Privacy Policy

Privacy is at the heart of what we do.

We do not collect any data, except for your email address, which we need to create your account. We do not keep your data in our servers, either. To ensure your data is secure, we chose to host Kosmik on IPFS, a distributed, decentralized protocol. And we will never sell your data.

In this policy, we explain what data we collect and for what purposes, and your rights to your data.

The use of the Application in the conditions described in the Terms of Service involves the processing of personal data by LITHIUM. 

The terms and conditions of this processing are detailed in the privacy policy below (hereinafter the "Privacy Policy"), which is an integral part of the Terms of Service. 

As such, all capitalized terms shall have the same definition as given to them in the Terms of Service and in Article 1 of the Privacy Policy. 


  • Cookies: refers in particular to HTTP cookies, "flash" cookies, the result of the calculation of a unique fingerprint of the Device in the case of "fingerprinting" (calculation of a unique identifier of the terminal based on elements of its configuration for tracing purposes), invisible pixels or "web bugs", and, in general, any other identifier generated by a software or an operating system (serial number, MAC address, unique terminal identifier (UTI), or any set of data that is used to calculate a unique fingerprint of the terminal (e.g. via a "fingerprinting" method);
  • Data Controller: refers to the natural or legal person, the public administration or any other entity, association or organization that is entitled, even jointly with the Data Controller, to make decisions regarding the purposes and methods of Processing Personal Data and the means used. In this case, the Data Controller is LITHIUM; 
  • Data Subject: refers to the natural or legal person to whom the Personal Data refers; 
  • Device: refers to the terminal used by the Data Subject during the collection of Personal Data by the Data Controller and, in general, during the use of the Application; 
  • Processing: refers to any operation or set of operations, whether or not carried out by automated means, on data or sets of Personal Data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, communication by transmission, dissemination or otherwise enabling alignment or combination, limitation, deletion or destruction. 
  • Usage Data: refers to information automatically collected from the Device (or third party services employed by the Device), which may include: IP addresses or domain names of computers used by Users using this Application, URI (Uniform Resource Identifier) addresses, time of request, method used to submit the request to the server, size of file received in response, numeric code indicating the status of the server response (success, error, etc.), country of origin, characteristics of the browser and operating system used by the User, various time details per visit (e.g., time spent on each page in the Application), and details of the time spent on each page in the Application.), the country of origin, the characteristics of the browser and operating system used by the User, various details of the time per visit (e.g. time spent on each page in the Application) and details of the path followed in the Device with special reference to the sequence of the pages visited, and other parameters concerning the User's operating system and/or computer environment; 
  • User: refers to the person using the Device, which must coincide with or be authorized by the Person Concerned, to whom the Personal Data refer; 


The use of the Application entails the collection and Processing of Personal Data, carried out in compliance with the regulations in force and in particular with the amended Law No. 78-17 of January 6, 1978 relating to the Data Protection Act the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (hereinafter the "GDPR").

The Personal Data processed by LITHIUM within the framework of the use of the Application is strictly confidential and is only that provided by the User. 

When using the Application, only the User's email address is collected. 

In this respect, the Data Controller informs the User that no Usage Data is collected, and no Cookies are placed on the User's Device. 

In addition, the User's password entered to access their Account is not processed by the Data Controller, as it is encrypted in its entirety as soon as it is created by the User.  


The User's email address is collected for the purpose of creating and activating the User's Account. 

The Processing of the email address is necessary for the performance of a contract, namely, the Terms of Service, to which the Data Subject is party, or for the performance of pre-contractual measures taken at the Data Subject's request (Article 6.1 b) of the GDPR). 


In accordance with the provisions of the regulations in force, the Data Processed is kept for limited periods, and, in general, for the entire period necessary for the creation of the User's Account. 

Once the Account has been created, the Data Controller keeps the User's email address for a limited period of time strictly necessary for the purpose for which it is collected. 


The Data is processed at the registered office of the Data Controller and at any other place where the parties responsible for the Processing are located. The Data Processor can be contacted for further information at the following address: 


The Data Processor shall handle Users' Data appropriately and shall take all necessary security measures to prevent unauthorized access, disclosure, modification or destruction of the Data.

The Data Processing is carried out using computers or IT tools and following the procedures and organizational methods closely related to the purposes indicated. 

Only employees authorized by the Data Controller have access to the User's email address.  


In accordance with the regulations in force, the amended Law No. 78-17 of January 6, 1978 relating to the Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, the User has, at any time:

  • the right to access, rectify and/or delete the Data Processed by the Data Controller;
  • the right to object to the Processing of the Data, to request the Data Controller to limit the Processing of the Data and/or the portability of the Data;
  • the right to withdraw or modify their consent to the collection and Processing of the Data.

These rights can be exercised by the Data Subjects by writing to the Data Controller and proving their identity by mail to the following address: 

Finally, the Data Controller informs the User that they have the right to lodge a complaint with a supervisory authority.


8.1 Legal action

The User's Personal Data may be used for legal purposes by the Data Controller, before the Courts or at any stage leading to a possible legal action resulting from improper use of the Application or related services.

The User is aware that public authorities may require the Data Controller to disclose Personal Data.

8.2 Changes to the Privacy Policy

The Data Controller reserves the right to modify this privacy policy at any time by giving notice to Users on this page. It is recommended to consult this page often, referring to the date of the last modification indicated at the bottom of this page. If a User objects to any changes made to this Privacy Policy, the User must cease using the Application and may request the Data Controller to delete the Personal Data. Unless otherwise stated, the then current Privacy Policy applies to all Personal Data that the Data Processor holds concerning Users.