Privacy Policy

Last updated: April 23, 2026

1. Information We Collect

Account Information

  • Email address
  • Username
  • Account password (hashed and salted — we never store plaintext)
  • Optional: full name, avatar URL

Usage Data

  • AI chat conversations and message history
  • Assistant configurations and training data
  • API usage metrics (message count, token usage, endpoint calls)
  • Feature interactions (which tools you use)

Technical Data

  • IP address (temporarily logged for security)
  • Browser type and version
  • Device information
  • Cookies and session tokens (for authentication only)

2. How We Use Your Data

  • Provide the service: Run AI assistants, process conversations, manage accounts
  • Improve the platform: Analyze usage patterns to optimize performance and UX
  • Customer support: Respond to inquiries and troubleshoot issues
  • Billing: Process subscriptions and payments via Stripe
  • Security: Detect and prevent abuse, unauthorized access, and attacks
  • Legal compliance: Meet regulatory obligations

3. Data Sharing

We do NOT sell your personal data. We share data only with:

  • Stripe: Payment processing (credit card info goes directly to Stripe — we never see it)
  • DeepSeek AI: AI inference (anonymized prompts for generating responses)
  • Ollama: Local AI inference (data stays on our server, not shared externally)
  • Service providers: Hosting, monitoring, and email services (if applicable)

4. Data Retention

  • Account data: Retained until account is deleted
  • Chat messages: Retained for session continuity; deleted 30 days after account deletion
  • API logs: Retained for 90 days for security auditing
  • Backup data: Retained for 30 days
  • You can delete your assistant data at any time

5. AI Training & Data

Important: We DO NOT train our models on your data.

Your conversations, training materials, and assistant configurations are never usedto train or fine-tune our AI models. Each AI response is generated in real-time using the prompt context you provide combined with the underlying LLM (DeepSeek or Ollama). Your data remains private to your account.

6. Security Measures

  • Passwords hashed with bcrypt (industry standard)
  • JWT tokens with expiration for API authentication
  • All traffic encrypted via HTTPS (SSL/TLS)
  • Database hosted on private network (not exposed publicly)
  • API key authentication for programmatic access
  • Regular security updates and monitoring
  • Rate limiting to prevent abuse

7. Cookies

We use essential cookies only for authentication (JWT token storage). We do not use tracking cookies, analytics cookies, or third-party advertising cookies. You can disable cookies in your browser, but this will break authentication functionality.

8. Your Rights (GDPR)

If you are in the European Economic Area (EEA), you have the following rights:

  • Right to access: Request a copy of your data
  • Right to rectification: Correct inaccurate data
  • Right to erasure: Delete your account and data
  • Right to data portability: Export your data in machine-readable format
  • Right to object: Object to certain data processing
  • Right to withdraw consent: Withdraw consent at any time

To exercise these rights, email legal@atavus.ai. We will respond within 30 days.

9. Children's Privacy

The Platform is not intended for users under 18. We do not knowingly collect data from children. If we discover a child's data, we will delete it immediately. Parents or guardians should contact us to request removal.

10. Third-Party Links

The Platform may contain links to third-party websites (Stripe, DeepSeek, etc.). We are not responsible for their privacy practices. We encourage you to review their privacy policies.

11. Changes to This Policy

We may update this policy from time to time. Changes will be posted here with an updated "Last updated" date. For significant changes, we will notify users via email or platform notification.

12. Contact

For privacy inquiries:
Email: legal@atavus.ai
Platform: https://atavus.ai