Privacy policy

 

Cosmic Spark | Global Data Sovereignty & Privacy Policy

Revision 6.0 (April 2026)

Cosmic Spark ("we," "us," or "our") engineers high-performance computing (HPC) ecosystems and provides specialized technical advisory services. We are committed to the highest standards of data sovereignty and privacy, operating in full compliance with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and other localized data protection statutes.

This policy outlines how we collect, utilize, disclose, and secure the personal and technical data processed during our business operations. By utilizing our services or accessing our validated infrastructure documentation, you acknowledge the data practices described herein.

1. Data We Collect: The "Validated" Threshold

We strictly limit data collection to the minimum required for executing specialized engineering commissions and validating system architectures.

  • 1.1 Personal Identification Data:

    • Corporate Clients: Name, corporate email (e.g., ishraak@cosmicspark.xyz), professional title, company name, and authorized billing/shipping address.

    • Educational Partners: Institutional name, faculty contact details, and department allocation for "Incentive Units."

  • 1.2 Technical & Operational Data:

    • System Configurations: Serial numbers, MAC addresses, and unique hardware component IDs (e.g., Processor Steppings) of commissioned HPC stacks.

    • Validation Reports: Performance benchmarks, power consumption logs, and thermal telemetry generated during the Certified Benchmark & Validation phase.

    • Infrastructure Audits: Diagnostic logs and network topology maps provided by the Client for optimization purposes (operated under separate NDA).

  • 1.3 Automated Data (Website):

    • IP address, browser type, and operating system (collected via essential, non-tracking cookies strictly for security and load balancing). We do not utilize third-party marketing trackers or analytics.

2. Legal Basis for Processing (GDPR Compliance)

We process data based on the following legal grounds, ensuring transparency for our EU-based partners:

  • 2.1 Performance of a Contract: To fulfill our obligations under a Master Service Agreement (e.g., building and validating a 60-core server node).

  • 2.2 Legitimate Interests: To secure our infrastructure, manage high-stakes client relationships, and improve our specialized engineering methodologies.

  • 2.3 Legal Obligation: To comply with tax, customs, and financial reporting requirements in Bangladesh and the Client's jurisdiction.

3. Utilization of Data: Sovereign Optimization

We do not monetize client data. Data is utilized strictly for performance maximization and logistical execution.

  • 3.1 Architectural Synthesis: Utilizing Technical Data to fine-tune the BIOS, memory timings, and accelerator endpoints (QAT/DSA) of the commissioned hardware.

  • 3.2 Operational Handover: Generating the Certified Benchmark Report to validate that the hardware meets the contracted performance specification.

  • 3.3 Logistical Deployment: Utilizing Shipping and Identification Data to execute DDP/DAP shipping protocols with Tier-1 carriers.

4. Disclosure of Data: The "Air-Gapped" Standard

Cosmic Spark operates under an "air-gapped" model of data isolation. We do not sell, rent, or trade client data to third parties for marketing purposes. Data is disclosed only to essential "Sovereign Partners":

  • 4.1 Logistics Partners: Providing shipping details to verified carriers (e.g., DHL Express, FedEx) for hardware delivery.

  • 4.2 Component Vendors (Limited): Disclosing component serial numbers to manufacturers (e.g., Intel, Gigabyte) solely for activating specialized warranty tiers or validating "Engineering Sample" status, if applicable.

  • 4.3 Legal & Financial Advisors: Disclosing minimal data required for audit, tax, and regulatory compliance.

5. International Data Transfers: Chain-of-Custody

For clients outside of Bangladesh (including the EU and California), your data may be transferred to and processed in our secure operational centers in Dhaka. We utilize specialized data transfer mechanisms, including Standard Contractual Clauses (SCCs) pre-approved by the EU Commission, to ensure that localized data protections "travel with the data."

6. Data Retention & Erasure Protocol

We retain data only for the duration required by contract or localized regulation.

  • 6.1 Validation Reports: Retained for the duration of the 3-Year Warranty to facilitate diagnostics.

  • 6.2 Financial Records: Retained for seven (7) years to comply with statutory audit requirements.

  • 6.3 Technical Diagnostics: Erasure of client-provided audit logs occurs within ninety (90) days of project completion.

7. Your Data Sovereignty Rights (GDPR & CCPA)

Depending on your jurisdiction, you possess specific rights regarding your personal and technical data:

  • 7.1 Right of Access (GDPR/CCPA): Request a copy of the personal and technical data we hold on your "Incentive Ledger" or primary build.

  • 7.2 Right of Rectification (GDPR): Correct any inaccurate personal identification or technical configuration data.

  • 7.3 Right to Erasure ("Right to be Forgotten") (GDPR): Request the deletion of data when it is no longer required for the Performance of a Contract or Legal Obligation.

  • 7.4 Right to Opt-Out of Sale (CCPA): While Cosmic Spark does not sell data, California residents maintain the right to officially opt-out of any future "sale" as defined by the CCPA.

  • 7.5 Right to Non-Discrimination (CCPA): Exercising your privacy rights will not result in degraded performance validation or differentiated pricing for your next commission.

8. The Educational Incentive Program (CSR) Data Handling

For the distribution of ESP32-based "Incentive Units," we collect minimal faculty or institutional contact details. This data is utilized solely for logistical deployment and is subject to the same strict data sovereignty protocols as our primary builds. We do not track the subsequent educational utilization of these units.

9. Security of Extreme-Performance Infrastructure

We implement robust physical, technical, and administrative security measures:

  • Data Encryption: All data in transit and at rest is encrypted utilizing industry-standard protocols.

  • Access Control: Access to Certified Validation Reports and Client Diagnostic Logs is limited strictly to Authorized Advisors and the Chief Architect.

  • supply chain supply supply supply supply supply integrity Supply Chain Integrity: We audit our component vendors to ensure that hardware supply chains are "clean" and free from integrated malware vectors (Supply Chain Sovereignty).

10. Updates to This Protocol

We reserve the right to refine this Data Sovereignty Protocol to reflect changes in global regulation (e.g., GDPR 2.0 or CCPA/CPRA amendments). The "Last Updated" date at the top of this policy will reflect the most current revision.

11. Engage the Data Sovereignty Advisor

For any inquiries regarding your data rights, to exercise your right of erasure, or to request a copy of our Standard Contractual Clauses (SCCs), please contact our specialized data protection liaison:

Liaison: Data Sovereignty Advisor Secure Contact: ishraak@cosmicspark.xyz

We look forward to engineering your sovereign, secure future.