Atlasby SigmaTools

Privacy Policy

Last updated: May 27, 2026

The short version

We collect the minimum we need to make Atlas work and to keep your training history yours across devices. We don't sell your personal information. You can export or delete your data at any time from the in-app settings. If you want the long version, keep reading.

1. What we collect

Account data: the email and display name you provide, plus your Atlas user id and authentication tokens.

Workout data: the exercises, sets, reps, weights, rest times, notes, and dates you log; the templates and splits you create; achievements you unlock; per-muscle XP totals; and (for premium features) body measurements and progress photos you choose to record.

Device and usage data: approximate location (derived from your IP for rate-limiting and abuse prevention - we do not retain precise GPS), browser / OS user-agent, app version, and timestamps of events like opens, screen views, and feature usage.

Billing data: if you subscribe, your payment method is handled by Apple, Google, or Stripe. We receive a subscription id, status, and the last four digits of the card - never the full card number.

Customer support: messages you send us and any contact information you include.

2. Why we use it

  • Run the Service: render your dashboards, sync your sessions across devices, fire celebrations, generate share cards.
  • Improve the product: analyze aggregate, de-identified usage so we can ship the features lifters actually use.
  • Send transactional and account messages (receipts, password resets, billing notices) - never marketing without your opt-in.
  • Protect the Service from abuse (rate limiting, fraud detection, terms enforcement).
  • Comply with legal obligations.

3. What we don't do

  • We do not sell your personal information to advertisers, data brokers, or anyone else.
  • We do not share your individual workout history with third parties for marketing.
  • We do not place behavioral advertising cookies on our website.
  • We do not run health surveillance, share data with insurers, or share data with employers.

4. Sharing and third-party processors

We use carefully selected vendors to operate the Service. Each is contractually bound to use your data only as we direct:

  • Supabase - hosted database + authentication.
  • Stripe - payment processing for Premium.
  • Apple App Store / Google Play - in-app purchases on iOS / Android.
  • Vercel - hosting + edge functions.
  • PostHog (when enabled) - product analytics, configured to mask personally-identifying fields.
  • Resend - transactional email delivery.

We may also share data when required by law, in connection with a merger or acquisition (in which case we'll notify you), or to protect the rights, property, or safety of Atlas, our users, or the public.

5. Public profiles and share cards

Atlas lets you create a public profile at atlas.sigmatools.io/u/[handle]and generate share cards (PNG images) of your achievements. These surfaces show level, achievement counts, body-atlas heatmaps, and top lifts you have chosen to highlight. They never show individual session weights, body measurements, photos, or your email. You control whether your profile is public from in-app settings.

6. Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you;
  • Correct inaccurate data;
  • Delete your account and personal data (the "right to erasure");
  • Export your data in a machine-readable format;
  • Object to certain processing or restrict it;
  • Lodge a complaint with your local data-protection authority.

You can exercise the access, export, and deletion rights yourself from Profile → Account & Data. JSON and CSV export run immediately on-device. Account deletion cancels any active subscription, removes your profile from our servers, and signs you out. For anything else, email privacy@sigmatools.io and we will respond within 30 days.

7. Retention

We keep your data for as long as your account is active and for a reasonable period after, in case you reactivate. When you delete your account, we remove your personal data from our production systems within 30 days, with backups expiring on a rolling 90-day schedule. Aggregated and de-identified data may be retained for analytics.

8. Children

Atlas is not directed to children under 13. If you believe a child has provided us with personal information, contact us and we will delete it.

9. International transfers

Our infrastructure is hosted in the United States. If you are located outside the US, your data will be transferred to and processed in the US. We use the EU Standard Contractual Clauses (where applicable) to protect cross-border transfers.

10. Security

We use industry-standard measures to protect your data, including TLS in transit, encryption at rest, and least-privilege access for our team. No system is 100% secure - we will notify affected users without undue delay if we ever discover a breach that materially affects them.

11. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be announced via an in-app banner or email at least fourteen (14) days before they take effect.

12. Contact

Privacy questions can be sent to privacy@sigmatools.io. For general legal questions, see our Terms of Service.