Last updated May 29, 2026
This privacy notice for Osmosis Technologies Inc. (doing business as Osmosis.fm) ("we," "us," or "our") describes how and why we collect, store, use, and/or share ("process") personal data in connection with our services ("Services").
Scope. This Privacy Policy covers personal data we process in three contexts:
This Privacy Policy is incorporated into our Master Subscription Agreement (the "MSA"). If you do not agree with our policies and practices, please do not use our Services. Questions or requests: [email protected].
In Short: We collect minimal personal data for enterprise account registration, billing, and support; limited data automatically from website visitors; and we process personal data contained in the public content we index (Section 2) and in Customer Data (Section 4).
Enterprise account and user data. For account and user data, Osmosis is the controller — we determine the purposes and means of processing this information. When you register for or use the Services, we typically collect:
Sensitive information. We do not intentionally collect sensitive personal information (e.g., health data, biometrics, government identifiers), and we ask Customers not to submit data subject to specialized regulatory handling (see Section 4). Because Customer Data is supplied by Customers, it could contain sensitive information; where it does, we process it as Customer Data on the Customer's behalf and do not use it for our own purposes.
Payment data. Where a Customer pays us directly, payment transactions are handled by a third-party payment processor. We do not store full payment card numbers.
Information automatically collected. When you visit our website, some information — such as IP address and browser/device characteristics — is collected automatically for security and analytics. This does not by itself reveal your identity but may include IP address, device and browser characteristics, operating system, language preferences, referring URLs, and approximate location.
In Short: Our platform indexes publicly available content that can include information about identifiable individuals. We process this as a controller, relying on our legitimate interests where laws such as the GDPR apply, and we provide a way to object or request removal.
The core of our platform is the ingestion and analysis of publicly and lawfully available institutional and industry content, such as earnings presentations, allocator and pension-fund meetings, regulatory hearings, public filings, and executive interviews. This content can include personal data — for example, the names, roles, and public statements of executives, allocators, and other professionals appearing in those sources.
We process this information to provide research and intelligence Services to our Customers, including market mapping, organization and industry monitoring, and relationship intelligence. We collect it from sources that are publicly or lawfully available to us, and we do not circumvent paywalls, logins, or other access controls to obtain it.
Legal basis. Where data protection laws such as the GDPR or UK GDPR apply to this processing, we rely on our legitimate interests (and those of our Customers) in providing business and market intelligence drawn from public sources. We balance these interests against individuals' rights and freedoms, taking into account that the information is professional in nature and drawn from public sources.
Your right to object or request removal. If you are an individual appearing in content we index, you may object to our processing or request removal of information relating to you by contacting [email protected]. We will review your request and respond as required by applicable law.
In Short: We process information to provide and improve the Services, communicate with you, maintain security, and comply with law — on the legal bases described below.
We process personal data for these purposes:
Legal bases (where the GDPR / UK GDPR applies). Depending on the activity, we rely on: performance of a contract (providing the Services to account holders); legitimate interests (securing and improving the Services, and the public-source processing described in Section 2); consent (where required, e.g., certain cookies); and compliance with legal obligations.
In Short: For data Customers submit to or generate through the Services, we act on the Customer's behalf as a processor (or service provider) and use it only to provide and support the Services.
"Customer Data" — including target lists, watchlists, account lists, user information, configuration inputs, and usage and activity data — may contain personal data. For Customer Data, the Customer is the controller and Osmosis is the processor (or, under U.S. state laws, a service provider). We process Customer Data only to provide, configure, secure, support, and improve the Services as described in the MSA and the applicable Order Form, and not for our own independent purposes.
We may use Customer Data in aggregated or de-identified form to operate and improve the Services, provided this does not identify any Customer or individual and does not allow Customer-specific information to be reconstructed or disclosed to any other customer or third party. We do not make a Customer's data available to any other customer.
Data processing addendum. We make a data processing addendum (DPA) available on request to govern our processing of personal data within Customer Data. Where a DPA is in place, it governs that processing to the extent of any conflict with this notice.
In Short: We share personal data with subprocessors that process Customer Data on our behalf, with service providers that support our own operations (such as a payment processor), and in connection with corporate transactions. We do not sell or rent personal data.
Subprocessors that process Customer Data. We use third-party providers that process Customer Data on our behalf to host, secure, and operate the Services. They are authorized to process Customer Data only as needed to perform services for us and are bound by contractual confidentiality and data-protection obligations, and we are responsible for their processing of Customer Data to the same extent as if we performed it ourselves. Current categories and key providers include:
We maintain a current list of subprocessors that process Customer Data and will provide it to a Customer on reasonable request.
