Privacy Policy

1. Introduction

Welcome to Atominic Technologies ("Atominic," "we," "us," or "our"). We are committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, store, and protect your information when you use our websites, platforms, and services.

This policy applies to all products and services operated by Atominic Technologies, including but not limited to:

• Jason — an AI-powered marketing and operations platform available at jason.atominic.com
• NexChamps — a learning platform available at nexchamps.com
• The Atominic Technologies website at atominic.com

By accessing or using any of our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this policy, please do not use our services.

2. Information We Collect

We collect information that you provide directly, information generated through your use of our services, and information from third-party integrations. The types of information we collect include:

2.1 Account Information

When you create an account, we collect:

• Full name
• Email address
• Phone number (if provided)
• Organization or company name
• Password (stored in hashed form; we never store plaintext passwords)

2.2 Profile Information

You may optionally provide additional profile details such as your job title, profile picture, timezone, language preference, and workspace-specific settings.

2.3 Payment Information

When you subscribe to a paid plan, we may collect payment-related information such as your bank account details, UPI ID, or transaction reference numbers for manual payment verification. We do not store credit card or debit card numbers. Payment processing for automated transactions, if applicable, is handled by third-party payment gateways (such as Razorpay) that maintain their own privacy and security standards.

2.4 Usage Data

We automatically collect information about how you interact with our services, including:

• Features accessed and actions performed
• AI generation requests and usage volume
• Login timestamps and session duration
• IP addresses
• Referring URLs and navigation paths
• Error logs and performance metrics

2.5 Content Data

Depending on which features you use, we store content that you create or import through our platforms, including:

• Social media posts, drafts, templates, and scheduled content
• Email sequences and campaign content
• CRM contacts, lead data, and communication records
• Content ideas, pillars, and editorial plans
• Uploaded images and media files

2.6 Social Media Account Tokens

When you connect third-party social media accounts (Facebook, Instagram, LinkedIn, Twitter/X) through OAuth, we store access tokens and refresh tokens that allow our platform to publish content and retrieve analytics on your behalf. These tokens are encrypted in our database and can be revoked by you at any time by disconnecting the social account.

2.7 Device and Browser Information

We collect technical information about the devices and browsers you use to access our services, including:

• Browser type and version
• Operating system
• User agent string
• Screen resolution
• Device type (desktop, mobile, tablet)

2.8 Communication Data

When you contact us through support channels, contact forms, email, or any other means, we collect the content of those communications along with any associated metadata (sender, recipient, timestamp) to respond to your inquiries and improve our services.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Maintaining Services

Your information is essential for operating our platforms, processing your requests, authenticating your identity, managing your account, and delivering the features you subscribe to.

3.2 AI Content Generation

When you use AI-powered features (such as content generation, lead scoring, or email drafting), your prompts, context, and relevant workspace data are processed by AI models to generate outputs. This processing is necessary to provide the core functionality of our platforms. Your content is not used to train AI models.

3.3 Publishing Content to Social Platforms

When you schedule or publish content through our platform, we transmit your content (including text, images, and media) to the connected social media platforms via their respective APIs, using the OAuth tokens you have authorized.

3.4 Email Delivery via CRM

If you use CRM email features, we process your email content, recipient lists, and sending configuration to deliver emails on your behalf through configured email services (SMTP or Amazon SES).

3.5 Lead Scoring and Intelligence

We process lead data you import or collect to provide scoring, categorization, and intelligence features that help you prioritize and manage your sales pipeline.

3.6 Usage Metering and Plan Enforcement

We track your usage of various features (such as AI generation requests, number of workspaces, team members, and social accounts) to enforce the limits of your subscribed plan and to provide usage insights within your dashboard.

3.7 Communication

We use your contact information to send you service-related communications including account verification emails, password reset links, billing notifications, plan updates, security alerts, and responses to your support inquiries. We may also send product announcements and updates, from which you can unsubscribe at any time.

3.8 Improving Our Platforms

We analyze aggregated and anonymized usage data to understand how our features are used, identify areas for improvement, diagnose technical issues, and develop new features. This analysis does not involve identifying individual users.

