Privacy Policy

Atlas turns your financial transactions into a living map of the places you've been. To do that, we handle sensitive data: bank and card transactions, location information, and places you've visited. This page explains exactly what we collect, what we do with it, and what rights you have over it. We've tried to write it plainly.

Who we are

Atlas ("we," "us," "our") is operated by Atlas Travel (the "Company"). If you have any privacy questions, contact us at privacy@myatlas.guide.

What we collect

Account information

When you join the waitlist or create an account, we collect your email address. If you later create a full account, we may also collect a display name and authentication identifiers (Apple ID token, password hash).

Financial transaction data

With your explicit authorization, Atlas accesses transaction data from your linked financial accounts through the following integrations:

• Apple FinanceKit — Apple Card and Apple Cash transactions. Accessed on-device only; Apple never provides this data to our servers.
• Plaid — bank and credit card transactions from linked institutions. Plaid transmits data under its own privacy policy.
• Manual CSV upload — statements you upload yourself.

The transaction fields we process are: merchant name, amount, date, currency, and merchant category. We do not access line-item details (the specific products you purchased).

Location-derived data

We match transactions to places using Foursquare and Mapbox. This produces:

• A venue name and category (e.g. "Cafe Haiti · Coffee Shop")
• A latitude/longitude coordinate
• A trip grouping inferred from location + time

We do not collect your device's GPS or real-time location. All location data is derived from the transaction itself.

Usage data

Like most websites and apps, we collect basic technical data when you use Atlas: IP address, device type, browser version, and pages viewed. We use this for security, debugging, and aggregate analytics.

How we use your data

• Provide the service. Categorize transactions, match them to places, generate your map and trip timelines, produce spending summaries, and run the fly-to replay.
• Detect anomalies. Flag unusual charges (e.g. geographically distant from your typical spending footprint) so you can confirm or dispute them.
• Improve the product. Debug issues, measure feature usage in aggregate, and improve place-matching accuracy.
• Communicate with you. Send service emails (waitlist updates, important changes). We won't send marketing without a separate opt-in.

On-device processing

FinanceKit data (Apple Card / Apple Cash) is processed entirely on your device. We never transmit raw Apple transaction data to our servers. Aggregated, anonymized summaries may be synced for backup and cross-device use only if you enable that option.

Plaid transactions and manual CSV uploads are stored on our servers (hosted on Supabase / AWS) because we need them to reconstruct your journey across devices. They are encrypted at rest and in transit.

What we don't do

• We don't sell your data. Ever. Not in any form.
• We don't share transaction data with advertisers or data brokers.
• We don't read the contents of your purchases — only where and how much.
• We don't use your data to train third-party AI models.

Who we share data with

We share limited data only with the following categories of service providers, strictly to operate Atlas:

Hosting & DB

Supabase, Vercel — store your account and server-side transaction data.

Place matching

Foursquare, Mapbox — receive merchant name + approximate location to return venue matches.

Banking data

Plaid — connects your bank accounts and returns transactions.

Email

Used only for transactional service emails.

Legal

We will disclose data if compelled by valid legal process, and we'll notify you unless legally prohibited.

Data retention

We retain your data for as long as your account is active. If you delete your account, we delete all personal data within 30 days, except where we're legally required to retain it (e.g. basic transaction records for tax/audit purposes, retained for up to 7 years in anonymized form).

Your rights

Depending on where you live (EU/UK GDPR, California CCPA, Brazil LGPD, etc.), you have rights over your data. Regardless of jurisdiction, we extend the following to all users:

• Access — download a copy of everything we have about you.
• Correction — fix anything that's wrong.
• Deletion — remove your account and all associated data.
• Revocation — disconnect any linked integration (FinanceKit, Plaid) at any time from Settings.
• Portability — export your trip history and place data in a standard format (JSON/CSV).

To exercise any of these rights, email privacy@myatlas.guide or use the in-app Settings screen.

Security

We take security seriously. Transaction data is encrypted at rest (AES-256) and in transit (TLS 1.2+). Access to production systems is limited to authorized personnel and audited. We follow Apple's FinanceKit security requirements and Plaid's integration best practices.

No system is perfect. If you discover a vulnerability, please email security@myatlas.guide.

Children

Atlas is not intended for anyone under 18. We don't knowingly collect data from children.

International transfers

Atlas is operated from Brazil and the United States. If you're accessing Atlas from outside these countries, your data may be processed in either location under appropriate safeguards (Standard Contractual Clauses where applicable).

Changes to this policy

If we make material changes to how we handle your data, we'll notify you by email and give you advance notice before the changes take effect. Minor changes (clarifications, typos) may be made without notice; the "Last updated" date above always reflects the latest revision.

Contact

Privacy questions · privacy@myatlas.guide
Security reports · security@myatlas.guide
General · hello@myatlas.guide