AtmosphereAGI
Sign up

Trust

Trust center

How we handle your data, your keys, and your account. Plain words, no theatre.

  1. Data handling

    Agent inputs, outputs, and step logs are stored in Postgres for 90 days, then deleted. Generated files (PDFs, slide decks, CSVs) sit in object storage with the same 90-day window. We do not train any model on your data and we do not sell it.

  2. Encryption

    Everything in transit is TLS 1.3. Disk volumes are encrypted at rest. BYO Anthropic keys are wrapped with AES-256-GCM; the master key lives in a separate KMS scope from the ciphertext rows, so a database leak alone cannot recover keys. Only the last four characters of a stored key are ever displayed back to you.

  3. Authentication

    Passwords are hashed with bcrypt (cost 12). Sessions are JWTs in httpOnly, samesite=lax cookies with a 24-hour life. Google OAuth is supported for sign-in. Magic-link sign-in is single-use and 15-minute scoped.

  4. Compliance posture

    We are GDPR-friendly: data export and deletion are self-serve from settings, and we honour right-to-erasure requests within 30 days. We are not yet SOC 2 attested; an audit is on the roadmap once revenue justifies the cost. The team is Bangladesh-based; our hosting (Hetzner) is EU and our managed DB (Neon) is US, with standard contractual clauses in place for transfers.

  5. Sub-processors

    Anthropic (Claude inference). Stripe (billing). Resend (transactional email). Cloudflare (DNS, DDoS, CDN). Neon (managed Postgres). Hetzner (compute). Each has its own Data Processing Addendum that we honour.

  6. Deletion SLA

    Account deletion via Settings > Account > Delete is queued immediately. All personal data, run history, and BYO keys are removed within a 30-day grace window. The grace window exists so you can recover from an accidental deletion; after that we cannot undo it.

  7. Vulnerability reporting

    Email security@atmosphereagi.com with a write-up. We acknowledge within 72 hours. We do not currently run a paid bug bounty, but we will name-credit researchers in this page with permission. Please do not test live user accounts other than your own.