Service providers for our own operations. We also use third-party providers that handle our own account and business data (rather than Customer Data), such as a third-party payment processor for billing. These providers are likewise bound by contractual confidentiality and data-protection obligations and are authorized to use the data only to provide services to us.
Business transfers. If we are involved in a merger, acquisition, financing, or sale of all or part of our business, personal data may be transferred as part of that transaction.
We do not sell or rent personal data, and we do not share it with advertisers or unrelated third parties for their own marketing.
In Short: We use cookies and similar technologies for analytics, security, and to improve your experience.
We may use cookies to remember preferences and gather aggregated usage data. You can modify browser settings to decline cookies, though this may affect functionality.
In Short: If you sign in through a third-party identity provider, we receive a limited amount of personal data from that provider to authenticate you.
The Services offer single sign-on (SSO) through third-party identity providers (such as Google, via OAuth). If you choose to authenticate this way, you authorize the provider to share the profile information and email address approved during the sign-in flow, and we receive your name and email to set up and authenticate your account. We request only the minimum scopes needed to authenticate and do not store or use additional provider data beyond what is necessary to provide the Services. You can revoke our access through the provider's security settings. We do not control how the provider processes your data; please review its privacy notice.
In Short: We keep account and website data only as long as necessary, and we delete or return Customer Data within 30 days of a Customer's request on termination.
We retain account and user data for as long as your account is active and as needed for the purposes in this notice or as required by law, after which we delete or anonymize it. Data stored in routine backups is securely isolated and deleted in the ordinary course.
For Customer Data, upon termination of the MSA we will, at the Customer's written request, delete or return Customer Data within thirty (30) days, except for (a) data in routine backup systems, deleted in the ordinary course, and (b) data we are required to retain by law. We confirm deletion in writing on request.
In Short: We maintain an information security program with administrative, technical, and physical safeguards, including encryption in transit and at rest and role-based access controls. We notify Customers of qualifying security incidents without undue delay.
We maintain a written information security program designed to protect the confidentiality, integrity, and availability of personal data and Customer Data, including encryption in transit and at rest, role-based and least-privilege access, monitoring, and employee training. No method of transmission or storage is completely secure.
Security incident notification. We will notify the affected Customer without undue delay after becoming aware of any unauthorized access to or disclosure of Customer Data. Such notice will include, to the extent known, a description of the incident, the types of data affected, and the corrective measures taken or planned, and we will cooperate with the Customer in investigating and remediating it.
In Short: The Services are hosted in the United States, and data may be processed in the U.S. and other jurisdictions where we or our service providers operate.
The Services are hosted in the United States. Personal data and Customer Data may be processed in the United States and in other jurisdictions where we or our service providers operate. Where we process personal data of individuals located in jurisdictions with data-transfer requirements, we take steps to ensure an appropriate basis for that processing and transfer as required by applicable law. Customers are responsible for providing any notices to, and obtaining any consents from, their authorized users and other individuals as needed for us to process such information in connection with the Services.
In Short: The Services are intended for business users (18+). We do not knowingly collect data from minors.
If you believe a minor has provided personal data through the Services, contact [email protected] and we will take appropriate measures to delete it.
In Short: Depending on your location and your relationship to the data, you may have rights to access, correct, delete, or object, and to withdraw consent.
You may have the right to request access to, correction of, or deletion of your personal data, and — where we rely on legitimate interests, including for the public-source processing in Section 2 — to object to that processing. Where we rely on consent, you may withdraw it (which does not affect processing already carried out).
We respond to requests as required by applicable data protection laws.
Most browsers include a Do-Not-Track ("DNT") feature. As no uniform standard for recognizing DNT signals has been adopted, we do not currently respond to them. We will update our practices if a standard is established.
In Short: U.S. residents may have rights regarding their personal data under various state laws.
We collect limited identifiers (e.g., name, business email). We do not sell or share personal data for cross-context behavioral advertising. Some information we index originates from publicly available sources, which may be treated differently under certain state laws. U.S. residents wishing to exercise statutory rights (e.g., under the CCPA/CPRA) may contact [email protected].
In Short: Yes. We update this notice as needed to stay compliant and accurate.
The updated version will be indicated by a revised date and is effective as soon as it is accessible.
Questions or comments about this notice, or to review, update, or delete your personal data: [email protected].
We maintain data governance practices to support the security, accuracy, and appropriate use of data on our platform, including:
Osmosis Technologies Inc. Email: [email protected] Website: https://osmosis.fm