Last updated: March 9, 2026
This Privacy Policy describes how Atlas ("we", "our", "us"), operated at atlasmap.app, collects, uses, and protects information when you use our IT infrastructure mapping platform ("Service"). We are committed to protecting your privacy and handling your data transparently.
When you register or are invited to Atlas, we collect your name and email address. For organization accounts, we also collect the organization name and workspace URL slug. Passwords are stored as one-way cryptographic hashes and cannot be viewed or retrieved by anyone, including us.
The core purpose of Atlas is to store information about your organization's physical IT infrastructure. This includes site/building names, floor plan images, device locations and details (such as equipment type, model, IP address, location notes), cable run documentation, photos, and custom device type definitions. This data is created by your users and belongs to your organization.
We collect basic server logs generated during normal operation, including IP addresses, request timestamps, and browser type. These logs are used for security monitoring, debugging, and service reliability. We do not use third-party analytics or tracking services.
We use the information we collect to provide and operate the Service, authenticate users and maintain account security, send transactional emails (account verification, password resets, subscription notifications, quotes), monitor and maintain the reliability of the Service, and respond to support requests.
We do not use your data for advertising, profiling, or any purpose unrelated to providing the Service.
We do not sell, rent, or trade your personal information or infrastructure data to any third party. We share data only with the following service providers, solely to operate the Service:
Google Cloud Platform hosts the application, database, and file storage. Data is stored in the us-west1 (Oregon) region. Google acts as a data processor under their Cloud Data Processing Addendum.
SendGrid (Twilio) sends transactional emails on our behalf, such as account verification, password resets, and subscription notifications. SendGrid receives only the recipient email address and message content.
Cloudflare provides DNS management and security services. Cloudflare processes network traffic metadata but does not access application data.
We may also disclose information if required by law, subpoena, or court order, or to protect the safety and security of our users and the Service.
All data is stored on Google Cloud Platform infrastructure in the United States (us-west1 region). We implement the following security measures:
All connections are encrypted via HTTPS (enforced by the .app TLD). Passwords are hashed using bcrypt. Sessions are secured with HttpOnly, Secure, and SameSite cookie flags, with automatic timeout after inactivity. Optional two-factor authentication (TOTP) is available for all accounts. File uploads are validated for type and scanned for security. Database backups are performed daily with seven-day retention. Each organization's data is strictly isolated through tenant-scoped database queries and file storage paths.
Your data is retained for as long as your organization's account is active. If your subscription expires and is not renewed, your data is retained through the grace period (typically 30 days). After the grace period, your account is locked but data is preserved for six (6) months to allow for reactivation. After six months, data may be permanently deleted.
For trial accounts that do not convert to a paid plan, data is retained for six (6) months after the trial expiration date.
You may request deletion of your organization's data at any time by contacting us at support@atlasmap.app.
Atlas is designed for documenting physical IT infrastructure and does not require or encourage the storage of student personally identifiable information (PII). The platform stores information about equipment, buildings, and network infrastructure -- not about students.
However, we recognize that school district users may incidentally include information such as room numbers, building names, or location descriptions that could be considered education records in certain contexts. We recommend that school district administrators configure Atlas with awareness of their FERPA obligations and avoid entering student-identifiable information into device names, notes, or custom fields.
We are committed to working with school districts to address FERPA-related concerns. If your district requires a Data Privacy Agreement (DPA) or has specific compliance requirements, please contact us at support@atlasmap.app.
Atlas uses only essential session cookies required for authentication and application functionality. We do not use advertising cookies, tracking cookies, or third-party analytics cookies. The session cookie is set with HttpOnly and Secure flags and expires when you close your browser or after a period of inactivity.
If you enable the "trust this device" option for two-factor authentication, an additional cookie is stored for 90 days to remember that preference.
Depending on your jurisdiction, you may have the right to access the personal information we hold about you, request correction of inaccurate information, request deletion of your personal information, receive a copy of your data in a portable format, and withdraw consent where processing is based on consent.
Organization administrators (Super Admins) can access, modify, and delete user accounts and infrastructure data directly within the application. For requests that cannot be handled through the application, contact us at support@atlasmap.app.
Atlas is a professional tool for IT departments and is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child under 13 has provided us with personal information, please contact us and we will take steps to delete it.
We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. For material changes, we will notify registered account administrators via email at least 30 days before the changes take effect.
If you have questions about this Privacy Policy or our data practices, please contact us at support@atlasmap.app or visit our contact page.