Privacy policy. What we collect, what we don't.

Account data. Email, password hash (we never see plaintext), display name, locale, theme preference, plan tier, member number.

Usage data. Pages you visit on the app, assets you preview or download, credit balances and spends, signup source, IP address, browser metadata, device type. Used for security, abuse prevention, and improving the product.

Payment data. Handled entirely by Stripe. We store a customer ID, plan, and last-4 of the card so you can recognize your payment method on the dashboard. We never see or store full card numbers.

AI tool inputs. Prompts and inputs you submit to Launch OS AI tools are processed by our model providers (OpenAI, OpenRouter) under their respective privacy terms. We retain the inputs and outputs in your account history so you can reuse them.

• We don't sell your personal data to anyone.
• We don't use your AI tool inputs to train models.
• We don't track you across other websites for advertising.
• We don't require government ID or selfie verification.

• To run your account, deliver the service you paid for, and process payments.
• To enforce credit balances, license tier, and abuse-prevention limits.
• To send transactional emails (signup confirmation, password reset, billing receipts).
• To send lifecycle product emails (onboarding, feature updates) you can opt out of.
• To improve the product (aggregate analytics, debug logs, feature decisions).

We use a small set of trusted vendors to operate the service. Each is bound by their own privacy and security commitments.

• Supabase — authentication and database (account data, sessions).
• Stripe — payments (card data, billing).
• Cloudflare — CDN, video Stream delivery, edge security.
• Vercel — application hosting and serverless compute.
• Resend — transactional and marketing email.
• OpenAI / OpenRouter — AI tool model inference.

We use a small number of essential cookies:

• Auth session. Keeps you logged in. Required for the app to work.
• Locale. Remembers your language preference.
• Theme. Light or dark.
• Currency. Detected from your IP and remembered for pricing.

We don't use third-party advertising or cross-site tracking cookies.

Regardless of where you live, you can:

• Access the data on your account from the dashboard.
• Export your data on request (we'll send a download).
• Correct inaccurate account information.
• Delete your account, which removes personal data within 90 days, except where retention is required for legal or fraud-prevention reasons.
• Object to or restrict certain processing under GDPR or comparable laws.

Email privacy@myatlaslab.com to exercise any of these rights.

We keep account data while your account is active. After deletion, personal data is removed from our production systems within 90 days. Backups roll off naturally within an additional 90 days.

We retain billing records for as long as required by tax and accounting law in the jurisdictions we operate in.

Passwords are hashed with industry-standard algorithms and never stored in plaintext. Sessions use HTTP-only secure cookies. Payment data lives on Stripe's PCI-compliant infrastructure. We disclose security incidents affecting your data within 72 hours of confirmation.

myAtlasLab is operated globally. Your data may be processed in the United States, the European Union, and other regions where our processors operate. We rely on standard contractual clauses where applicable.

myAtlasLab is not intended for users under 18. If we learn that a user is under 18, we will delete the account and any associated personal data.

We may update this policy. The date at the top reflects the latest revision. Material changes will be announced on the dashboard and by email at least 14 days before they take effect.

Privacy or data questions: privacy@myatlaslab.com.