Privacy Policy

Who We Are

ATOM Interstate ("ATOM", "we", "us", or "our") is a software application designed for the touring music industry. We provide tools for tour management, accounting, logistics, and operations. Our registered contact email is atom@atominterstate.app.

This Privacy Policy explains how we collect, use, and protect your personal information when you use ATOM at atominterstate.app.

Data We Collect

We collect only what is necessary to operate the service:

• Account information: email address, name, and a hashed password (we never store your password in plain text)
• Tour and financial data: show details, guarantees, expenses, settlements, crew information, and other data you enter into ATOM
• Sensitive financial fields (encrypted): wire transfer info, EIN, and uploaded W-9 PDFs are encrypted on your device with AES-256-GCM before transmission. Our servers store only ciphertext — even our database administrators cannot read these fields.
• Device and session data: a device token used to maintain your session across logins
• IP addresses: logged temporarily for rate-limiting and security purposes (e.g. detecting brute-force login attempts)
• License keys: used to authenticate your account and validate your subscription
• Product usage events: we record which features you use within ATOM (e.g. which tabs you open, which import flows you run, when you send messages to the AI assistant). This data is tied to your account, used solely to improve the product, and never shared with third parties or used for advertising. You can request deletion at any time.
• Gmail OAuth tokens (if you connect Gmail): stored encrypted at rest with AES-256-GCM. Read-only scope — we cannot send, delete, or modify any email. Email content is processed in-flight and never persisted.

We do not collect payment card data directly. We do not use advertising trackers, third-party analytics, or cookies that follow you around the web. We do not sell your data to any third party.

How We Use Your Data

• To provide and operate the ATOM service
• To authenticate your account and maintain your session
• To sync your data across devices via cloud storage
• To send transactional emails (e.g. invite links, password reset codes)
• To power the ATOM AI chat assistant with your tour context (see AI section below)
• To understand which features are valuable so we can improve the product (first-party usage analytics — never shared with third parties)
• To protect the service against abuse and unauthorized access

AI Chat Assistant

ATOM includes an AI chat assistant powered by Anthropic's Claude API. When you use this feature, a snapshot of your current tour data (shows, expenses, crew) is sent to Anthropic's API to generate a response. This data is used solely to answer your question and is not used to train Anthropic's models under our API agreement.

Do not share sensitive personal data (e.g. social security numbers, banking credentials) in the chat interface.

Google API Services User Data

If you choose to connect your Gmail account to ATOM (via the Email Scan feature in the Nucleus tab), the following terms apply specifically to your Google data. ATOM's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

What we request and why

We request a single Google API scope:

• https://www.googleapis.com/auth/gmail.readonly — read-only access to your Gmail messages and attachments

We use this scope only to scan your inbox for receipts, settlement statements, hotel folios, airline confirmations, and credit card statements that ATOM can automatically parse into structured expense entries. This saves Tour Managers from manually entering each receipt by hand. We never use Gmail data for any other purpose.

What we do with your Gmail data

• Scan only when you initiate it. ATOM does not run scans in the background or on a schedule. A scan only happens when you click the Scan button in the Email Scan card and specify a date range.
• Search is targeted. We search by sender domain (e.g. uber.com, marriott.com, americanexpress.com) and the last four digits of your tour credit card — not your entire inbox. Personal correspondence is never read.
• Process in flight, do not persist. When a matching message is found, the body is fetched, sent to our AI parser to extract structured fields (vendor, date, amount, category), and immediately discarded. The original email body is never stored on our servers.
• Store only the structured result. What we keep is the parsed expense row: vendor name, date, amount, currency, category, and a reference back to the source message ID so you can re-fetch the original from Gmail if needed.
• No transfer to other apps. Gmail data we read is not shared with, sold to, or transferred to any third party except as required to provide the Email Scan feature itself (the AI parser, see below).
• No advertising. Gmail data is never used for advertising, marketing, or to build any kind of user profile.
• No human review except for support. No employee reads your Gmail messages. The only exception is if you explicitly grant us permission as part of a support investigation, or if we are required to do so by law.
• No machine-learning training. Gmail content is not used to train, improve, or develop any AI or machine learning model.

How your Google data is stored

• OAuth tokens. The access and refresh tokens Google issues to ATOM are encrypted with AES-256-GCM at rest in our database, using a key held only in our serverless function environment. The tokens themselves never appear in plaintext outside the running function process.
• Email body content. Never stored. Discarded immediately after parsing.
• Parsed results. Stored as expense rows in your account, just like any expense you would enter manually.

How to revoke access

You can disconnect ATOM from your Gmail account at any time:

• From inside ATOM: Nucleus tab → Email Scan card → Disconnect Gmail. This deletes our stored OAuth tokens immediately.
• From your Google Account: visit myaccount.google.com/permissions, find ATOM Interstate, and click Remove access. Google will invalidate the tokens on their side and ATOM will be unable to make further API calls on your behalf.

Revoking access does not delete the parsed expense rows that were already imported — those are your data and remain in your ATOM account. To delete those as well, edit them individually or delete your ATOM account using the controls in Settings → Privacy & Your Data.

