Privacy Policy.

This Privacy Policy describes how Atlas DevHQ ("Atlas", "we") collects and processes personal information when you use Atlas Cloud, our website at useatlas.dev, our documentation, and related communications.

It does not cover the open-source Atlas distribution that you self-host — when you run Atlas in your own infrastructure under AGPL-3.0, we don’t see your data and there is nothing for us to collect.

If you are a Customer’s end user (e.g. someone whose company uses Atlas Cloud), the Customer is the controller of your personal data and you should consult their privacy policy. We process your data on the Customer’s behalf, as described in the Data Processing Addendum at useatlas.dev/dpa.

Account data: name, email, organization, role, hashed password (or SSO subject identifier).

Configuration data: semantic-layer YAML, validator rules, warehouse connection metadata (host, database, schema names — never credentials in plaintext).

Operational data: query metadata (timestamp, gate outcomes, execution time, row count, error class). Query SQL and natural-language prompts are stored only when audit logging is enabled by the Customer admin.

Telemetry: IP address, browser user-agent, page-load timing, error stack traces. Telemetry is sampled and retained for 30 days.

Billing data: company name, billing address, tax ID, payment method tokens. We use Stripe as our payment processor; we never store full card numbers.

To provide the Service: authenticate users, execute queries, render dashboards, send transactional email.

To improve the Service: aggregate, anonymized telemetry to find slow paths, broken flows, and common errors. We do not use Customer Data to train models.

To bill you: process payments, send invoices, comply with tax law.

To keep the Service safe: detect abuse, rate-limit attackers, investigate security incidents.

To support you: respond to email, debug your issue with your explicit permission to read configuration data.

We do not use Customer Data — including queries, prompts, semantic-layer definitions, and any data returned from your warehouse — to train, fine-tune, or evaluate AI models.

We do not sell or rent personal data to third parties.

We do not share personal data with advertising networks.

We do not access Customer’s data warehouse content for any purpose other than (a) executing queries that Customer’s authorized users have explicitly issued, and (b) the Customer-initiated schema profiling step (`atlas init` or the Connect Wizard) which samples a small set of rows from each table to seed the semantic-layer YAML. Profiling does not run on a recurring basis — only when the Customer adds or refreshes a connection.

We do not retain query result sets in persistent storage; results live in encrypted memory for the duration of a session and are evicted within minutes of the session ending.

Customers may connect external AI agents (e.g. Claude Desktop, custom MCP clients) to Atlas Cloud via the Model Context Protocol (MCP) — a standard tool-use transport. The connection runs over OAuth 2.1 to the hosted MCP endpoint at mcp.useatlas.dev (self-hosted Atlas exposes the same surface at the Customer’s chosen domain).

Tool calls dispatched by the connected agent flow through the same authenticated path as queries from the Atlas web UI: the agent’s tool inputs (entity-lookup arguments, generated SQL, glossary terms) are processed identically to Customer-issued queries. They land in the same audit and telemetry surfaces described above and are subject to the same retention. Atlas does not exfiltrate tool inputs to a different storage class or share them with the MCP catalog operator.

The connected agent’s vendor (e.g. Anthropic for Claude Desktop) sees the agent’s prompts and the tool-call results returned to the agent — that traffic is governed by the agent vendor’s own privacy policy, not Atlas’s. Atlas does not transmit Customer Data to the catalog operator outside the active tool-call response stream.

Self-hosted Atlas: the MCP transport is in-process. No third party (including Atlas DevHQ) sees the data flow.

Sub-processors: a small set of vendors that help us run the Service (cloud infrastructure, error monitoring, payment processing). The current list is published at useatlas.dev/dpa and customers receive 30 days’ notice of additions.

Model providers: when Customer uses Atlas’s hosted models, prompts are routed through Vercel AI Gateway, which forwards them to the upstream model provider configured for that Customer (e.g. Anthropic, OpenAI). Vercel acts as a sub-processor for routing, observability, and fallback. Where Customer uses BYO model keys, traffic is sent directly to the provider Customer specifies and does not transit Vercel.

Legal: we may disclose information when required by law, court order, or to protect our rights, with notice to Customer where legally permitted.

Successors: in a merger or sale of substantially all assets, the acquirer takes on the same obligations under this Policy.

Depending on your location, you may have rights to access, correct, delete, port, or restrict processing of your personal data, and to object to certain processing. California residents have rights under the CCPA including the right to know, the right to delete, and the right to opt out of any sale of personal information (Atlas does not sell personal information). To exercise these rights, email privacy@useatlas.dev.

If you are a Customer’s end user, please contact the Customer first; we will assist them in responding within 30 days.

You have the right to lodge a complaint with a data protection authority. We hope you’ll give us a chance to resolve it first.

Atlas Cloud is hosted in three Customer-selectable regions on the Business plan: United States (Ashburn, Virginia), Europe (Eemshaven, Netherlands), and Asia Pacific (Singapore). Customer Data does not leave the selected region except for transactional services (billing, status email) which are processed in the United States.

Where personal data is transferred from the EEA, UK, or Switzerland to the US, we rely on Standard Contractual Clauses and the EU-US Data Privacy Framework where available. Custom enterprise contracts can negotiate additional regions.

Account data: retained for the duration of the account plus 90 days after closure.

Audit logs: 365 days by default; configurable per-workspace with a 7-day floor and a hard-delete delay for compliance export.

Telemetry: 30 days, then aggregated and de-identified.

Backups: production data is retained in encrypted backups for up to 90 days.

Atlas maintains a security program aligned with ISO 27001 and SOC 2 Type II controls. Highlights: TLS 1.2+ in transit, AES-256-GCM at rest with versioned key rotation, least-privilege IAM, encrypted internal-database storage of all integration credentials and connection strings, automated vulnerability scanning of container images and dependencies, and TOTP two-factor authentication required for every administrator account on managed-mode sessions. Per-customer KMS keys are on the public roadmap and negotiable on enterprise contracts.

Suspected security incidents may be reported to security@useatlas.dev. Our disclosure policy is published at useatlas.dev/.well-known/security.txt (RFC 9116). Encrypted reports may use the PGP key at useatlas.dev/.well-known/atlas-security.asc (fingerprint: B00E 2A64 12E9 3CDF 9624 29CF 3970 0A61 1481 92C7).

We use first-party cookies on Atlas Cloud for authentication and CSRF protection. The marketing site at useatlas.dev currently runs no analytics or behavioral tracking — no Plausible, no Google Analytics, no third-party advertising pixels, no cross-site cookies.

You can disable cookies in your browser; some Service features (notably login on Atlas Cloud) will not work without them.

The Service is not intended for individuals under 16. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact privacy@useatlas.dev and we will delete it.

We may update this Policy. Material changes will be announced by email to account admins and posted on this page with an updated effective date at least 30 days before taking effect.