Integration Permissions

Kosmos uses read-only API connections to analyze your data. We never install code in your environment or modify your systems.

Our Security Approach

Zero-Install Architecture Kosmos operates entirely outside your infrastructure. We connect via standard OAuth APIs—the same secure method used by thousands of enterprise integrations.

Read-Only Access We request only the minimum permissions needed to analyze your data. Kosmos cannot create, update, or delete records in your systems.

No Code Deployment Nothing is installed in your Salesforce org, Jira instance, or GitHub repos. This means:

• No security reviews of deployed packages

• No impact on your system performance

• No maintenance burden on your team

Permissions by Integration

Salesforce Service Cloud

What we DON'T access: Opportunities, financial data, custom objects (unless mapped), attachments, or files.

Jira

What we DON'T access: Confluence pages, admin settings, user passwords, or billing information.

GitHub

What we DON'T access: Source code contents, secrets, Actions logs, or admin settings.

Data Handling

• Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)

• Retention: Data retained only while your account is active

• Location: Hosted on Google Cloud Platform (US regions)

• Compliance: SOC 2 Type II in progress; DPA available upon request

Revoking Access

You can disconnect any integration at any time from Settings → Integrations. Revoking access immediately stops data sync. To request data deletion, contact [email protected].

Questions?

If your security team needs additional documentation, we're happy to provide:

• Security questionnaire responses

• Data Processing Agreement (DPA)

• Architecture diagrams

Contact your Kosmos team or email [email protected].

Questions? Contact [email protected] | app.kosmoslabs.ai

© 2026 Kosmos AI Labs, Inc.