3.9 Legal Compliance

We may process your information to comply with applicable laws, regulations, legal processes, or enforceable governmental requests, and to enforce our terms of service.

4. AI and Data Processing

Our platforms use artificial intelligence to power core features such as content generation, lead analysis, and email drafting. This section explains how your data interacts with AI systems.

4.1 How AI Processing Works

When you use AI features, your prompts, workspace context, and relevant content are sent to AI models for processing. The AI generates outputs (such as social media posts, email drafts, or lead scores) based on this input. The AI does not retain memory of your data between separate requests unless explicitly designed as part of a feature (such as conversation history within a session).

4.2 Your Content Is Not Used for AI Training

Your content, prompts, and data are not used to train, fine-tune, or improve any AI models. AI processing is strictly limited to generating the requested output for your immediate use.

4.3 Third-Party AI Providers

AI processing may involve third-party AI providers, including but not limited to Anthropic (Claude) and OpenAI (GPT). When your data is sent to these providers for processing, it is subject to their respective privacy policies and data handling practices. We select AI providers that commit to not using customer data for model training.

4.4 Platform AI vs. BYOK (Bring Your Own Key)

Atominic offers two AI modes:

• Platform AI: Your data is processed through Atominic's managed AI endpoints. We handle the routing, security, and provider selection on your behalf.
• BYOK (Bring Your Own Key): You provide your own API keys for AI providers. In this mode, your data is sent directly to the provider you have configured, and Atominic acts solely as a conduit. You are responsible for reviewing and accepting the privacy policies of your chosen provider.

5. Data Storage and Security

We take the security of your data seriously and implement industry-standard measures to protect it.

5.1 Data Location

All user data is stored on servers located in India. Our primary hosting infrastructure is operated within Indian data centers.

5.2 Encryption

We employ encryption to protect your data both in transit and at rest:

• In transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS).
• At rest: Sensitive data including API keys, OAuth tokens, and platform credentials are encrypted in our database using industry-standard encryption algorithms.
• Passwords: User passwords are hashed using bcrypt and are never stored in plaintext.

5.3 Multi-Tenant Isolation

Our platforms employ strict organization-level data segregation. Each organization's data is isolated through database-level scoping, ensuring that one organization cannot access another organization's data. Role-based access control within organizations further limits data access to authorized team members based on their assigned roles (owner, admin, or member).

5.4 Backups

We perform regular automated backups of all data to ensure recoverability in the event of hardware failure, software errors, or other incidents. Backups are encrypted and stored securely.

5.5 Security Practices

While no system is completely immune to security threats, we implement reasonable and appropriate technical and organizational measures to protect your data, including but not limited to:

• CSRF (Cross-Site Request Forgery) protection on all forms
• Input validation and sanitization
• Rate limiting on authentication endpoints
• Secure session management
• Regular security updates and patching

6. Data Sharing and Third Parties

6.1 We Do Not Sell Your Data

Atominic Technologies does not sell, rent, or trade your personal information to any third party for marketing, advertising, or any other purpose.

6.2 Third-Party Services

We share your data with third-party services only as necessary to provide the functionality you have requested. These third parties include:

• Social media platforms (Facebook/Meta, Instagram, LinkedIn, Twitter/X) — to publish content you have created and scheduled through our platform
• AI providers (Anthropic, OpenAI) — to process AI generation requests
• Email delivery services (Amazon SES, SMTP providers) — to send emails on your behalf through CRM features
• Payment processors (Razorpay) — to process subscription payments where applicable

Each of these third-party services operates under their own privacy policies. We encourage you to review their respective policies. We only share the minimum data necessary for these services to perform their intended functions.

