Atlas Legal

Atlas

Privacy Policy

What data Atlas collects when you use the app, why we collect it, who we share it with, and how to take it back.

Version 1.1 · Effective from 11 May 2026 · Applies to EachMoment Ltd, the operator of the Atlas platform on web, iOS, and Android

1. Who we are

EachMoment Ltd (Company No. 12143457), 8 City Road, Norwich, England, NR1 3AL, is the data controller for the Atlas platform — the iOS and Android apps, the website at atlasarchive.org and beta.atlasarchive.org, and the supporting backend services.

For privacy questions, exercising your rights, or any concern about how we handle your data, write to dataprotection@eachmoment.com.

2. The short version

  • Atlas is your archive. We don't sell your data, we don't show you ads, we don't use your media to train other people's models.
  • Atlas Lite is storage only. If you're on Atlas Lite (the hosting-only tier for original EachMoment customers), your media is stored, backed up, served back to you on request, and otherwise left alone. No automated content processing, no AI indexing, no face detection, no biometric analysis.
  • We do use AI on your media — by your invitation, on opted-in tiers only. When you join the Atlas Beta (or, from 26 June 2026, opt into Atlas Archive), you opt in to face recognition, scene analysis, and other AI features that make your archive searchable. The detail is in the AI Indexing Addendum.
  • You can take your data back. Email dataprotection@eachmoment.com and we'll export everything in a portable format, or delete it permanently.
  • The full list of who we share data with (cloud hosting, AI providers, payments) is in section 6.

3. What we collect

3.1 Account information

When you sign up:

  • Email address
  • Name (optional)
  • Password (hashed; we never see it in plain text)
  • If you sign in with Apple: the unique Apple identifier and a relay email Apple may issue you. We never receive your real Apple ID password.

3.2 Media you upload

The photos, videos, audio, and folders you choose to upload. We extract technical metadata embedded in the files — for photos this includes EXIF data such as date taken, camera model, and (where the file contains it) GPS coordinates from your phone or camera at capture time.

3.3 AI-derived information about your media

Atlas Lite (hosting-only tier): if your account is on Atlas Lite, your media is not subjected to any automated content processing, AI indexing, face detection, scene analysis, transcript generation, or biometric analysis of any kind. We do not derive face embeddings, scene descriptions, transcripts, or any AI metadata from your photos, videos, or audio. Your files are stored, backed up, and served back to you on request — nothing more. This section's AI-related disclosures do not apply to Atlas Lite accounts.

Atlas Beta and Atlas Archive (opted-in tiers): when you participate in the Atlas Beta, or (from 26 June 2026) opt into Atlas Archive, our AI pipeline processes your media to produce searchable, organisable metadata: scene descriptions, inferred dates and locations, transcript text, face crops, and face embeddings (numeric vectors that let us tell when the same person appears in different items). Face embeddings are biometric data. They are processed only to deliver Atlas's core feature of letting you find people across your archive. Full detail of what happens, your legal bases, and how to withdraw consent is in the AI Indexing Addendum.

Moving between tiers: if you upgrade from Atlas Lite to Atlas Archive (or join the Atlas Beta), AI processing applies only to media uploaded or analysed from that point forward, and only with your explicit opt-in. Downgrading from an AI-enabled tier back to Atlas Lite causes your previously-derived AI metadata (embeddings, transcripts, scene tags) to be deleted within 30 days, in line with section 8.

3.4 Device and connection data

  • IP address and approximate location derived from it (used for security and rate limiting)
  • Device type, OS, and app version (used for diagnostics and to ship the right binary)
  • Push notification token, if you allow notifications (used to deliver Atlas notifications and nothing else)

3.5 Diagnostic and product analytics

To keep Atlas working and improve it, we collect:

  • Crash and error reports via Sentry (stack traces, app version, the user ID who hit the error). No screen content, no media files.
  • Product analytics via PostHog — a small, named set of events: upload started, upload completed, discovery sweep completed, face named, timeline created, timeline shared. Each event records counts only (e.g. how many clips, not which clips). We tie events to your user ID so we can answer questions like "do new users finish onboarding?"; we don't share your identity with PostHog as a tracking ID.

We do not use any advertising identifiers (no IDFA on iOS, no advertising ID on Android), we don't run third-party advertising or attribution SDKs, and we don't track you outside the Atlas app.

4. How we use your data

  • To run your account — sign-in, password reset, account recovery, your subscription/billing if you have one.
  • To store and serve your media — uploads, playback, downloads, and to build your library, timelines, and place pages.
  • To deliver AI-led features (Beta / Atlas Archive only) — face detection, scene analysis, transcripts, captions, search. Applies to opted-in tiers only; Atlas Lite accounts are excluded from all of this. See the AI Indexing Addendum.
  • To send notifications — only when you've allowed them, and only Atlas-related (e.g. "your video has finished processing").
  • To keep Atlas secure and working — error monitoring, abuse detection, fixing bugs.
  • To talk to you — service emails (e.g. password reset). We will not send marketing emails without separately asking.

5. Legal bases (UK & EU GDPR)

  • Contract — running your Atlas account and storing your media (Article 6(1)(b)).
  • Legitimate interests — keeping the service secure, fixing bugs, basic product analytics (Article 6(1)(f)). We've assessed these as low-impact and you can object at any time.
  • Consent — for AI Indexing & Community Features and for processing your face embeddings, which are biometric data (Article 9(2)(a)). This is opt-in via the Atlas Beta acknowledgement and you can withdraw it at any time. See the AI Indexing Addendum.
  • Legal obligation — for tax records on paid subscriptions (Article 6(1)(c)).

