ATLAS
TermsPrivacyDPA

Privacy Policy

Last updated: April 8, 2026

Version 2.0

1. Introduction & Scope

Atlas Platform LLC ("Atlas," "we," "us," or "our") operates atlasyield.co and the Atlas cash management platform (collectively, the "Platform"). This Privacy Policy explains how we collect, use, share, and protect information about businesses and the individuals associated with them when they use the Platform.

Atlas is a B2B platform. We do not market to or serve individual consumers. Where this Policy refers to "you," we mean the business entity that uses Atlas and the authorized representatives, employees, and contractors who access the Platform on its behalf.

This Policy is designed to comply with the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), the Gramm-Leach-Bliley Act (GLBA), and other applicable privacy laws.

2. Data Controller & Contact

Atlas Platform LLC, a Wyoming limited liability company, is the data controller for personal data processed through the Platform.

Atlas has appointed a Data Protection Contact responsible for monitoring privacy practices. Atlas is not currently required to appoint a formal Data Protection Officer under GDPR Art. 37. An EU representative under GDPR Art. 27 will be appointed prior to general availability in the European Union.

3. Information We Collect

3.1 Information You Provide

  • Account & Identity: Name, business email address, password (hashed), role.
  • Organization Information: Legal entity name, business type, jurisdiction, registration number, EIN or equivalent national tax identifier, registered address, beneficial owners (where required for KYB).
  • Authorized Users: Names, email addresses, and access roles of additional users you add to your organization.
  • Communications: Information you submit through support channels, chat widgets, or feedback forms.

3.2 Information from Third-Party Service Providers

Atlas does not hold customer funds. We rely on regulated third-party service providers to deliver core financial functionality. To protect both our customers and our partner relationships, we describe these providers by category in this public Policy. The current list of named sub-processors is available on request and is included in our Data Processing Addendum (DPA) for customers who execute one with us.

  • Account aggregation services: Bank account names, balances, transaction history, account and routing numbers from accounts you link.
  • Brokerage and custody partners: Portfolio positions, trade history, account balances, performance data.
  • Banking infrastructure providers: Transfer status, amounts, and identifiers for fund movements between your linked accounts.
  • Identity and KYB verification providers: Verification of business legal name, EIN/TIN, and sanctions screening results.
  • Payment processors: Subscription billing, partner payouts, and tax form data.
  • Authentication providers: Email, name, profile metadata, and login session data.
  • Cloud hosting and analytics providers: Hosting infrastructure, content delivery, performance monitoring, and aggregated usage analytics.

3.3 Automatically Collected Information

  • Usage Data: Pages visited, features used, actions taken, timestamps, session duration, referring URLs.
  • Device & Network: Browser type and version, operating system, screen size, IP address, device identifiers, approximate geolocation derived from IP.
  • Cookies & Similar Technologies: See Section 5.

4. How We Use Your Information & Lawful Basis

For data subjects in the EU, UK, EEA, or Switzerland, we identify the GDPR Art. 6 lawful basis for each processing purpose below.

  • Provide and operate the Platform — account creation, authentication, portfolio display, sweep automation. (Contract — Art. 6(1)(b))
  • Process transfers and investment transactions via partners. (Contract — Art. 6(1)(b))
  • Verify identity and conduct KYB / AML / sanctions screening. (Legal Obligation — Art. 6(1)(c) and Legitimate Interests — Art. 6(1)(f) for fraud prevention)
  • Detect, prevent, and investigate fraud, abuse, and security incidents. (Legitimate Interests — Art. 6(1)(f))
  • Communicate with you about your account, transactions, and Platform updates. (Contract — Art. 6(1)(b) and Legitimate Interests — Art. 6(1)(f))
  • Comply with tax, financial reporting, and regulatory obligations. (Legal Obligation — Art. 6(1)(c))
  • Improve and develop new Platform features based on aggregated usage. (Legitimate Interests — Art. 6(1)(f))
  • Send marketing communications about Atlas. (Consent — Art. 6(1)(a) where required, otherwise Legitimate Interests with opt-out)
  • Set non-essential cookies (analytics, preferences). (Consent — Art. 6(1)(a) and ePrivacy Directive Art. 5(3))

5. Cookies & Tracking Technologies

We use cookies and similar technologies to operate the Platform, remember your settings, and (with your consent where required) understand how the Platform is used.

CategoryPurposeDurationConsent required (EU)
Strictly necessaryAuthentication, session, CSRF, securitySession – 1 yearNo
PreferencesLocale, theme, layout1 yearYes
AnalyticsAggregated platform usage measurementUp to 13 monthsYes
MarketingCurrently noneN/AYes

You can review or change your cookie preferences at any time via the "Cookie Settings" link in the footer of any page on atlasyield.co.

6. How We Share & Disclose Information

We share personal data only with the following categories of recipients, and only to the extent necessary:

  • Service providers in the categories listed in Section 3.2, acting as our processors under written contracts that include GDPR Art. 28 obligations and Standard Contractual Clauses where applicable.
  • Regulators, law enforcement, and courts where required by valid legal process or to protect the rights, property, or safety of Atlas, our customers, or the public.
  • Professional advisors (auditors, lawyers, insurers) under confidentiality obligations.
  • Successors in connection with a merger, acquisition, financing, or sale of assets, subject to confidentiality and (where required) notice to data subjects.