6.3 Legal Obligations

We may disclose your personal information if required to do so by law, or in the good-faith belief that such action is necessary to:

• Comply with a legal obligation, court order, or governmental request
• Protect and defend the rights or property of Atominic Technologies
• Prevent or investigate possible wrongdoing in connection with our services
• Protect the personal safety of users or the public

6.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website before your information becomes subject to a different privacy policy.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to operate our services effectively. Here is how we use them:

7.1 Essential Cookies

These cookies are strictly necessary for our platforms to function. They include:

• Session cookies: Used for user authentication and maintaining your logged-in state
• CSRF tokens: Used to protect against cross-site request forgery attacks

7.2 Preference Cookies

These cookies store your preferences to enhance your experience:

• Theme preference: Remembering your choice of light or dark mode
• Locale and timezone: Storing your language and timezone settings

7.3 Analytics

We may use analytics tools to understand how our website and platforms are used. This data is collected in aggregate form and does not personally identify individual users.

7.4 No Third-Party Advertising Cookies

We do not use third-party advertising cookies or tracking pixels. We do not serve ads on our platforms, and we do not allow third-party advertisers to place cookies through our services.

8. Your Rights

You have the following rights regarding your personal information. To exercise any of these rights, please contact us at contact@atominic.com.

8.1 Right to Access

You have the right to request a copy of the personal information we hold about you. We will respond to your request within a reasonable timeframe, typically within 30 days.

8.2 Right to Correction

You have the right to request correction of any inaccurate or incomplete personal information we hold about you. You can update most of your account information directly through your account settings.

8.3 Right to Deletion

You have the right to request deletion of your account and associated personal data. Upon receiving a verified deletion request, we will delete your data in accordance with our data retention policy described in Section 9 below.

8.4 Right to Data Portability

You have the right to request an export of your personal data in a commonly used, machine-readable format. This includes your account information, content data, and other information associated with your account.

8.5 Right to Withdraw Consent

Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

8.6 Right to Lodge Complaints

If you believe your privacy rights have been violated, you have the right to lodge a complaint with the relevant data protection authority. In India, you may contact the appropriate authority as designated under the Digital Personal Data Protection Act, 2023, or any successor legislation.

9. Data Retention

9.1 Active Accounts

We retain your personal information for as long as your account remains active and as necessary to provide you with our services. Your content, settings, and usage data are maintained throughout your active subscription period.

9.2 Account Deletion

Upon account deletion (whether initiated by you or due to account termination), we retain your data for a 30-day recovery period. During this period, your data is deactivated but can be restored if you change your mind. After the 30-day period, your data is permanently and irreversibly deleted from our active systems.

9.3 Backup Retention

Deleted data may persist in encrypted backup systems for a limited additional period as part of our standard backup rotation cycle. This data is not accessible or used for any purpose and is permanently purged as backups are rotated.

9.4 Legal Retention

Notwithstanding the above, we may retain certain information for longer periods where required by law (such as tax and financial records, invoicing data, or records required for legal proceedings) or where necessary to protect our legitimate interests.

10. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect, solicit, or store personal information from children under 18 years of age. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at contact@atominic.com, and we will take steps to delete such information from our systems promptly.

11. International Users

Atominic Technologies is based in Gurgaon, Haryana, India, and our servers are located in India. If you access our services from outside India, please be aware that your information will be transferred to, stored, and processed in India.

By using our services, you consent to the transfer of your information to India and acknowledge that your data will be subject to the laws of India, which may differ from the data protection laws of your jurisdiction. We will take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy.

When AI processing involves third-party providers, your data may be temporarily processed in the jurisdiction where the AI provider's servers are located. Please refer to Section 4 for more details on AI data processing.

12. Changes to This Policy

We reserve the right to update or modify this Privacy Policy at any time. When we make material changes, we will:

• Update the "Effective Date" at the top of this page
• Post the revised policy on our website
• Notify registered users via email for significant changes that affect how we handle personal data

Your continued use of our services after any changes to this Privacy Policy constitutes your acceptance of the updated policy. We encourage you to review this page periodically to stay informed about our privacy practices.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please contact us:

• Contact: Service Officer
• Company: Atominic Technologies
• Email: contact@atominic.com
• Location: Gurgaon, Haryana, India

We will respond to all privacy-related inquiries within 30 days of receipt.