AtmioraATMIORA
← Back to home

Privacy Policy

Last updated: March 29, 2026

This Privacy Policy explains how Atmiora collects, uses, stores, shares, and protects personal data when you use the Atmiora website, account system, Mirror flow, readings, and related services (the “Service”).

1. Who controls your data

Atmiora is the controller of the personal data described in this Policy, except where another party clearly acts as controller for its own independent purposes, such as payment obligations handled by a merchant of record or legal compliance required by law.

2. The data we collect

We may collect the following categories of personal data:

a. Information you provide directly

  • name or display name;
  • email address;
  • date of birth;
  • place of birth;
  • optional birth time;
  • account credentials or authentication identifiers;
  • support messages and other information you choose to send us.

b. Reading and account data

  • generated reading content;
  • profile settings;
  • saved history;
  • subscription status;
  • user preferences.

c. Payment and transaction data

If you purchase a product or subscription, payment and transaction data may be collected and processed by Paddle as merchant of record. We may receive limited transaction details needed to confirm payment status, provide access, handle support, and maintain business records.

d. Technical and usage data

We may collect device, browser, IP address, log, session, and security-related information necessary to operate, protect, and improve the Service.

3. How we use your data

We use personal data to:

  • provide the Mirror and full readings;
  • calculate symbolic profiles from your inputs;
  • create and store your account;
  • manage subscriptions and access rights;
  • provide customer support;
  • secure the Service, prevent abuse, and investigate incidents;
  • comply with legal, tax, accounting, and regulatory obligations;
  • improve the reliability, quality, and usability of the Service in a privacy-conscious way.

We do not sell your personal data.

4. Legal bases for processing

Where GDPR or similar laws apply, we rely on one or more of the following legal bases:

  • Contract: to provide the Service you request, including account creation, reading generation, and product access.
  • Legitimate interests: to secure, maintain, troubleshoot, and improve the Service, prevent misuse, and administer our business responsibly.
  • Consent: where we ask for it, such as for optional marketing communications or other optional processing.
  • Legal obligation: where we must retain or disclose data to comply with law, taxation, accounting, consumer protection, or lawful requests from authorities.

5. Processors and service providers

We use carefully selected processors and service providers to operate the Service.

Supabase may be used for database, authentication, storage, and related backend infrastructure. Supabase states that it offers a Data Processing Addendum and, depending on the processing relationship, acts as a processor or subprocessor for customer data.

Anthropic / Claude API may be used to help generate readings from structured symbolic inputs. Anthropic states that for commercial services it acts as a processor on behalf of the customer, and that commercial inputs are not used to train models unless the customer affirmatively opts into a separate improvement program. Atmiora does not enable optional programs that would use your submitted reading inputs or outputs for model training.

Paddle may act as merchant of record for purchases, which means Paddle or its affiliate may process payment information, recurring billing, taxes, refunds, and charge handling as part of the transaction flow.

We may also use additional hosting, security, email, analytics, or operational vendors where reasonably necessary to run the Service. If we materially change our processor stack in a way that affects this Policy, we will update this page.

6. International transfers

Your personal data may be processed in countries other than your own, including countries where our processors operate. Where required by law, we rely on appropriate safeguards for international transfers, such as contractual commitments and data processing terms made available by our processors.

7. Data retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Policy, including to provide the Service, maintain account continuity, resolve disputes, prevent abuse, comply with law, and enforce our agreements.

In practice, this means:

  • account and reading data may be retained while your account is active;
  • limited backup or security copies may remain for a reasonable period after deletion;
  • billing, tax, and transaction records may be kept for as long as required by applicable law;
  • logs and security records may be retained for shorter operational periods where needed for fraud prevention, debugging, and platform safety.

When data is no longer needed, we delete it, anonymize it, or securely isolate it as required by law.

8. Your rights

If GDPR or a similar law applies to you, you may have the right to:

  • request access to your personal data;
  • request correction of inaccurate or incomplete data;
  • request deletion of data in certain circumstances;
  • request restriction of processing in certain circumstances;
  • request portability of data where applicable;
  • object to processing based on legitimate interests in certain circumstances;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with a competent supervisory authority.

We will respond in line with applicable law. We may ask you to verify your identity before completing a request.

9. Children

The Service is not directed to children. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided personal data to us, contact us through the Site so we can investigate and take appropriate action.

10. Security

We use reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, disclosure, or alteration. No system is completely secure, so we cannot guarantee absolute security.

11. Sensitive and unnecessary data

Please do not submit payment card information through free-text fields, and do not send sensitive data that we did not ask for, including medical records, government identifiers, or highly confidential third-party information.

12. Cookies and similar technologies

We may use essential cookies, session storage, or similar technologies necessary to authenticate users, preserve sessions, secure the Service, remember basic preferences, and support billing and account flows.

If we later add non-essential analytics or marketing cookies, we will update this Policy and, where required, ask for consent.

13. Third-party services and links

The Service may contain links to third-party services or use embedded third-party workflows, including payment flows. Those third parties may have their own terms and privacy practices. We encourage you to review them where relevant.

14. Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version on the Site and change the “Last updated” date.

15. Contact

For privacy questions or requests, use the contact method provided on the Site.