TERMS
The rules for using Atom9.
These Terms explain how Atom9 accounts, workspaces, AI-assisted building,
customer apps, connected tools, approvals, and compliance duties operate.
Clause numbers are stable references for product notices and customer agreements.
Role mapOne login can reach different places, but each place has its own rules.
PersonHuman userOwns the login and account security choices.
Atom9 accountIdentity layerVerifies email, sessions, providers, and account notices.
WorkspaceCompany controlControls roles, projects, files, and approvals.
Customer appService rulesOwn onboarding, KYC, notices, and launch approval.
Legal anchors: Terms 1.1 defines the personal account, Terms 1.2 defines the workspace, and Terms 1.3 defines the customer app.
1.1 Personal account
A person uses an Atom9 account to sign in, manage login and security methods, receive account notices, and access places where Atom9 login is enabled. Account access belongs to the person, not to a shared mailbox or shared credential.
1.2 Company workspace
A workspace manages projects, content, files, boards, workflows, roles, AI settings, billing references, approvals, connected tools, and customer-app configuration. The workspace owner controls team access and operational settings for that workspace.
1.3 Customer app
A customer app is a site, portal, workflow, booking system, onboarding flow, or other product built or operated with Atom9. It can have its own users, onboarding, notices, service rules, data fields, retention rules, and lawful basis decisions.
1.4 Order of documents
If a signed agreement, order form, data processing agreement, security addendum, or customer-specific statement conflicts with these public Terms, the stricter or more specific signed document controls for that customer relationship.
Terms 2
Access belongs to the person and permissions belong to the workspace.
2.1 Identity methods
Atom9 supports password, magic link, OIDC, passkey, and other approved login methods depending on account, workspace, and customer-app configuration.
2.2 Verification and provider linking
Atom9 verifies email addresses during account creation and when account security or provider linking requires confirmation. Atom9 does not silently merge external login providers into an existing account. The user must prove control before a provider is linked.
2.3 Workspace roles
Workspace owners and admins assign access. Atom9 enforces role and permission boundaries in the product and backend routes. Users must only access data they are authorised to use.
2.4 Credential protection
Users must protect credentials, passkeys, recovery methods, devices, and sessions. Users must notify the workspace owner or Atom9 when they believe an account, token, session, or connected provider has been compromised.
2.5 Suspension and restriction
Atom9 may restrict or suspend access when needed to protect users, customers, data, legal compliance, service availability, provider trust, or platform integrity.
2.6 Account closure
Users and customers can request closure, export, or deletion where contract, security, retention, accounting, backup, and legal obligations allow it. Workspace-owned records remain subject to workspace and customer-app rules.
Terms 3
AI-assisted work stays explainable, reviewable, and under human control.
Agent pathThe agent can move work forward, but review gates control what becomes real.
DefineAsk questionsCapture goal, audience, data, and risk.
DraftCreate proposalSpec, plan, pages, tasks, or workflows.
ReviewExplain resultShow what changed and why it matters.
ApproveHuman decisionApprove, reject, or request changes.
RecordAudit trailSave chat, decision, version, and next action.
Legal anchors: Terms 3.3 governs approval gates and Terms 3.4 governs the project audit history.
3.1 Define
Atom9 asks for the information needed to understand the requested project, including audience, goals, pages, workflows, data, risk, and compliance context where relevant.
3.2 Draft
Atom9 can generate plans, content, forms, workflows, tasks, implementation material, test notes, and compliance checklists from user instructions and project context.
3.3 Approval gates
Atom9 uses approval gates for plans, launches, sensitive content, regulated workflows, customer-facing changes, and actions that need a human decision.
- Each gate explains what is being approved, rejected, or sent back for changes.
- Each gate records the user, time, decision, and next system action.
- Rejected or changed work returns to the agent workflow instead of being treated as final.
3.4 Audit history
Atom9 records important prompts, answers, decisions, approvals, generated assets, tool actions, tests, and launch checks with enough context to explain why a project changed.
