Privacy Policy

Last updated: April 2026

This policy explains what personal data Atlas collects, why we collect it, who we share it with, and the rights you have over it. Atlas is operated by Aris Panayiotou as a sole trader (the “controller” under UK and EU data protection law). Contact: aris@myatlas.fit.

1. What we collect

Account and profile

• Name, email address, phone number — provided when you register or are invited to a gym.
• Password — stored as a one-way hash; we never see it in plain text.
• Profile preferences — units (kg / lbs), training goal, gym memberships, role (member, trainer, owner).

Fitness data

• Workouts — sets, reps, weights, durations, exercise selections, notes.
• Programs and templates — programs you build or your trainer assigns to you.
• Challenges — challenges you opt into and your progress.

Technical data

• Device push token — used to deliver notifications via Firebase Cloud Messaging when your gym publishes a program or you receive an invitation.
• Crash and error reports — when the app crashes or hits an unexpected error, technical details are sent to our error monitoring service (Sentry) so we can fix bugs. Reports include a hashed user ID so we can correlate fixes to affected accounts.
• Server logs — request timestamps, IP addresses, and user-agent strings, kept temporarily for security and debugging.

Landing page (this website)

• Founding-partner application form — your name, email, gym name (if applicable), and the message you submit.
• Advertising pixels — Meta Pixel and TikTok Pixel measure how our paid campaigns perform. These run on the landing page only and never on the mobile app. You can opt out via your browser’s tracking-prevention settings.

2. Why we collect it

• To run the service — authenticate you, sync your workouts, deliver programs from your gym, run challenges, send notifications.
• To support and improve the app — fix bugs surfaced via crash reports, monitor performance.
• To communicate with you — send transactional emails (verification, password reset, gym invitations).
• To measure marketing performance — understand which channels bring people to the landing page (landing page only).

3. Lawful basis

Under UK GDPR / EU GDPR we rely on:

• Contract — to provide the service you sign up for.
• Legitimate interests — to keep the service secure, debug crashes, and prevent abuse.
• Consent — for landing-page advertising pixels (you can decline via your browser).

4. Who we share it with

We do not sell your data. We use the following sub-processors to operate the platform:

• Render (USA / EU) — hosts our backend servers and database.
• Cloudflare R2 — stores uploaded media (gym logos, profile pictures).
• Resend (USA) — sends transactional emails on our behalf from a no-reply address on the myatlas.fit domain.
• Firebase Cloud Messaging (Google, USA) — delivers push notifications to your device.
• Sentry (USA) — collects crash reports and performance traces from the mobile app and backend.
• Meta and TikTok — receive landing-page conversion events only (Meta Pixel, TikTok Pixel). Not used in the mobile app.

International transfers to the US rely on the EU–US Data Privacy Framework or Standard Contractual Clauses, depending on the sub-processor.

5. How long we keep it

• Account and fitness data — until you delete your account.
• Crash reports — 90 days, then automatically purged by Sentry.
• Server logs — 30 days.
• Marketing pixels — managed under Meta’s and TikTok’s own retention policies.

6. Your rights

Under UK GDPR / EU GDPR you have the right to:

• Access the personal data we hold about you.
• Correct anything inaccurate.
• Delete your account and the data associated with it.
• Object to or restrict processing.
• Export your data in a portable format.
• Lodge a complaint with the UK Information Commissioner’s Office (ico.org.uk) or your local supervisory authority.

To delete your account in-app: Settings → Delete account. To exercise any other right, email aris@myatlas.fit from the address on your account. We respond within 30 days.

7. Children

Atlas is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has registered, contact aris@myatlas.fit and we will delete the account.

8. Security

All traffic is encrypted in transit (HTTPS / TLS 1.2+). Passwords are hashed using the algorithm provided by Django’s authentication framework. We never receive or store payment details — the app is currently free.

9. Changes to this policy

We may update this policy as the platform evolves. The “Last updated” date at the top will reflect the most recent change. For material changes affecting how we use your data, we will notify you by email or in-app before the change takes effect.

10. Contact

Questions, concerns, or requests: aris@myatlas.fit.

Back to home