1.1 Account data
Atom9 processes name, email, login method, password credential metadata where used, OIDC identifiers, passkey records, sessions, verification status, device information, and security events.
PRIVACY
Atom9 runs identity, workspaces, AI-assisted project work, customer apps, files, approvals, contacts, and connected tools. This notice explains what data Atom9 handles, why it is used, who can access it, and how people exercise their rights.
June 27, 2026. Atom9 applies privacy by design, data minimisation, purpose limitation, access control, auditability, and security safeguards across account, workspace, and customer-app processing.
Legal anchors: Privacy 1 defines data categories, Privacy 2 defines purposes, and Privacy 6 defines rights handling.
Atom9 processes name, email, login method, password credential metadata where used, OIDC identifiers, passkey records, sessions, verification status, device information, and security events.
Atom9 processes company profile, workspace settings, team access, roles, billing references, connected apps, notification settings, privacy choices, and admin actions.
Atom9 processes prompts, chat history, plans, tasks, cards, boards, generated pages, atoms, files, images, approvals, launch checks, activity history, and tool results as project data.
Atom9 processes contacts, companies, relationships, notes, and communication context in the network area. Contacts do not become login users unless an invitation or account flow creates access.
Customer apps can collect bookings, forms, onboarding answers, profile fields, service-specific KYC, documents, customer messages, payment references, and operational records required for the customer service.
Atom9 processes logs, errors, audit records, abuse-prevention signals, email delivery events, security monitoring, performance data, support communications, and provider events as operational data.
Atom9 authenticates users, verifies emails, manages sessions, links approved providers, prevents abuse, and routes people to the correct workspace or customer app. The legal basis is contract performance, legitimate interest in security, and legal obligation where applicable.
Atom9 provides projects, content, files, AI-assisted workflows, approvals, roles, support, and connected tools. The legal basis is contract performance for Atom9 customers and processor instructions where a customer controls the workspace data.
Customer apps collect the data required for the customer service. The customer defines the lawful basis for its own users, and Atom9 processes that data according to the customer configuration and applicable agreement.
Atom9 detects suspicious activity, enforces permissions, preserves audit trails, handles legal requests, responds to incidents, and maintains records. The legal basis is legitimate interest, legal obligation, contract performance, and establishment or defence of legal claims where relevant.
Atom9 stores optional preference and analytics choices only according to the consent or preference mechanism shown to the user, except where storage is strictly necessary or explicitly requested by the user.
AI agents use prompts, selected files, prior decisions, project records, tool outputs, and workspace settings needed for the requested task.
Material AI work is shown in chat, tasks, approval gates, project history, generated content records, or tool records where the product flow requires it.
Workspace configuration controls which AI providers and models are used. Provider identity, model identity, tool use, prompt context, and relevant settings are tracked where needed.
Users must not place secrets, passwords, payment card data, health data, financial records, special-category data, or confidential third-party material into AI prompts unless the workspace is configured for that processing and the user is allowed to provide it.
Regulated sectors, special-category data, financial data, health data, child data, or high-impact decisions require stronger setup, review, and approval controls.
Workspace owners, admins, and permitted team members can see data according to their role, permissions, and project access.
When a user signs in to a customer app through Atom9, the app receives the account fields, claims, roles, and onboarding fields displayed or required for that flow.
Infrastructure, email, search, file storage, AI model, observability, support, security, and payment providers process data only to provide the relevant service.
Atom9 may use, disclose, or preserve data when required for security, fraud prevention, legal requests, disputes, incident response, compliance, or platform integrity.
Atom9 does not sell personal data as a hidden product feature. Advertising or marketing tracking requires clear disclosure and consent where required.
Atom9 designs the service for EU privacy and AI compliance. Where personal data is transferred outside the EU/EEA, Atom9 uses appropriate safeguards such as adequacy decisions, Standard Contractual Clauses, transfer risk review, or equivalent lawful mechanisms.
Atom9 keeps personal data for as long as needed for accounts, workspaces, customer apps, security, audit trails, billing, support, legal obligations, dispute handling, and backup recovery.
Atom9 deletes or anonymises data when the purpose ends and retention is no longer required. Some records remain for security, accounting, compliance, legal claims, or backup ageing.
Deleted data can remain in encrypted or access-limited backups for a limited recovery period before it ages out according to backup lifecycle rules.
Rights can include access, correction, deletion, restriction, objection, portability, consent withdrawal, complaint handling, and information about automated processing.
Atom9 handles requests about Atom9 account data through Atom9 account, privacy, support, or security channels.
If a customer controls the data, Atom9 helps the customer respond according to the data processing agreement and the configured product flow.
Atom9 verifies requester identity and authority before disclosing, exporting, correcting, or deleting personal data where verification is required.
Atom9 uses authentication, session controls, role boundaries, service authentication, and permission checks to limit access.
Atom9 records important account, workspace, project, AI, approval, and operational events as an audit trail so decisions can be explained later.
Atom9 investigates security events, contains impact, preserves evidence, and notifies affected customers, users, or authorities where required.
Atom9 limits personnel and provider access, validates important changes, preserves audit trails, uses backups, monitors operation, and applies infrastructure controls to maintain service availability.
Privacy
You can change this later from the footer. Read the Cookie Policy and Privacy Policy.