Privacy Policy

Atlas CRM, operated by Atlas Digital Co. ("Atlas," "we," "us," "our"), provides this Privacy Policy to explain how we collect, use, disclose, and protect information about you when you use our cloud-based CRM platform ("Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

We collect the following categories of information:

Account and Registration Data

• Name, email address, and password (hashed — never stored in plaintext)
• Organization name and billing address
• Payment method details (processed and stored by Stripe — we never store raw card data)
• Profile information you voluntarily provide

CRM Data You Enter

• Contact records (names, emails, phone numbers, company details)
• Deal and pipeline information
• Notes, tasks, activities, and communication logs
• Files and documents uploaded to the Service
• Email content synced through email integrations

Usage Data

• Log data: IP address, browser type, pages visited, actions taken
• Device information: operating system, screen resolution
• Performance metrics and error reports
• Feature usage patterns (aggregated, used to improve the product)

Cookies and Tracking

We use strictly necessary cookies for authentication and session management, and optional analytics cookies to understand usage patterns. You can manage cookie preferences via our Cookie Settings.

We use the information we collect to:

• Provide, operate, and improve the Service
• Process transactions and manage your subscription
• Send transactional emails (account confirmations, invoices, security alerts)
• Respond to support requests and communicate with you
• Detect, prevent, and address fraud, abuse, and security issues
• Analyze aggregate usage patterns to improve product features
• Comply with legal obligations
• Send product updates and marketing communications (you may opt out at any time)

We do not sell your personal data or Customer Data to third parties. We do not use your Customer Data to train AI models without your explicit consent.

We share data with trusted third-party processors only as necessary to provide the Service. Each is bound by data processing agreements and appropriate privacy standards:

We only share the minimum data necessary for each processor to perform their function.

We retain your data for as long as your account is active or as needed to provide the Service. Specifically:

• Active account data: retained until account deletion or subscription cancellation
• After termination: Customer Data is deleted within 90 days; backup copies within 180 days
• Billing records: retained for 7 years as required by tax law
• Security logs: retained for 12 months
• Aggregated analytics data: retained indefinitely (no personal identifiers)

You may request early deletion of your data at any time (see Your Rights below), subject to our legal retention obligations.

We implement industry-standard security measures to protect your data, including:

• Encryption in transit (TLS 1.2+) and at rest (AES-256)
• Password hashing using bcrypt with salt
• Access controls and least-privilege principles
• Regular security reviews and penetration testing
• Incident response procedures with notification within 72 hours of discovery

No system is completely secure. If you discover a security vulnerability, please report it responsibly to Landon@atlasdigitalco.com.

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion:Request deletion of your personal data ("right to be forgotten")
• Portability: Request export of your Customer Data in a machine-readable format (CSV/JSON)
• Objection: Object to certain processing activities
• Restriction: Request restriction of processing in certain circumstances
• Withdraw consent: Withdraw consent for marketing communications at any time

To exercise any of these rights, contact us at Landon@atlasdigitalco.com. We will respond within 30 days (or as required by applicable law). We may need to verify your identity before fulfilling your request.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, Atlas Digital Co. acts as the Data Controller for account and usage data, and as a Data Processor for Customer Data you enter into the Service.

Our legal bases for processing include:

• Contract: Processing necessary to provide the Service you subscribed to
• Legitimate interests: Security monitoring, fraud prevention, product improvement
• Legal obligation: Compliance with applicable laws and regulations
• Consent: Marketing communications and optional cookies

For cross-border data transfers from the EEA to the United States, we rely on Standard Contractual Clauses (SCCs) and other appropriate safeguards. You may request a Data Processing Agreement (DPA) by contacting us.

You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data in accordance with applicable law.

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

We may update this Privacy Policy periodically. When we make material changes, we will notify you via email and/or a prominent notice within the Service at least 30 days before the changes take effect. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.

For privacy-related questions, data requests, or to report a concern: