Privacy Policy

1. Definitions

• "Personal Data" means any information that identifies, relates to, describes, or could reasonably be linked to you as an individual.
• "Processing" means any operation performed on Personal Data, including collection, recording, organisation, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, erasure, or destruction.
• "Controller" refers to Atominic Technologies, which determines the purposes and means of processing Personal Data.
• "Third-Party Service" means any external platform, API, or service provider we integrate with or rely upon.
• "AI-Generated Content" means text, suggestions, reports, or other outputs produced by artificial intelligence models through the Platform.
• "BYOK" means Bring Your Own Key, referring to user-supplied API credentials for third-party AI services.

2. Information We Collect

2.1 Information You Provide Directly

• LinkedIn OAuth Data: When you sign in via LinkedIn, we receive your name, email address, LinkedIn profile URL, profile picture URL, headline, and OAuth access tokens as authorised by LinkedIn's API scopes.
• Profile & Preferences: Voice profile descriptions, content themes, target audience, services offered, industry, posting schedule, and communication preferences you configure during onboarding or in settings.
• WhatsApp Number: If you opt to receive coaching via WhatsApp, we collect and verify your phone number.
• Team Information: If you create or join a team, we collect team name, company details, brand guidelines, and member invitations (email addresses).
• Prospect Watchlist Data: Names, LinkedIn URLs, headlines, and notes about prospects you add to your watchlist.
• DM Templates: Message templates you create, including any personalised content.
• Billing Information: Payment details processed through Razorpay. We do not store full credit/debit card numbers on our servers; Razorpay handles payment data per PCI-DSS standards.
• BYOK API Keys: If your plan includes BYOK, your third-party API keys are encrypted at rest using AES-256-CBC encryption.
• Support Communications: Any information you provide when contacting us at contact@atominic.com.

2.2 Information We Collect Automatically

• Usage Data: Pages visited, features used, timestamps, session duration, referral URLs, and interaction patterns.
• Device & Technical Data: IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
• Cookies & Local Storage: We use session cookies for authentication and local storage for theme preferences (dark/light mode). We do not use third-party tracking cookies.
• Log Data: Server logs including HTTP request details, error logs, and performance metrics.

2.3 Information from Third-Party Services

• LinkedIn API: Post performance metrics (impressions, likes, comments, shares), profile data, and engagement statistics fetched via LinkedIn's APIs under your OAuth authorisation.
• WhatsApp Business API (Meta): Message delivery status, read receipts, and inbound message content processed through the Meta Cloud API.
• Razorpay: Payment confirmation, subscription status, invoice data, and webhook events.

2.4 AI-Processed Information

• AI Inputs: Your voice profile, content themes, target audience, post history, and engagement data are sent to Anthropic's Claude API (or your BYOK provider) to generate content.
• AI Outputs: Generated posts, DM suggestions, engagement comments, analytical reports, and coaching recommendations.
• We do not train AI models on your data. Data sent to Anthropic's API is processed under their usage policy and is not used for model training when accessed via their API.

3. How We Use Your Information

We process your Personal Data for the following purposes:

• Service Delivery: To authenticate your account, generate AI-powered LinkedIn content, deliver engagement tasks, send coaching messages via WhatsApp, provide analytics, and operate all Platform features.
• Personalisation: To tailor content generation to your voice, audience, themes, and schedule preferences.
• Team Collaboration: To enable team workflows including content distribution, approval processes, shared watchlists, and cross-member analytics.
• Analytics & Insights: To compile performance dashboards, engagement heatmaps, AI reports, and trend analyses from your LinkedIn data.
• Communication: To send you daily posts, engagement reminders, warm lead alerts, approval notifications, and system updates via WhatsApp and/or email.
• Billing & Subscriptions: To process payments, manage subscriptions, generate invoices, and enforce usage limits.
• Security & Fraud Prevention: To detect and prevent unauthorized access, abuse, and fraudulent activity.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests.
• Service Improvement: To analyse aggregate, anonymised usage patterns to improve the Platform. We do not use your individual Personal Data for this purpose without separate consent.

4. Legal Basis for Processing

• Contractual Necessity: Processing necessary to perform our contract with you (providing the Service).
• Consent: Where you have given specific consent (e.g., WhatsApp opt-in, LinkedIn OAuth authorisation).
• Legitimate Interests: For security, fraud prevention, service improvement, and analytics, where our interests do not override your fundamental rights.
• Legal Obligation: Where processing is required to comply with Indian law, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 (DPDPA).

5. Data Sharing & Disclosure

We do not sell, rent, or trade your Personal Data. We share data only as follows:

5.1 Service Providers & Sub-Processors

5.2 Team Members

If you are part of a team, your team administrator may view your post content, engagement metrics, analytics, and approval status. Shared watchlists, DM templates, and content libraries are visible to other team members as configured by the team admin.

5.3 Legal Requirements

We may disclose your data if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Atominic, our users, or the public.