Data sub-processors for Gmail data

When you run a scan, the message body is sent to our AI parser at Anthropic for one-shot processing. Anthropic does not retain API request bodies for training and deletes inputs after their standard 30-day abuse-monitoring window. No other third party receives Gmail content.

Third-Party Processors

We use the following sub-processors to operate ATOM. Each processes your data only as necessary to provide their service:

• Supabase (supabase.com) — cloud database and file storage. Data stored in US-based servers.
• Netlify (netlify.com) — hosting and serverless functions. US-based.
• Resend (resend.com) — transactional email delivery (invites, verification codes).
• Anthropic (anthropic.com) — AI API provider powering the ATOM chat assistant.

Data Retention

Your data is retained for as long as your account is active. If you request account deletion, we will remove your personal data and tour data within 30 days. IP logs used for rate-limiting are retained for no more than 90 days.

Your Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and applicable local law:

• Right of access: request a copy of the personal data we hold about you
• Right to rectification: request correction of inaccurate data
• Right to erasure: request deletion of your data ("right to be forgotten")
• Right to restriction: request that we limit how we process your data
• Right to data portability: request your data in a machine-readable format
• Right to object: object to processing based on legitimate interests
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at atom@atominterstate.app. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority (e.g. the ICO in the UK, or your national DPA in the EU).

The legal basis for processing your data is: contract performance (operating the service you signed up for), and legitimate interests (security and fraud prevention).

Cookies and Local Storage

ATOM uses browser localStorage (not traditional cookies) to store your session token and tour data locally on your device. This is strictly functional — no tracking, advertising, or analytics cookies are set. See our Cookie Policy for full details.

Security

All data is transmitted over HTTPS (SSL/TLS), provisioned automatically by Netlify via Let's Encrypt. Passwords are hashed using PBKDF2 before storage and are never transmitted or stored in plain text. Access to your data requires a valid session token.

Staff Access to Your Data

In the ordinary course of business, ATOM personnel do not access the contents of your tour data. Your settlements, deals, expenses, crew information, and uploaded files are not read by our team as part of our daily operations.

There are three narrow exceptions where a staff member may view your data:

• Automated processing. Our servers perform syncing, encrypted backups, and security monitoring. These are automated systems — no human reads your data as part of them.
• Support access with your consent. Authorized ATOM personnel can request view-only access to your account by sending you a request through the app. You see it as a banner at the top of the screen with the name of the requester, the reason, and the duration they're asking for. You approve or decline. If you approve, access is time-bounded, you can revoke it at any time, every view is audit-logged, and we send you a summary of what was accessed when the grant ends. See "Support Access Process" below for details.
• Legal compulsion. Where required by a subpoena, court order, or lawful government request, we may be compelled to disclose data. Where we are permitted to do so, we will notify you.

Confidentiality Commitment

When an ATOM staff member does access your account under any of the circumstances above, we are bound to the following:

We will not:

• Share your specific tour data — financials, deal terms, settlement figures, artist fees, commissions, crew information — with any third party for marketing, sales, or commercial purposes
• Retain copies of your data outside the audit log
• Use your specific data to train any AI or machine-learning model
• Access your account without one of the three reasons listed above

We may:

• Use what we learn while debugging a specific issue you reported to resolve that issue
• Incorporate generalized, non-identifying insights into product improvements

We must:

• Disclose where legally compelled
• Act where necessary to protect the safety of users or the integrity of the service (for example, if we detect abuse)

All staff access is logged with the administrator's identity, the target account, the grant ID (where applicable), a timestamp, and the section(s) viewed. These audit logs are retained for the life of the service. You can view your own audit log at any time inside the app.

Internal misuse of staff access is a termination offense under our employment policies.

Support Access Process

When we need to look at your account to help you — whether you've reported a bug, we're observing how beta users interact with a new feature, or we're otherwise working on your behalf — we use a consent flow with the following guarantees:

• You are asked first. A request appears as a banner at the top of your screen. It shows the name of the requester, the reason they're asking, the requested duration, and two buttons: Approve and Decline.
• You can decline. If you do, no access is granted.
• Approval is time-limited. Grants have a maximum duration — up to 4 hours for a Support Debugging grant, up to 30 days for an optional Beta Observation grant — and expire automatically.
• You can revoke at any time. While a grant is active, a passive banner on your screen shows the time remaining and an "End access" button. Clicking it ends the session immediately.
• Every view is logged. Each read of your data is stamped with the grant ID. You can see every session and every view in your own audit log inside Settings → Security & Legal.
• You get a summary. When the grant ends, we email you a summary of what was viewed, aggregated by section (for example, "Settlements: 12 views, Day Sheets: 4 views").
• Access is limited to authorized personnel. Requests can only be initiated by ATOM staff who have been granted this specific capability internally. Not all ATOM employees have this access.
• Nothing is written. Support access is strictly view-only. Staff cannot modify, delete, or add data to your account through this flow, even during an active grant.

Children's Privacy

ATOM is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16.

Changes to This Policy

We may update this policy as the product evolves. When we do, we'll update the effective date at the top. For significant changes, we'll notify active users by email.

Contact

Questions about this policy or your data? Email us at atom@atominterstate.app.