Privacy Policy

Atmita ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our service.

Account Information: When you sign in, we receive your name, email address, and profile information from your authentication provider (Google or Apple).

User Content: We store the content you create within the Service, including prompts, chat messages, automation configurations, agent settings, agent memories, generated images and media, and feed items.

Chat History: Your conversations with the AI assistant are stored in our database to provide continuity across sessions.

Automation Data: When automations run, we store execution logs including inputs, outputs, tool calls, results, token usage, and credit usage.

Device and Analytics Information: We may collect browser and device information, IP address, user agent, referrer, landing page source, landing page version, and event metadata for security, debugging, abuse prevention, and product analytics. Some marketing-page analytics use an anonymous visitor identifier stored in your browser.

Integration Data: When you connect third-party accounts (such as Gmail, GitHub, or Google Calendar), we store references to those connections, account labels, and related settings. OAuth tokens for connected third-party accounts are stored by Composio, our integration provider. For API-key or token-based integrations, the authentication values you provide may be sent to and stored by Composio. If you save API keys or credentials directly in Atmita, we store those values and related labels so the Service can use them at your direction.

Payment and Subscription Data: If you subscribe to a paid plan, MyFatoorah processes payment-card entry and card vaulting. We store subscription records, plan and billing status, amount and currency, invoice and payment identifiers, saved-card tokens used for renewals, cancellation and retry state, and payment event metadata.

Push Notification Data: If you enable push notifications, we store your push subscription endpoint, browser push keys, user agent, and active status so notifications can be delivered.

Usage Metrics: We collect usage statistics, such as the number of messages sent, chats created, automations run, images generated, and credits consumed.

Atmita provides an "Improve Atmita" setting (found in Settings) that controls how our team accesses your data:

• When enabled: Our team may review your content - including chat messages, images, prompts, and automation inputs and outputs - to diagnose issues, improve the Service, and develop new features.
• When disabled: We do not review your content for product-improvement purposes in ordinary admin workflows. We continue to collect and view usage metrics such as message counts, automation counts, credit usage, and similar operational data. Your chats, images, inputs, and outputs remain stored to provide the Service to you.

Regardless of this setting, your data is always stored as described in "Information We Collect" in order to provide the Service. The "Improve Atmita" setting controls whether our team reviews that content for improvement purposes.

Aggregate and account-level usage metrics are always collected under both settings to maintain the Service, enforce usage limits, process billing, and understand overall usage patterns. The setting does not prevent automated processing by the Service or limited access where needed for security, abuse prevention, legal compliance, billing, or support requests you submit.

We use your information to:

• Provide and maintain the Service
• Manage your account and usage limits
• Process subscriptions, renewals, cancellations, and payment issues
• Send you important updates about the Service
• Deliver push notifications if you enable them
• Run AI features, integrations, stored credentials, and automations at your direction
• Improve the Service (if you have enabled "Improve Atmita," we may review your content for this purpose; otherwise we rely on aggregate metrics only)
• Detect and prevent fraud or abuse
• Comply with legal obligations

We always collect usage metrics to maintain and improve the Service. We do not use your data for advertising. We do not send marketing emails. We may send transactional emails about your account, subscription, payment status, price changes, security, or important Service changes.

Our Service uses AI to process your requests, automate tasks, generate images and cover images, transcribe voice messages, and perform web searches. When you use AI features, your prompts, messages, files, audio, images, tool results, and other relevant context may be sent to third-party AI providers to generate responses. These providers currently include Anthropic (Claude) and OpenAI, though we may change, add, or remove providers at any time.

When you use image generation features, your prompts and relevant context are sent to AI providers to create images. Generated images may be stored in our database and storage buckets, and media you choose to publish or share may be copied to publicly accessible storage. When you use voice input, audio is sent to an AI provider for transcription. When you use AI web search, your search queries are sent to external search services through these providers.

Your content is processed to provide the Service to you. We do not use your content to train our own AI models. Third-party AI providers may have their own data handling policies, which we encourage you to review.

