Terms & Privacy

By accessing or using the Hosmos platform ("Platform"), operated by HelpH D.O.O., a company incorporated in Slovenia ("Company", "we", "us"), you ("User", "you") agree to be bound by these Terms of Service ("Terms"). If you do not agree, you must discontinue use of the Platform immediately.

These Terms constitute a legally binding agreement between you and the Company. By creating an account, completing the onboarding wizard, or subscribing to any plan, you confirm that you have read, understood, and accepted these Terms in their entirety.

Hosmos is a B2B SaaS platform designed for small and medium-sized enterprises (SMEs) to:

• Calculate greenhouse gas emissions across Scope 1, Scope 2, and Scope 3 (GHG Protocol)
• Manage up to 100+ non-financial ESG parameters (Environment, Social, Governance)
• Auto-generate compliance reports aligned with CSRD/ESRS, GRI 2021, CDP Climate, UN Global Compact, EU Taxonomy, TCFD, and SBTi standards
• Manage supply chain ESG questionnaires and track decarbonisation goals

Feature availability depends on the subscription tier selected by the User (Trial, Starter, Pro, or Enterprise).

To use the Platform, you must create an account by providing accurate and complete information. You are responsible for maintaining the confidentiality of your login credentials and for all activities that occur under your account.

You must notify us immediately at support@hosmos.io if you suspect any unauthorised access to your account.

Hosmos offers the following subscription tiers: Trial (free, 30 days), Starter (EUR 20/month), Pro (EUR 100/month), and Enterprise (custom pricing). All prices are exclusive of applicable taxes unless stated otherwise.

4.1 Right to Modify Pricing

The Company reserves the right to modify subscription prices, features included in each tier, and the structure of pricing plans at any time. Such changes may include, but are not limited to:

• Adjusting monthly or annual subscription fees for any or all tiers
• Adding, removing, or reassigning features between tiers
• Introducing new pricing tiers or discontinuing existing ones
• Applying surcharges for premium features, add-ons, or increased usage

4.2 Notice of Price Changes

We will provide at least 30 days' prior written notice of any pricing changes via email to the address associated with your account. The notice will specify the new pricing, the effective date, and any changes to tier features.

4.3 Effect of Price Changes

Price changes will take effect at the start of the next billing cycle following the 30-day notice period. Your continued use of the Platform after the effective date constitutes acceptance of the new pricing. If you do not agree with the new pricing, you may cancel your subscription before the effective date without penalty.

4.4 Billing and Payment

Subscriptions are billed monthly or annually in advance via Stripe. Failed payments will result in a grace period of 7 days, after which your account may be downgraded to Trial functionality until payment is resolved.

New users receive a 30-day free trial with access to Scope 1 and Scope 2 calculation, the onboarding wizard, and a single PDF report export. No credit card is required to start a trial.

At the end of the trial period, your account will be limited to read-only access. To continue using the Platform, you must subscribe to a paid plan. Trial data is retained for 90 days after trial expiration.

6.1 Data You Provide

You provide corporate ESG data including but not limited to: energy consumption, emissions data, workforce composition, governance structures, supplier information, and other non-financial parameters. You retain ownership of all data you submit.

6.2 Data Use for Analytics and Product Development

6.3 Data Sharing with Third Parties

The Company may share aggregated and anonymised data with:

• Research institutions and industry bodies for ESG benchmarking purposes
• Technology partners and sub-processors necessary for Platform operation (subject to Data Processing Agreements)
• Regulatory authorities when required by law

We will never sell your individually identifiable company data to third parties. All shared data will be sufficiently aggregated and anonymised so that no individual company can be identified.

6.4 Data Retention

Your data is retained for the duration of your active subscription plus 12 months after account termination. You may request full data export or deletion at any time in accordance with your rights under GDPR (see Section 9).

The Platform, including its design, code, algorithms, emission factor databases, report templates, and all associated intellectual property, is owned by HelpH D.O.O. and protected by applicable copyright, trademark, and trade secret laws.

You are granted a limited, non-exclusive, non-transferable licence to use the Platform for the duration of your subscription. You may not reverse-engineer, decompile, or create derivative works from the Platform.

Any aggregated insights, benchmarks, or derived datasets produced by the Company from anonymised user data are the intellectual property of the Company.