3.5 Human responsibility
Customers remain responsible for the services they operate, the instructions they give, the content they approve, the data they collect, and the legal basis for their customer relationships.
3.6 No silent regulated automation
Atom9 does not treat AI output as final for sensitive, regulated, customer-facing, or high-impact workflows unless the configured product flow includes the required human review and approval.
Terms 4
Customer apps need service-specific notices, data rules, and launch approval.
4.1 Customer service purpose
The customer operating a customer app decides the service purpose, which users it serves, what data it requires, which law applies, and which notices are shown to its users.
4.2 Service-specific KYC
Atom9 account KYC remains limited to the data needed for Atom9 accounts. Extra customer KYC, such as address, eligibility, documents, sector questions, or service-specific profile fields, belongs to the customer app flow.
4.3 Customer notices
Customer apps must show the privacy, cookie, terms, consent, AI transparency, and sector-specific notices required for that customer service. Atom9 provides tools to create, update, store, and display those notices.
4.4 Launch approval
The customer approves customer-facing content, collection forms, workflow logic, AI explanations, notifications, automations, and launch checks before the customer app becomes live.
Terms 5
Atom9 cannot be used to harm people, evade law, or hide material facts.
5.1 Lawful use
Users must not use Atom9 to build, publish, automate, or support illegal services, fraud, harassment, credential abuse, malware, spam, deceptive activity, or unlawful surveillance.
5.2 No hidden impersonation
Customer apps must not mislead people about who operates the service, what service is being provided, what data is collected, or when AI materially created or changed a customer-facing workflow.
5.3 Restricted data
Secrets, passwords, payment data, health data, financial data, special-category data, child data, and regulated records may be processed only in workspaces configured for that purpose and only with an appropriate lawful basis.
5.4 System boundaries
Users must not probe, overload, scrape, bypass, reverse engineer, attack, or interfere with Atom9 or connected services except through approved developer interfaces and agreed security testing channels.
5.5 Prohibited AI use
Users must not use Atom9 to create or deploy AI workflows for unlawful manipulation, unlawful discrimination, social scoring, prohibited biometric use, illegal profiling, or other uses prohibited by applicable AI, privacy, consumer, or sector law.
- Atom9 does not support workflows intended to materially deceive, exploit, or manipulate people unlawfully.
- Atom9 does not support social scoring, prohibited biometric categorisation, or unlawful biometric identification workflows.
- Atom9 does not support workflows designed to avoid transparency, human oversight, consent, or sector duties.
5.6 Third-party rights
Users must not upload, generate, publish, or automate material that violates intellectual property, privacy, confidentiality, contractual obligations, platform rules, or rights of another person.
Terms 6
Atom9 follows privacy, security, and AI compliance obligations as normal operation.
6.1 Data minimisation
Atom9 collects and processes the data needed to provide accounts, workspaces, customer apps, security, billing, support, audit trails, and agreed platform functions.
6.2 Security controls
Atom9 applies account security, session controls, role boundaries, service authentication, audit records, provider controls, and operational safeguards to protect platform data.
6.3 Legal cooperation
Atom9 handles lawful requests, data subject requests, incident response, exports, deletion, and customer compliance support through documented workflows.
6.4 Retention
Atom9 keeps records for the period required by the account, workspace, customer app, security, audit, billing, support, legal, backup, or dispute purpose that applies to the record.
Terms 7
Atom9 evolves the platform and communicates material changes clearly.
7.1 Feature changes
Atom9 may add, change, limit, or retire features as the platform improves, as laws change, as provider conditions change, or as security requires.
7.2 Material notices
Atom9 provides clear notice for material account, security, billing, compliance, data-processing, or service changes through appropriate account, workspace, email, or product channels.
7.3 Support and exports
Support, data exports, deletion requests, and security questions are handled through account, workspace, customer agreement, or agreed support channels.
7.4 Service information
Atom9 provides product information, controls, and documentation to help customers make compliant decisions. Customers obtain their own legal, sector, tax, and professional advice for the services they operate.