5.4 Business Transfers

In the event of a merger, acquisition, reorganisation, bankruptcy, or sale of assets, your Personal Data may be transferred to the successor entity. We will notify you of any such change.

6. Data Retention

• Account Data: Retained for the duration of your account and for 90 days after deletion to allow for recovery.
• Posts & Content: Retained as long as your account is active. Deleted posts are soft-deleted and permanently purged after 30 days.
• Analytics & Snapshots: Performance data is retained for up to 12 months. Aggregate, anonymised analytics may be retained indefinitely.
• WhatsApp Messages: Message logs are retained for 6 months for support and debugging, then permanently deleted.
• Billing Records: Invoices and transaction records are retained for 8 years as required by Indian tax law.
• Server Logs: Retained for 30 days, then automatically rotated and deleted.
• BYOK API Keys: Deleted immediately when you remove them from settings, or when your account is deleted.

7. Data Security

We implement commercially reasonable technical and organisational measures to protect your data. All data is stored on servers located in India, ensuring compliance with Indian data localisation requirements.

Our security measures include:

• Encryption in Transit: All connections use TLS 1.2+ (HTTPS).
• Encryption at Rest: BYOK API keys are encrypted using AES-256-CBC. Database credentials and sensitive configuration values are encrypted.
• Authentication: LinkedIn OAuth 2.0 with PKCE. Session tokens with secure, HTTP-only, same-site cookies. OTP verification for WhatsApp.
• Access Control: Role-based access (user, team admin, super admin). Team members can only access data within their team scope.
• Rate Limiting: API endpoints and authentication routes are rate-limited to prevent brute-force attacks.
• CSRF Protection: All state-changing requests require valid CSRF tokens.
• Input Validation: All user inputs are validated and sanitised server-side using Laravel Form Requests.

No Absolute Guarantee: Despite these measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security and shall not be liable for any breach caused by sophisticated attacks, zero-day vulnerabilities, or force majeure events beyond our reasonable control.

8. Your Rights

Under the Digital Personal Data Protection Act, 2023 (DPDPA) and other applicable laws, you have the following rights:

• Right to Access: Request a copy of the Personal Data we hold about you.
• Right to Correction: Request correction of inaccurate or incomplete Personal Data.
• Right to Erasure: Request deletion of your Personal Data, subject to legal retention obligations.
• Right to Withdraw Consent: Withdraw consent for WhatsApp messaging, LinkedIn OAuth, or other consent-based processing at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
• Right to Grievance Redressal: Lodge a complaint with us or with the Data Protection Board of India.
• Right to Nominate: Nominate another person to exercise your rights in the event of your death or incapacity, as provided under the DPDPA.

To exercise any of these rights, contact us at contact@atominic.com. We will respond within 30 days.

9. Children's Privacy

The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect Personal Data from minors. If we become aware that we have collected data from a person under 18, we will promptly delete it. If you believe a minor has provided us with Personal Data, please contact us immediately.

10. International Data Transfers

All your Personal Data is primarily stored on servers located in India. Our hosting infrastructure is provided by Hostinger with data centres in India, ensuring that your data remains within Indian jurisdiction. However, your data may be processed by third-party service providers located outside India for specific purposes, including:

• Anthropic (United States) — AI processing
• Meta (United States) — WhatsApp messaging
• LinkedIn / Microsoft (United States) — OAuth and publishing

These transfers are necessary for the performance of the Service. We rely on the data protection policies and contractual safeguards of these providers. By using the Service, you consent to the transfer of your data to these jurisdictions.

11. Cookies & Tracking Technologies

• Essential Cookies: Session cookies for authentication and CSRF protection. These are strictly necessary and cannot be disabled.
• Local Storage: Used to store your theme preference (dark/light mode). No tracking purpose.
• No Third-Party Tracking: We do not use Google Analytics, Facebook Pixel, or any third-party tracking or advertising cookies.

12. Third-Party Links & Services

The Platform may contain links to third-party websites or services (e.g., LinkedIn profiles, external articles). We are not responsible for the privacy practices, content, or security of those third-party services. We encourage you to read their privacy policies independently.

13. AI-Specific Disclosures

• AI Content is Generated, Not Authored: All posts, comments, DM suggestions, and reports generated by the Platform are produced by AI models (Anthropic Claude). They may contain inaccuracies, biases, or inappropriate content despite our best efforts.
• Human Review Recommended: You are solely responsible for reviewing, editing, and approving all AI-generated content before publication.
• No AI Decision-Making: The Platform does not make automated decisions that produce legal effects or similarly significant effects on you.
• Data Sent to AI Providers: Your profile context and preferences are sent to Anthropic's Claude API for processing. Anthropic's API does not use this data for model training. If you use BYOK, data is sent to your specified provider under their terms.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. For material changes, we will make reasonable efforts to notify you via WhatsApp or email. Your continued use of the Platform after changes constitutes acceptance of the updated policy.

15. Grievance Officer

In accordance with the Information Technology Act, 2000 and the DPDPA, 2023, the Grievance Officer for the purpose of this Privacy Policy is:

16. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at: