Atlasweave

Legal

Privacy Notice

Effective date: 9 June 2025

1. Who We Are

Atlasweave Ltd ("Atlasweave", "we", "us", "our") is the data controller for personal data collected through our website (atlasweave.ai) and our process intelligence platform ("Services").

We are registered in England and Wales. If you have questions about this Notice or your data, get in touch via our contact form.

2. Scope

This Notice applies to personal data we collect about:

  • Visitors who browse our public website;
  • Customers who create accounts and use the platform;
  • Contacts who reach out to us by email, demo request, or other means.

Where Atlasweave processes personal data on behalf of a Customer (e.g. data contained within uploaded documents), Atlasweave acts as a data processor and the Customer is the data controller. That processing is governed by our Data Processing Agreement, not this Notice.

3. What We Collect

3.1 Information you provide

  • Account data - name, work email address, company name, job title.
  • Demo & contact requests - name, email, company, message content.
  • Billing data - name, billing address, and payment method (handled via our payment processor; we do not store card numbers).
  • Communications - emails or messages you send us.

3.2 Information collected automatically

  • Usage data - pages visited, features used, session duration, click paths.
  • Device & log data - IP address, browser type, operating system, referrer URL, timestamps.
  • Cookies & similar technologies - see our Cookies Notice.

3.3 Information from third parties

  • Where you sign in via a third-party identity provider (e.g. Google), we receive the profile information you have authorised that provider to share.

4. How We Use It

PurposeData used
Provide and operate the ServicesAccount data, usage data
Authenticate and secure your accountAccount data, device data
Process paymentsBilling data
Respond to support & sales enquiriesContact data, communications
Send product updates & marketing (opt-out available)Account data, email
Improve and develop the platformUsage data, aggregated analytics
Comply with legal obligationsAll categories as required
Enforce our Terms & prevent fraudAccount data, log data

We do not sell your personal data to third parties. We do not use Customer Data to train AI models without your explicit consent.

6. Sharing & Sub-processors

We share personal data only with:

  • AWS (hosting, storage, AI inference - eu-west-1, Ireland);
  • Payment processors (e.g. Stripe) for billing;
  • Email and CRM tools for communications and support;
  • Analytics providers (aggregated, anonymised where possible);
  • Professional advisors (lawyers, accountants) under confidentiality obligations;
  • Law enforcement or regulators where required by law.

All sub-processors are contractually required to protect your data to standards at least as protective as this Notice.

7. International Transfers

Our primary data region is the EU (eu-west-1, Ireland). Where transfers outside the UK or EEA are necessary (e.g. sub-processors with US operations), we rely on UK International Data Transfer Agreements or EU Standard Contractual Clauses as the transfer mechanism.

8. Retention

We retain personal data for as long as necessary to fulfil the purposes described in this Notice, or as required by law:

  • Account data - duration of your account plus 12 months;
  • Billing records - 7 years (legal obligation);
  • Support communications - 3 years;
  • Website analytics - 14 months (rolling);
  • Marketing opt-out records - indefinite (to honour your preference).

Customer Data (documents you upload) is deleted within 30 days of account closure or on earlier request.

9. Your Rights

Under UK and EU data protection law, you have the right to:

  • Access the personal data we hold about you;
  • Rectify inaccurate or incomplete data;
  • Erase your data ("right to be forgotten") in certain circumstances;
  • Restrict processing while a dispute is resolved;
  • Port your data to another provider in a machine-readable format;
  • Object to processing based on legitimate interests, including direct marketing;
  • Withdraw consent at any time (without affecting prior lawful processing);
  • Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, email privacy@atlasweave.ai or use our contact form. We will respond within 30 days.

10. Security

We apply technical and organisational measures to protect your personal data, including AES-256 encryption at rest, TLS 1.2+ in transit, access controls, and audit logging. See our Security page for full details.

No system is perfectly secure. If you believe your data has been compromised, email us immediately at privacy@atlasweave.ai or use our contact form.

11. Children

The Services are intended for business users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with personal data, contact us and we will delete it promptly.

12. Changes

We may update this Notice periodically. We will notify you of material changes by email or in-app notice before they take effect. The "Effective date" at the top reflects the most recent revision.

13. Contact

For privacy-related queries or to exercise your rights, email privacy@atlasweave.ai or use our contact form.

Atlasweave Ltd
London, United Kingdom