ATLATL

Privacy Policy

Last updated: 2026-02-19

This Privacy Policy explains how ATL ("we", "us") collects, uses, and protects information when you use our B2B SaaS platform (the "Service").

1. Who we are (roles)

In most cases, our customers (the workspace owner/organization) are the data controller for Customer Content. ATL acts as a data processor and processes Customer Content only to provide and secure the Service.

2. Information we collect

We collect the following categories of information:

  • Account and workspace information: name, email, authentication details, workspace name/settings, role/permissions.
  • Customer Content: records, descriptions, metadata, approval requests, comments, and related workflow data you submit to the Service.
  • Evidence and attachments: files and links you upload or attach to records (including file metadata such as size and type).
  • External approver data: approver email (and optional name) used to deliver approval requests and display the limited content you choose to share.
  • Usage and security data: IP address, device/user agent, logs, and audit trails needed for security, fraud prevention, and troubleshooting.

3. How we use information

We use information to:

  • Provide, operate, and maintain the Service.
  • Authenticate users, enforce access controls, and prevent abuse.
  • Deliver workflow notifications (e.g., approval emails) and enable audit-ready records and logs.
  • Improve performance, reliability, and user experience.
  • Comply with legal obligations and enforce our terms.

4. External approvers

External approvers only see information that is explicitly shared with them through secure links. Links are time-limited and may be revoked by internal users. We recommend sharing only the minimum necessary information.

5. Billing and payments (Merchant of Record)

Payments may be processed by a Merchant of Record or payment provider (e.g., Paddle). We do not store full payment card details. Billing providers may collect and process payment information under their own privacy policies.

6. Data retention

We retain Customer Content for as long as your workspace remains active, subject to your plan features and workspace settings. You may delete records and attachments within the Service. After cancellation, we may retain data for a limited period for backup, compliance, and dispute resolution, and then delete or anonymize it in accordance with our retention practices.

7. Security

We implement technical and organizational measures designed to protect your information, including access controls, encryption in transit, and audit logging for sensitive actions. No system is 100% secure, and you are responsible for maintaining the confidentiality of your credentials.

8. International transfers

The Service may process and store data in regions where we and our service providers operate. We use reputable providers and reasonable safeguards for cross-border processing.

9. Your rights

Depending on your location, you may have rights to access, correct, delete, or export personal information. Workspace admins may also manage user access and content within their workspace.

10. Contact

If you have questions about this Privacy Policy, contact us at privacy@PENDING_DOMAIN.com.