Privacy Policy

1. Information We Collect

Account Information

When you create an account, we collect your email address for authentication. If you choose to add a display name or profile picture, that information is also stored. We do not require your real name, phone number, or physical address.

Content You Create

Everything you put into Atrium — workspaces, pages, notes, links, tasks, contacts, calendar events, and widget settings — is stored in our database so we can display it to you across your devices. This content belongs to you.

Payment Information

If you subscribe to a paid plan, your payment is processed by Stripe. We never see or store your full credit card number. Stripe provides us only with a reference ID, the last four digits of your card, and your billing status so we can manage your subscription.

Automatically Collected Data

When you use Atrium, we may automatically collect:

• Device information: Browser type, operating system, and screen size
• Usage information: Features you use, pages you visit within the app, and timestamps
• IP address: Used for security purposes (rate limiting, fraud detection) and approximate location for weather widgets

Cookies and Local Storage

We use essential cookies and browser local storage to keep you logged in, remember your preferences (like light/dark theme and sidebar state), and ensure the app functions properly. We do not use advertising cookies or third-party tracking cookies.

2. How We Use Your Information

We use your information to:

• Provide the Service: Store and display your workspaces, sync data across devices
• Authenticate you: Log you in and keep your session active
• Process payments: Manage your subscription through Stripe
• Send transactional emails: Share invitations, password resets, and subscription confirmations
• Improve the Service: Understand which features are used to make Atrium better
• Protect security: Detect and prevent abuse, unauthorized access, and fraud
• Provide support: Respond to your questions and fix issues

We will never use your content (notes, tasks, links, etc.) for advertising, AI training, analytics, or any purpose other than showing it to you.

3. Third-Party Services

We use a small number of trusted services to operate Atrium. Each receives only the minimum data needed to perform its function:

Each of these services has their own privacy policy. We select providers with strong privacy and security practices. Vercel Analytics and Speed Insights are used to understand which pages are slow and which features are visited — they intentionally collect no cookies and no personally identifiable information; the truncated IP is used only to count unique visits and is discarded. Sentry is used only when something breaks: it captures the technical details of an error so we can fix it, with personal information scrubbed before transmission.

4. Data Sharing

We do not sell, rent, or trade your personal data. Period.

We may share your information only in these specific circumstances:

• Service Providers: Only the third-party services listed above, and only the minimum data required for their function
• Shared Pages: If you choose to share a page with others, the content on that page becomes accessible to people you share it with
• Legal Requirements: We may disclose information if required by law, subpoena, or valid legal request
• Business Transfers: In the event of a merger, acquisition, or sale, your data may be transferred. We would notify you before this happens

5. Data Security

We implement industry-standard security measures to protect your data:

• All data is transmitted over encrypted HTTPS/TLS connections
• Passwords are hashed and never stored in plain text
• Row-level security ensures you can only access your own data
• We use secure, enterprise-grade infrastructure
• Rate limiting protects against abuse
• Content Security Policy headers prevent cross-site scripting
• Session idle timeout after 30 minutes of inactivity

While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security, but we take every reasonable precaution.

6. Your Rights

You have the following rights regarding your personal data:

• Access: View and manage all your data within the app at any time
• Export: Download all your data as a JSON file from Settings → Export Data
• Correction: Edit your information directly in the app
• Deletion: Delete your account and all associated data from Settings → Danger Zone
• Portability: Take your exported data to any other service

We will respond to any rights request within 30 days. Contact us at support@enteratrium.com if you need assistance exercising any of these rights.

7. Data Retention

Here's how long we keep your data:

• Active account: Your data is kept for as long as your account is active
• Deleted items: When you delete workspaces, pages, or widgets, they are recoverable in your Recently Deleted folder for 30 days, then permanently removed
• Account deletion: When you delete your account, all data is permanently removed immediately
• Payment records: Stripe retains billing records as required by financial regulations

We do not retain unnecessary data beyond what's needed to provide the Service.

8. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to Know: You can request details about what personal information we collect and how we use it
• Right to Delete: You can request deletion of your personal information
• Right to Correct: You can request correction of inaccurate personal information
• Right to Non-Discrimination: We will not treat you differently for exercising your privacy rights

We do not sell or share your personal information as defined by the CCPA. We do not use your data for targeted advertising. There is no need to opt out because we never sell your data in the first place.

9. International Users

Atrium's infrastructure is hosted in the United States. If you use the Service from outside the US, your data may be transferred to and stored in the United States. By using the Service, you consent to this transfer. We apply the same privacy protections to all users regardless of location.

10. Children's Privacy

Atrium is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@enteratrium.com and we will delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. For minor changes, we will update the "Effective" date at the top of this page. For material changes that affect how we handle your data, we will notify you via email at least 30 days in advance. We encourage you to review this policy periodically.