Privacy Policy
This Privacy Policy explains how Atmakosh LLC ("Atmakosh", "we") collects, uses, and protects personal data when you use the Atmakosh website and platform (the "Services"). By using the Services you agree to this Policy and our Terms of Use.
1. Information we collect
- Account data: email, organisation name, chosen market/region, subscription tier, and authentication data (passwords are stored only as salted hashes).
- Usage & content: the questions and context you submit to the Council, the decisions and audit records generated for you, and product-usage metrics.
- Technical data: IP address, device/browser information, and log data, used for security, rate-limiting, and reliability.
- Payment data: handled by our payment processors; we do not store full card numbers.
2. How we use it
- to provide, secure, maintain, and improve the Services;
- to operate governance, audit, and human-oversight features you request;
- to authenticate you, enforce plan/region entitlements, prevent abuse, and meet legal obligations;
- to communicate service, security, and (where you opt in) product updates.
3. Legal bases
Where the GDPR/UK GDPR applies, we process personal data to perform our contract with you, for our legitimate interests (securing and improving the Services), to comply with law, and with your consent where required (e.g., certain communications).
4. Sharing
We do not sell personal data. We share it only with service providers who process it on our behalf under contract — for example, cloud hosting, model-inference providers, and payment processors — and where required by law or to protect rights and safety. Some providers may process data outside your country under appropriate safeguards.
5. Retention
We retain account and audit data for as long as your account is active and as needed for the audit-trail integrity the Services provide, then for the period required by law or legitimate business need, after which it is deleted or anonymised.
6. Security
We use technical and organisational measures including encryption in transit, hashed credentials, per-tenant data isolation, access controls, and tamper-evident audit logging. No method of transmission or storage is perfectly secure.
7. Your rights
Subject to your jurisdiction (including GDPR/UK GDPR and US state laws such as the CCPA/CPRA), you may have rights to access, correct, delete, port, or restrict processing of your personal data, and to object or withdraw consent. To exercise these, contact privacy@atmakosh.com. You may also lodge a complaint with your data-protection authority.
8. Children
The Services are not directed to children under 18, and we do not knowingly collect their personal data.
9. Changes & contact
We may update this Policy; material changes will be posted here with a new date. Contact: Atmakosh LLC — privacy@atmakosh.com.