Appearance
Privacy
Draft
This page is a draft and does not constitute a legal agreement. The final privacy notice will be reviewed by qualified counsel before public launch. Until then, treat the contents as the maintainer's stated intent — not as legally binding terms.
Who we are
Atlas is operated by <CONTROLLER_LEGAL_NAME> (the controller for the purposes of GDPR Article 4(7) and CCPA §1798.140(d)). Contact for privacy matters: privacy@atlas-terminal.io.
If you are in the EEA / UK and we have not designated a local establishment, our EU representative under GDPR Article 27 will be listed here once appointed: <EU_REPRESENTATIVE_NAME_AND_CONTACT>.
Our Data Protection Officer (where one is required under GDPR Article 37) can be reached at dpo@atlas-terminal.io.
What we collect
- Account data — email and password hash for authentication; display name and timezone for UI personalization.
- Workspace state — watchlists, saved screens, saved graphs, custom dashboard layouts, alert rules. Synced server-side once you sign in.
- Subscription metadata — plan tier, status, period end. The actual payment method and card data live with our payment processor (Stripe), not with us.
- Diagnostic logs — request method, path, status, latency, and user ID for authenticated requests. Used to operate the service.
We do not sell user data within the meaning of CCPA §1798.140(t). We do not run third-party advertising trackers in the application.
Lawful basis for processing (GDPR Article 6)
For users in the EEA / UK, we rely on the following lawful bases:
| Data category | Lawful basis | Why |
|---|---|---|
| Account data (email, password hash, profile) | Contract — Article 6(1)(b) | Necessary to provide the service you signed up for |
| Workspace state (watchlists, alerts, dashboards) | Contract — Article 6(1)(b) | Necessary to deliver core functionality |
| Subscription metadata | Contract — Article 6(1)(b) and legal obligation — Article 6(1)(c) | Required to provide a paid service and keep tax-compliant records |
| Diagnostic logs | Legitimate interest — Article 6(1)(f) | Service reliability, debugging, abuse prevention; balanced against minimal scope (no bodies, no payloads) |
| AI chat transcripts | Contract — Article 6(1)(b) | Necessary to deliver the AI feature you invoked |
Where a different basis applies (e.g., explicit consent for an opt-in feature), the relevant in-app surface will say so before you opt in.
What we do not collect
- Real names beyond what you voluntarily put in your profile.
- Payment card numbers, CVCs, or any PCI-relevant data — handled entirely by the payment processor.
- Browsing behavior outside the Atlas application.
- The contents of your AI chat threads as training data — see "AI chat" below.
Third parties we share with
Atlas relies on a small set of upstream services to function. We share with these vendors only the minimum required to deliver the relevant feature:
- Finnhub, EODHD — symbol identifiers when you query a quote or fundamentals (your account identity is not transmitted).
- OpenSky, MarineTraffic — query parameters when you load globe layers (your account identity is not transmitted).
- Cesium Ion — globe rendering. Your client connects directly using a public access token.
- Stripe — billing. Stripe holds payment method data; we hold only plan metadata.
Atlas is the proxy for the first two — your queries reach the upstream provider through our backend, attributed to our backend account, not yours.
Data retention
| Data category | Live retention | Backup retention | Notes |
|---|---|---|---|
| Account and workspace data | While the account is active; purged within 30 days of account deletion | Up to 90 days in encrypted backups, then irrecoverable | "Storage limitation" per GDPR Article 5(1)(e) |
| Diagnostic logs | 30 days | None | Aggregated into anonymous, non-reversible metrics on day 31 |
| AI chat threads | While the thread exists; deleted on user delete | Up to 30 days in encrypted backups | Inference-time content not retained by the AI vendor (see "AI chat" below) |
| Stripe billing records | 7 years | Per Stripe's policy | Required for invoice / tax / chargeback compliance |
| Authentication audit log (sign-ins, MFA events) | 12 months | None | Available to you in Settings → Security |
AI chat
The AI chat is grounded in your active panels and your conversation history within the thread. It does NOT have access to other tabs, your filesystem, or other users' data.
Vendor & boundary. Inference is performed by <AI_VENDOR_NAME> under a Data Processing Agreement that:
- Prohibits use of your prompts or responses for training the underlying model.
- Restricts processing to the inference request itself (no long-term retention by the vendor).
- Requires equivalent security controls (encryption in transit, audit logging on the vendor side).
We are the controller of AI chat data; the AI vendor acts as a processor under GDPR Article 28. The current vendor and the DPA reference will be listed here once the procurement is finalized.
What the AI sees. The currently focused symbol or selection, the active panel's recent data, your watchlist, the glossary, and the messages in the active thread. It does not see closed panels, search history, other users' data, or any information outside the current authenticated session. This boundary is enforced server-side.
Accuracy. The AI may produce summaries that are incomplete, out of date, or contradict the underlying data. AI output is a draft to verify, not a conclusion to act on. See Terms of use for the corresponding disclaimer.
Your rights
- Export — request an export of your account data at any time.
- Deletion — delete your account from the user menu (
common.deleteAccount). Deletion is hard — workspace state is removed and is not recoverable. - Access — view what's stored about you in Settings → Profile.
- Correction — edit your profile data directly in the same screen.
To exercise any of the above through a channel other than the in-app controls, contact the maintainers.
International data transfers
Where personal data leaves the European Economic Area (EEA) or the UK — for example, when our cloud infrastructure or the AI vendor is hosted in the United States — we rely on the EU Standard Contractual Clauses (SCCs) as the lawful transfer mechanism, supplemented by the technical and organisational measures described under "Security" below. The current sub-processor list and the SCCs on file will be published at https://atlas-terminal.io/privacy/sub-processors once finalized.
California residents (CCPA / CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the CPRA:
- Right to know the categories and specific pieces of personal information we have collected about you.
- Right to delete personal information we hold about you.
- Right to correct inaccurate personal information.
- Right to opt out of any "sale" or "sharing" of personal information. Atlas does not currently sell or share personal information for cross-context behavioural advertising.
- Right to non-discrimination for exercising any of the above.
To exercise these rights, contact privacy@atlas-terminal.io. We will verify your identity before responding (typically by confirming control of the account email).
| CCPA category | What we collect | Business purpose |
|---|---|---|
| Identifiers | Email, account ID | Authentication, support |
| Commercial information | Subscription tier, billing events | Provide paid plan |
| Internet/network activity | Diagnostic logs (method, path, status, latency) | Service operation, abuse prevention |
| Inferences (limited) | Watchlist composition, alert rules | Deliver the user-configured features |
Security
- All credentials stored as bcrypt hashes with per-user salts.
- All API keys and tokens stored in server-side environment variables only — never bundled into the frontend, never logged.
- 2FA available for all accounts; mandatory for OSINT-tier accounts. See Settings → Security.
- Encryption in transit (TLS 1.2+) for every connection. Encryption at rest for the application database and backup snapshots.
- For OSINT users with an elevated threat model, see OSINT operational security.
Data breach notification
If we determine that a personal-data breach has occurred and is likely to affect you, we will:
- Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where required by GDPR Article 33.
- Notify affected users without undue delay where the breach is likely to result in a high risk to your rights and freedoms (GDPR Article 34), via the email on file.
- Publish a summary of the incident and remediation steps in the Changelog once the immediate response is complete.
Changes to this notice
When this notice changes materially, we will post the change in the Changelog and notify active users by email at the address on file.