6. Who we share your data with

We use a small number of carefully chosen suppliers to run Atlas. They process your data only on our instructions and only to the extent needed for the service.

  • Hetzner Online GmbH (Germany) — hosting our servers and your stored media.
  • Google Cloud / Gemini API (EU regions where available) — receives short-lived prompts and frames for AI analysis (titles, descriptions, scene tags, location inference). Inputs are processed and discarded.
  • Firebase Cloud Messaging (Google) — receives your device push token to deliver Atlas notifications. Your media is not sent to Firebase.
  • Sentry (Functional Software, Inc.) — receives crash and error reports (stack traces, the user ID who hit the error). No media content.
  • PostHog (PostHog Inc., EU region) — receives the small set of named product events listed in section 3.5.
  • Stripe (Stripe Payments Europe Ltd) — receives payment information directly when you pay for restoration or other paid services. We never see or store your card details. This only applies if you make a purchase.
  • Apple Inc. and Google LLC — when you install or update Atlas through the App Store or Play Store, those platforms collect their own diagnostics. See Apple's and Google's privacy policies.

We do not sell your data, we do not give it to advertisers, and we do not use your media to train AI models we don't control.

7. International transfers

Most processing happens inside the European Economic Area (EEA) or the United Kingdom. Where our suppliers process your data outside the EEA or UK (Sentry, Stripe and Google services may use US infrastructure), we rely on the European Commission's Standard Contractual Clauses or equivalent UK transfer mechanisms to protect your data.

8. How long we keep your data

  • Account data and your media — for as long as your account is active. If you delete your account, we delete your media and derived data within 30 days, except where we're required to keep it longer (e.g. financial records, see below).
  • Individual files you delete — when you delete a single photo, video, audio file or document from the trash icon in your Atlas library, we delete the file and its AI-derived metadata (face embeddings, transcripts, tags, scene/object labels, location inference) from production storage within 30 days. The file may persist in encrypted backups for up to 30 days before being overwritten.
  • Face embeddings and other AI-derived metadata — deleted when you delete the underlying media or withdraw consent for AI Indexing.
  • Crash and analytics data — 90 days in Sentry; 12 months in PostHog (anonymised after that).
  • Financial records (purchases, invoices) — 6 years to comply with UK accounting law.
  • Backups — encrypted backups are kept for up to 30 days for disaster recovery, then overwritten.
  • Inactive accounts on Atlas Lite — if your subscription lapses or your account otherwise becomes inactive, we will retain your archive for as long as we reasonably can. We reserve the right to remove archives from inactive accounts to manage operational costs, with at least 30 days' written notice by email before any removal. We do not commit to a fixed retention period for inactive accounts.

9. Your rights

You have the right to:

  • Access a copy of the personal data we hold about you (Article 15)
  • Correct data that is inaccurate (Article 16)
  • Delete your data (Article 17 — "the right to be forgotten") — you can delete individual files at any time, or delete your entire account and all associated data.
  • Restrict certain processing (Article 18)
  • Port your data to another service in a structured, commonly used, machine-readable format (Article 20)
  • Object to processing based on legitimate interests (Article 21)
  • Withdraw consent for AI Indexing & Community Features at any time (Article 7(3) and Section 7 of the AI Indexing Addendum)
  • Complain to a supervisory authority — for UK users, that's the Information Commissioner's Office (ICO)

How to delete your data

You have two ways to delete data from Atlas:

  1. Delete individual files: open your Atlas library, tap or click the trash icon on any file, and confirm. The file and its AI-derived metadata are removed from production storage within 30 days. Anonymised aggregates used for service-wide analytics may persist; financial records linked to that file (e.g. invoices) are retained for 6 years as required by UK accounting law.
  2. Delete your entire account: email dataprotection@eachmoment.com from the address linked to your Atlas account, or use the in-product Delete Account option in Settings. We delete your account, your media, and all derived data within 30 days, subject to the retention exceptions described in Section 8.

If you have any difficulty using either route, email dataprotection@eachmoment.com and we will assist within 30 days.

To exercise any of these rights, email dataprotection@eachmoment.com. We respond within 30 days.

10. Children

Atlas is not designed for children under 16 and we do not knowingly collect personal data from anyone under 16. If a child has given us data without their parent or guardian's permission, write to dataprotection@eachmoment.com and we'll delete it.

Atlas archives often contain photos and videos of children — typically of family members at younger ages. We treat all faces in user-uploaded media as personal data of the people pictured and protect them accordingly. The user uploading the media is responsible for having appropriate permission to do so.

11. Security

We protect your data with TLS 1.2+ in transit, encryption at rest where feasible, role-based access control, and Tailscale-only access to production servers. We log administrative access to user data. If we ever discover a breach affecting your personal data, we will notify you and the relevant supervisory authority within the timeframes required by law.

12. Changes to this policy

We'll update this page when our practices change. Material changes bump the version number at the top and the effective date, and (for significant changes) we'll notify you in-app or by email. Continued use of Atlas after a change means you accept the updated policy.

13. Contact

Privacy questions and rights requests: dataprotection@eachmoment.com
General support: app@atlasarchive.org
Postal: EachMoment Ltd, 8 City Road, Norwich, England, NR1 3AL, United Kingdom