GDPR Compliance

For data we hold about our own visitors, prospective customers, and users (for example, sign-in details and billing information), Atlas is a controller.

For Customer Data that customers submit to or generate through the Service — including target-account information and outreach context — Atlas acts as a processor on behalf of that customer. The customer determines the purposes and the categories of data processed; Atlas processes that data only on documented instructions.

Where Atlas acts as a controller, we rely on the lawful bases set out in Article 6 GDPR — typically performance of a contract, our legitimate interests (balanced against your rights), compliance with a legal obligation, or consent where required. Where special categories of data are involved (which is not a routine part of the Service), we will rely on one of the bases set out in Article 9.

Individuals whose personal data we process have the rights to access, rectification, erasure, restriction, portability, and objection, and the right to withdraw consent where consent was the basis. Requests can be sent to privacy@atlas-metis.com. Where Atlas processes the data as a processor on behalf of a customer, we will forward the request to the relevant customer and assist them in responding.

Atlas offers a standard Data Processing Addendum (DPA) to customers established in the EEA, the United Kingdom, or handling EEA/UK personal data. The DPA incorporates the European Commission’s Standard Contractual Clauses and the UK International Data Transfer Addendum where relevant. Request a copy at privacy@atlas-metis.com.

Atlas engages a limited number of sub-processors to provide the Service. Each is bound by contractual data-protection obligations no less protective than those in the DPA. The current list:

Transfers outside the EEA or UK are safeguarded as described in Section 6. We give prior notice of material additions or replacements by updating this page and, for customers with an executed DPA, by email. Internal tooling that does not process customer personal data (for example, design or code-hosting platforms) is not listed.

Atlas is established in Singapore and uses sub-processors in multiple jurisdictions, including the EEA, the United Kingdom, and the United States. Transfers of personal data outside the EEA or UK rely on appropriate safeguards under Chapter V GDPR — most commonly the EU Standard Contractual Clauses and the UK International Data Transfer Addendum, together with transfer-impact assessments where required.

We retain personal data for no longer than necessary for the purposes for which it was collected and to meet legal obligations. Customer Data is retained for the duration of the customer’s subscription; on termination we make it available for export for a reasonable period and then delete it in accordance with the Terms of Service and any DPA.

Atlas operates a documented incident-response process. In the event of a personal-data breach affecting customer data, we notify the relevant customer without undue delay and in line with our DPA, supporting them in their own notification obligations to supervisory authorities and data subjects.

ATLAS ANALYTICS PTE. LTD., 160 Robinson Road, #14-04 SBF Center, 068914 Singapore. For any matter relating to the GDPR or UK GDPR, contact privacy@atlas-metis.com.

Because our customers are established in the European Union and we have no establishment there ourselves, we are appointing an EU representative pursuant to Article 27 GDPR. The representative’s name and contact details will be published here once the appointment is confirmed; until then, all GDPR matters are handled directly via privacy@atlas-metis.com.