We use data to provide the service, protect it, and respond to you. We do not sell personal data or use customer company content for advertising.
1. Data we receive
Website forms may collect your name, email, company, role, inquiry type, use case, and message. ATLAS may process account and membership data, company knowledge, signals from connected tools, monitor rules, flags, actions, approvals, audit events, usage, conversations, memory, and device or security metadata needed to operate the service.
2. Company and personal scope
ATLAS separates organization and user context. Company-brain requests derive organization identity from the authenticated session, and company data is fenced by tenant controls. Organization administrators control access, membership, connected sources, retention, and company content subject to their agreement with us.
3. How we use data
We use data to provide and secure XAGI and ATLAS services, retrieve requested context, run monitors, generate flags and previews, deliver notifications, process approved actions, measure usage, prevent abuse, troubleshoot incidents, and respond to requests.
4. Model providers and service processors
Some features send the minimum necessary prompt or task context to selected model or infrastructure providers. We also use hosting, database, authentication, CAPTCHA, email, and monitoring providers. Access is limited to the purpose of providing the service and governed by applicable agreements.
5. Training
We do not use private customer company content or personal conversations to train a shared public foundation model unless the relevant customer and affected users have explicitly agreed to a separate, clearly described program.
6. Retention and deletion
We keep information for the period needed to provide the service, meet contractual or legal duties, resolve disputes, and maintain security. ATLAS includes organization retention and purge controls for supported company content. You may request access, correction, export, or deletion by contacting us; some records may be retained when legally required or necessary for security and audit integrity.
7. Security
We use access controls, tenant isolation, encrypted credential handling, transport security, role checks, audit controls, and operational safeguards appropriate to the service. No system is perfectly secure; we investigate confirmed incidents and notify affected parties as required.
8. Your choices and rights
Depending on your location, you may have rights to access, correct, delete, restrict, object, or port personal data and to complain to a regulator. Organization-managed data requests may be routed through your organization where it is the data controller.
9. Children
The services are not directed to children under 16, and we do not knowingly collect their personal data.
10. Contact
Email privacy@xagilab.com for privacy requests. We may update this policy as the services change; material updates will carry a new date and, when appropriate, direct notice.