The Service allows you to connect third-party accounts (such as Gmail, GitHub, Google Calendar, Slack, and others) through Composio, an integration platform. When you connect a third-party account:

• You are redirected to the third-party service to authorize access via OAuth. Composio handles the OAuth flow and stores the resulting access tokens and credentials on its infrastructure - we do not store those OAuth tokens.
• Your user identifier is shared with Composio to manage your connections and execute actions on your behalf.
• When the Service performs actions on a connected account (such as sending an email or creating a calendar event), the action parameters are sent to Composio, which executes them using your stored credentials.
• For integrations that use API keys, bearer tokens, or similar credentials instead of OAuth, the authentication values you provide may be sent to and stored by Composio.
• If you store API keys, usernames, passwords, or other credentials directly in Atmita, we store them in our database and may retrieve them for AI tools and automations you request.

You can disconnect third-party accounts and remove saved credentials from Settings where supported. Disconnecting removes the connection reference from our database. For deletion of credentials stored by Composio, you may contact them at tech@composio.dev.

Your use of connected third-party services is also subject to those services' own terms and privacy policies. Composio's privacy policy is available at composio.dev/privacy.

When you use AI agents and automations, the Service stores execution logs and agent memories. This includes:

• Records of automation runs and their results
• Agent memory logs that help the AI maintain context across sessions
• These logs may be included in future AI prompts to improve the relevance of your automations

You can view and manage your agent logs within the app.

With your permission, we may send push notifications to your device about automation results and other Service updates. This requires:

• Your explicit consent via the browser notification prompt
• Storage of your push subscription endpoint, browser push keys, user agent, and active status in our database

You can disable push notifications at any time through your browser or device settings.

Your data is stored and processed using third-party infrastructure providers, currently including Supabase for database, authentication, and storage, and Google Cloud for backend services. We use encryption for data in transit (TLS/SSL). We implement access controls and authentication safeguards to protect your data.

While we take reasonable measures to protect your information, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

We do not sell your personal information. We may share your information with:

• AI Providers: Third-party AI providers (currently including Anthropic and OpenAI) receive your prompts and content as necessary to provide AI features
• Integration Provider: Composio receives your user identifier, authentication values where applicable, and action parameters when you use connected third-party accounts, and stores credentials for those accounts (see "Third-Party Integrations")
• Payment Provider: MyFatoorah processes payments and card vaulting, and receives information necessary to complete and renew transactions
• Email Provider: Transactional email providers, currently Resend, help us send account, billing, and Service emails
• Analytics and Network Providers: Service analytics, IP lookup, and geolocation providers may receive technical data such as IP address, user agent, referrer, and event metadata
• Infrastructure Providers: Third-party infrastructure providers (currently including Supabase and Google Cloud) host and process your data
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets

We retain your data for as long as your account is active. Chat history, automation logs, generated images, payment records, integration records, saved credentials, and agent memories may be stored indefinitely while your account exists, as they are needed to provide ongoing Service functionality, billing, security, and audit history. If you would like specific data deleted, contact us at support@atmita.com.

Subject to legal and technical constraints, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and associated data
• Request a copy of the personal data we hold about you, where technically feasible

Note that we may be unable to delete data we are legally required to retain or data embedded in backups and archived systems.

To exercise these rights, contact us at support@atmita.com. We will respond to your request within a reasonable timeframe.

We use your browser's local storage and IndexedDB to maintain your session, save preferences (such as theme and layout settings), store local app state, remember landing-page attribution, keep anonymous analytics identifiers, and cache data locally for faster loading. This may include cached chat messages, feed images, UI state, notification preferences, and authentication state. We do not use your data for advertising.

The Service is not intended for users under 13 years of age. We do not knowingly collect information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete it.

Your information may be transferred to and processed in countries other than your own, as our infrastructure providers operate globally. By using the Service, you consent to the transfer of your information to these locations.

We may update this Privacy Policy from time to time. Changes will be reflected on this page with an updated date. Continued use after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at support@atmita.com.