Atlas does not sell personal information as the term "sale" is defined under CCPA/CPRA, and Atlas does not share personal information for cross-context behavioral advertising.

Customers who require a complete, named list of our sub-processors may request our Data Processing Addendum (DPA) at dataEU@atlasyield.co.

7. International Data Transfers

Atlas is established in the United States. When we transfer personal data of EU, UK, or Swiss data subjects to the United States or to other third countries, we rely on the European Commission's Standard Contractual Clauses (SCCs) approved under Decision 2021/914, the UK International Data Transfer Addendum, and the Swiss FDPIC-approved SCCs as appropriate. We assess each transfer in line with the EDPB's "Schrems II" guidance and apply supplementary technical and organizational measures (encryption in transit and at rest, access controls, audit logging) where appropriate.

8. Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy:

  • Account & KYB records: for the duration of the customer relationship plus 7 years to comply with US and EU AML/KYB record-keeping obligations.
  • Transaction records: for the duration of the relationship plus 7 years to comply with financial record-keeping obligations.
  • Support communications: 3 years from last contact.
  • Cookie consent records: 13 months (per CNIL guidance), then anonymized.
  • Server access logs: 90 days for security investigations.

After applicable retention periods, we delete or irreversibly anonymize personal data.

9. Your Rights

9.1 Rights of EU/UK/EEA/Swiss Data Subjects (GDPR)

  • Access — request a copy of personal data we hold about you (Art. 15)
  • Rectification — request correction of inaccurate data (Art. 16)
  • Erasure — request deletion subject to legal retention obligations (Art. 17)
  • Restriction of processing in certain circumstances (Art. 18)
  • Portability — receive your data in a structured, machine-readable format (Art. 20)
  • Object to processing based on legitimate interests, including profiling (Art. 21)
  • Withdraw consent at any time, without affecting prior lawful processing (Art. 7(3))
  • Lodge a complaint with your national supervisory authority. In France this is the CNIL (cnil.fr).

9.2 Rights of California Residents (CCPA/CPRA)

  • Right to know what categories of personal information we collect, use, disclose, and share
  • Right to delete personal information, subject to exceptions
  • Right to correct inaccurate personal information
  • Right to opt out of the sale or sharing of personal information (Atlas does not sell or share)
  • Right to limit the use of sensitive personal information
  • Right to non-discrimination for exercising any CCPA/CPRA right

10. How to Exercise Your Rights

To exercise any of the rights above, contact us at:

We will acknowledge your request within five business days and respond substantively within 30 days for GDPR requests and 45 days for CCPA/CPRA requests, with one extension where permitted by law. We may need to verify your identity before fulfilling certain requests.

11. Data Security

Atlas implements industry-standard technical and organizational measures designed to protect personal data, including encryption in transit (TLS 1.2+) and at rest (AES-256), access controls and least-privilege permissioning, audit logging, secret rotation, secure software development practices, and incident response procedures. No system is 100% secure; we will notify affected data subjects and relevant authorities of any personal data breach in accordance with applicable law (within 72 hours under GDPR Art. 33 where required).

12. Children's Privacy

Atlas is a B2B platform intended exclusively for use by businesses and their authorized adult representatives. We do not knowingly collect personal information from anyone under 18 years of age. If you believe a minor has provided us with personal information, please contact us and we will delete it.

13. Automated Decision-Making & Profiling

Atlas uses AI-assisted analytics to generate cash-flow insights and yield optimization recommendations. These recommendations are informational only — they do not produce legal effects or similarly significant effects on you within the meaning of GDPR Art. 22, and customers retain full control over whether to act on them. We do not use automated decision-making to approve or deny accounts; KYB review decisions are made by Atlas personnel based on output from regulated verification partners.

14. California-Specific Disclosures

In the 12 months preceding the date of this Policy, we have collected the following categories of personal information about California residents: identifiers, commercial information, internet activity information, professional information, and inferences drawn from the foregoing. We have collected these from the categories of sources, used them for the business purposes, and disclosed them to the categories of third parties described elsewhere in this Policy. We have not sold or shared (as those terms are defined under CCPA/CPRA) personal information of California residents in the past 12 months.

15. EEA, UK & Swiss Disclosures

The data controller is Atlas Platform LLC. Until an EU representative is appointed under GDPR Art. 27, EU/UK data subjects may contact us at dataEU@atlasyield.co. You also have the right to lodge a complaint with your national supervisory authority. A list of EU supervisory authorities is available at edpb.europa.eu.

16. Financial Privacy Notice (GLBA)

For US customers, Atlas is subject to the financial privacy provisions of the Gramm-Leach-Bliley Act (15 U.S.C. § 6801 et seq.). We collect nonpublic personal information (NPI) only as necessary to operate the Platform and process transactions through our regulated partners. We do not share NPI with non-affiliated third parties except as permitted under GLBA § 502(e), including for the purposes of servicing accounts, processing transactions, complying with legal requirements, and where you have authorized us to do so.

17. Changes to This Policy

We may update this Policy from time to time. For material changes (changes in the categories of data we collect, how we use it, or with whom we share it), we will provide at least 30 days' advance notice via email and an in-app notice, and we will obtain renewed consent where required by law. Non-material changes (clarifications, formatting, typo corrections) will take effect on posting and we will update the "Last updated" date above.

18. Contact

Atlas Platform LLC
General & US data subjects: data@atlasyield.co
EU/UK/EEA/Swiss data subjects: dataEU@atlasyield.co