Privacy Policy

Last Updated: January 19, 2026

This Privacy Policy describes how The Atlas ("we", "us", or "our") collects, uses, and shares information about you when you use our website and services (collectively, the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect the minimum amount of data required to operate the Service securely and provide you with a functional experience.

1.1 Account Information

When you create an account, we collect your email address for authentication purposes. We use One-Time Password (OTP) verification to secure your account.

1.2 Usage Data

We automatically collect certain information when you access the Service, including:

  • Pages visited and features used
  • Time and date of your visits
  • Time spent on pages
  • Browser type and version
  • Operating system

1.3 Security and Anti-Abuse Data

To prevent abuse, enforce our Terms of Use, and protect the integrity of the Service, we collect technical device signals including but not limited to:

  • IP address
  • User agent string
  • Canvas fingerprinting data
  • WebGL renderer information (GPU details)
  • Audio context signatures
  • Installed fonts
  • Screen resolution and color depth
  • Timezone information
  • Hardware concurrency (CPU cores)
  • Device memory

This data is hashed using cryptographic functions and stored as a unique fingerprint identifier. The raw data is not stored; only the resulting hash is retained for security verification purposes.

1.4 Support Tickets

When you submit a support ticket, we collect the email address you provide, the subject and content of your message, and associated metadata for the purpose of responding to your inquiry.

2. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the data concerned and the context in which we collect it:

  • Contract Performance: Processing necessary to provide you with the Service you have requested.
  • Legitimate Interests: Processing necessary for our legitimate interests (e.g., fraud prevention, security, service improvement) where those interests are not overridden by your rights.
  • Consent: Where you have given us specific consent to process your data for a particular purpose.
  • Legal Obligation: Processing necessary to comply with legal requirements.

3. How We Use Your Information

We use your data strictly for:

  • Authenticating your access to the Service
  • Providing, maintaining, and improving the Service
  • Detecting and preventing fraud, abuse, and security incidents
  • Enforcing our Terms of Use, including account limits
  • Responding to your support inquiries
  • Sending you technical notices and security alerts
  • Complying with legal obligations

4. Data Sharing and Disclosure

We do not sell your personal data. We may share data with:

  • Service Providers: Third-party companies that provide services on our behalf, such as cloud infrastructure providers (Supabase, MongoDB Atlas, Vercel). These providers are contractually obligated to protect your data and may only use it to provide services to us.
  • Legal Requirements: If required by law, regulation, legal process, or governmental request, or to protect our rights, property, or safety, or that of our users or the public.
  • Business Transfers: In connection with any merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Data Retention

We retain your personal data only for as long as necessary for the purposes set out in this Privacy Policy:

  • Account Data: Retained until you request deletion of your account.
  • Security and Audit Logs: Including IP fingerprints related to abuse detection and banned accounts, are retained indefinitely to enforce our bans and prevent re-registration by malicious users.
  • Support Tickets: Retained for up to 2 years after resolution for quality assurance and legal purposes.
  • Backups: Retained for up to 90 days for disaster recovery purposes.

6. Data Security

We implement industry-standard security measures to protect your information, including:

  • Encryption of data in transit using TLS/SSL
  • Encryption of sensitive data at rest
  • Regular security assessments
  • Access controls and authentication
  • Secure coding practices

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including countries that may not have data protection laws equivalent to those in your jurisdiction. When we transfer data internationally, we ensure appropriate safeguards are in place to protect your information in accordance with applicable law.

8. Your Rights (EEA/GDPR)

If you are located in the European Economic Area (EEA), you have certain rights under the General Data Protection Regulation (GDPR):

  • Right of Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification: You have the right to request correction of inaccurate personal data.
  • Right to Erasure: You have the right to request deletion of your personal data, subject to certain exceptions.
  • Right to Restriction: You have the right to request restriction of processing of your personal data.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used format.
  • Right to Object: You have the right to object to processing based on legitimate interests.
  • Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw consent at any time.

To exercise these rights, please contact us through our Support page. Note that security-related logs (fingerprints of banned accounts) are retained even after account deletion to prevent abuse.

You also have the right to lodge a complaint with a supervisory authority if you believe we have violated your data protection rights.

9. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information as quickly as possible. If you believe we have collected information from a child under 16, please contact us immediately through our Support page.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and hold certain information. Cookies are files with a small amount of data that may include an anonymous unique identifier.

We use the following types of cookies:

  • Essential Cookies: Required for the operation of the Service (authentication, security).
  • Functional Cookies: Used to remember your preferences and settings.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

11. Do Not Track

We do not currently respond to "Do Not Track" signals because there is no industry-standard for how online services should respond to such signals. If a standard is established, we will review our practices.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top.

For material changes, we will provide notice through the Service or by other means. Your continued use of the Service after any changes constitutes your acceptance of the new Privacy Policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us through our Support page.

14. Data Protection Officer

For GDPR-related inquiries, you may contact our data protection point of contact through our Support page with the subject line "GDPR Request."