PRIVACY POLICY
Last updated: May 23, 2026
1. Who we are
ATLAS OS ("ATLAS", "we", "us") is a private, single-operator executive intelligence system operated by its owner. This policy describes how ATLAS collects, uses, stores, and protects personal and financial data. Contact: privacy@atlasos.live.
2. Data we collect
- Account data: name, email, and Google account identifier obtained via Google OAuth at sign-in.
- Authentication factors: TOTP authenticator enrollment metadata (no shared secret is stored in plaintext).
- Financial data via Plaid: when you link a financial institution, ATLAS receives — via the Plaid API — account identifiers, account balances, transaction history, institution metadata, and a Plaid access token bound to your account.
- Operational data: content you enter into ATLAS (notes, prompts, tasks) and audit logs of authentication events.
3. How we use your data
Data is used solely to operate ATLAS for you: authenticating you, displaying your linked accounts and transactions, generating executive summaries and recommendations, and maintaining the security of the system. We do not sell your data. We do not use your data to train third-party AI models. We do not share your data with advertisers.
4. Plaid disclosure
ATLAS uses Plaid Inc. ("Plaid") to connect to your financial institutions. By linking an account through Plaid Link, you also agree to Plaid's End User Privacy Policy. Plaid retrieves data from your institution on our behalf and transmits it to ATLAS. You can revoke Plaid's access at any time from your ATLAS settings or by contacting us.
5. Storage, encryption, and security
- All data is stored in a managed Postgres database with AES-256 encryption at rest.
- All traffic between your browser, ATLAS, Plaid, and Google is encrypted in transit using TLS 1.2 or higher.
- Access to ATLAS requires Google OAuth plus a TOTP second factor (AAL2). Plaid access tokens sit behind the same gate.
- Row-level security policies restrict every record to its owning user; administrative database keys are confined to server-side code.
6. Data retention
Account, authentication, and financial data are retained for as long as your ATLAS account is active. Authentication audit logs are retained for at least 90 days. On account deletion, all personal and financial records are removed within 30 days, and Plaid access tokens are revoked immediately.
7. Your rights
You may at any time: request a copy of the data ATLAS holds about you; correct inaccurate data; revoke Plaid access for any linked institution; or delete your account and all associated data. Email privacy@atlasos.live to exercise any of these rights.
8. Sub-processors
ATLAS relies on the following sub-processors: Google (OAuth authentication), Plaid (financial data aggregation), Supabase (managed database and authentication infrastructure), and Cloudflare (edge hosting and TLS termination). Each is bound by its own privacy and security commitments.
9. Changes to this policy
Material changes to this policy will be announced in-app before they take effect. The "Last updated" date above always reflects the current version.