You agree not to:

• Submit knowingly false, misleading, or fraudulent ESG data
• Use the Platform to misrepresent your company's environmental or social performance (greenwashing)
• Attempt to gain unauthorised access to other users' accounts or data
• Use automated tools to scrape, extract, or harvest data from the Platform
• Resell access to the Platform without a valid Enterprise or white-label agreement
• Interfere with the Platform's infrastructure or security mechanisms

The Company processes personal and corporate data in accordance with the EU General Data Protection Regulation (GDPR, Regulation 2016/679). Key provisions:

• Data Residency: All data is stored within the European Union
• Legal Basis: Data processing is based on contractual necessity (Art. 6(1)(b)) and legitimate interest (Art. 6(1)(f)) for analytics and product development
• Your Rights: You have the right to access, rectify, erase, port, and restrict processing of your data. Contact privacy@hosmos.io to exercise these rights
• Data Processing Agreement: A DPA is available upon request for all paying subscribers, as required by Art. 28 GDPR
• Sub-processors: We maintain a current list of sub-processors available at hosmos.io/sub-processors

We implement industry-standard security measures including: AES-256 encryption at rest, TLS 1.3 in transit, row-level security for data isolation, multi-factor authentication, immutable audit logging, and regular third-party penetration testing (OWASP Top 10).

While we take all reasonable steps to protect your data, no system is completely secure. You acknowledge that you provide data at your own risk.

To the maximum extent permitted by applicable law:

• The Platform is provided "as is" without warranties of any kind, express or implied
• The Company shall not be liable for any indirect, incidental, consequential, or punitive damages arising from your use of the Platform
• The Company's total liability shall not exceed the total fees paid by you in the 12 months preceding the claim
• The Company does not guarantee that ESG calculations will meet specific regulatory audit requirements. Users are responsible for verifying data accuracy with qualified professionals

You may cancel your subscription at any time through your account settings or by contacting support@hosmos.io. Cancellation takes effect at the end of the current billing period.

The Company may suspend or terminate your account if you violate these Terms, engage in fraudulent activity, or fail to pay subscription fees after the grace period.

Upon termination, you may export your data within 30 days. After this period, data will be retained in accordance with our data retention policy (Section 6.4) and then permanently deleted.

The Company reserves the right to modify these Terms at any time. Material changes will be communicated via email at least 30 days before they take effect. Your continued use of the Platform after the effective date constitutes acceptance of the updated Terms.

We encourage you to review these Terms periodically. The "Last updated" date at the top of this page indicates when the most recent revision was made.

These Terms are governed by and construed in accordance with the laws of the Republic of Slovenia. Any disputes arising from these Terms shall be resolved by the competent courts in Ljubljana, Slovenia.

Before initiating legal proceedings, both parties agree to attempt to resolve disputes through good-faith negotiation for a period of 30 days.

For questions about these Terms, please contact us:

The data controller is HelpH D.O.O., registered in the Republic of Slovenia. For all privacy-related inquiries, contact us at privacy@hosmos.io.

We collect the following categories of data:

Account Data

Name, email address, company name, job title, and password hash. Collected during registration and required to operate your account.

Company ESG Data

Energy consumption, emissions data, fleet and transport information, workforce composition, governance structures, supplier information, and other non-financial parameters you submit through the Platform.

Usage Data

Pages visited, features used, session duration, device type, browser type, IP address (anonymised after 30 days), and interaction patterns. Collected automatically to improve the Platform.

Billing Data

Payment method details are processed directly by Stripe and are never stored on our servers. We retain only transaction IDs, plan type, and billing history.

We share data only in the following cases:

• Sub-processors: Vercel (hosting), Supabase (database and auth), Stripe (payments), Resend (email), Sentry (error monitoring). All sub-processors have signed Data Processing Agreements.
• Aggregated analytics: Anonymised, aggregated data may be shared with research institutions and industry bodies for ESG benchmarking. No individual company can be identified.
• Legal requirements: When required by law, court order, or regulatory authority.

We do not sell your personal or company data to third parties. We do not use your data for advertising purposes.

• All data is stored within the European Union
• Encryption at rest: AES-256
• Encryption in transit: TLS 1.3
• Tenant isolation: PostgreSQL Row-Level Security
• Authentication: OAuth 2.0 with optional MFA (TOTP / WebAuthn)
• Backups: continuous with RPO 1h / RTO 4h
• Audit logging: immutable, timestamped logs of all data access

Under GDPR, you have the following rights:

To exercise any of these rights, email privacy@hosmos.io. We will respond within 30 days.

Hosmos uses only essential cookies required for authentication and session management. We do not use advertising or tracking cookies. No cookie consent banner is required as we only use strictly necessary cookies (ePrivacy Directive Art. 5(3) exemption).

We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 30 days before they take effect. The "Last updated" date at the top of this page indicates the most recent revision.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Information Commissioner of the Republic of Slovenia (Informacijski pooblaščenec) at www.ip-rs.si, or with the supervisory authority in your country of residence.