports, and strategy sessions
  • Send booking confirmations and service-related communications
  • Improve our website and services based on usage patterns

We do not sell, rent, or share your personal information with third parties for marketing purposes.

Data Storage & Security

Your data is stored securely using industry-standard encryption. Form submissions and booking data are stored in a secured database hosted by Neon (PostgreSQL). We use Resend for transactional email delivery. All data transmission uses HTTPS encryption.

Cookies

Cosmic Reach uses essential cookies to support core site functionality and analytics cookies to understand traffic and improve the website experience. Visitors can accept, decline, or manage analytics preferences through the cookie banner and the “Cookie Preferences” link in the footer.

If you accept analytics cookies, Google Analytics (GA4) will set cookies to distinguish unique users and sessions. These cookies do not personally identify you. If you decline, no analytics cookies are set and GA4 does not load.

Mission Control uses a secure, HTTP-only session cookie to keep you signed in. This cookie is set to SameSite Strict, meaning it is not sent with cross-site requests. Session cookies expire after 30 days of inactivity.

Third-Party Services

We use the following third-party services, each governed by their own privacy policies:

  • Google Analytics (site analytics)
  • Google Calendar & Meet (scheduling and video calls)
  • Stripe (payment processing)
  • Resend (transactional emails)
  • Vercel (website hosting)

Your Rights

You may request access to, correction of, or deletion of your personal information at any time by contacting us. We will respond within 30 days.

Contact

If you have privacy-related questions, contact us at jordan@cosmicreachcreative.com.