Legal
Terms, Privacy, and Data Protection
These terms govern access to and use of Idle Atlas, including the web application, customer API, and related services. They also include a privacy notice structured to cover the transparency disclosures typically required under the GDPR and similar privacy frameworks.
Last updated: March 23, 2026
Terms and Conditions
By accessing or using Idle Atlas, you agree to these terms on behalf of yourself and, if applicable, the organization you represent. If you do not agree, do not use the service.
Accounts and access
You are responsible for the activity that happens under your account and for keeping login credentials, API keys, recovery codes, and other secrets secure. You must provide accurate information, maintain up-to-date account details, and use the service only through authorized accounts and organization contexts. If you create an account or accept an invitation on behalf of an organization, you represent that you are authorized to bind that organization to these terms.
Acceptable use
You may not misuse the service, interfere with its operation, attempt unauthorized access, bypass account or tenant boundaries, introduce malicious code, reverse engineer protected portions of the product except where law permits, or use Idle Atlas to violate law or the rights of others. You must not use the service to store or transmit unlawful content or to test, scan, or probe the platform without authorization.
Subscriptions and changes
Paid features, limits, plan terms, and renewal details may be described in your order, invoice, or in-product billing settings. We may update, suspend, or discontinue features from time to time, including to improve security, comply with law, address abuse, or evolve the platform. We may also change usage limits or technical controls where reasonably necessary to maintain service reliability.
Customer data
You retain your rights in the content and data you submit to the service. You authorize Idle Atlas to host, process, transmit, index, and back up that data as needed to operate, secure, maintain, and support the service for your organization. You are responsible for ensuring that you and your organization have a lawful basis to submit personal data and other content to the service.
Intellectual property
Idle Atlas and its related software, design, documentation, branding, and associated intellectual property remain our property or the property of our licensors. These terms grant you a limited, non-exclusive, non-transferable, and revocable right to use the service during an active subscription and in compliance with these terms. No rights are granted except as expressly stated here.
APIs and integrations
If you use our APIs, you must follow the published documentation, protect issued credentials, respect tenant boundaries, and avoid abusive or excessive request patterns. You may not share API keys outside your authorized organization context or use the API in a way that degrades platform stability, security, or availability. We may set and enforce technical limits, rate limits, and security controls to protect the service.
Confidentiality and feedback
If either party receives non-public information from the other that is identified as confidential or would reasonably be understood as confidential, that information must be protected and used only for the purpose of the relationship. If you provide feedback, suggestions, or feature requests, you allow us to use them without restriction or compensation.
Disclaimers and liability
The service is provided on an as-is and as-available basis to the maximum extent permitted by law. To that extent, Idle Atlas disclaims implied warranties, including warranties of merchantability, fitness for a particular purpose, non-infringement, uninterrupted availability, and error-free operation. To the maximum extent permitted by law, Idle Atlas is not liable for indirect, incidental, special, consequential, exemplary, or punitive damages, or for lost profits, revenues, goodwill, business interruption, or data.
Suspension and termination
You may stop using the service at any time. We may suspend or terminate access if you materially breach these terms, create security risk, fail to pay applicable fees, use the service in a prohibited way, or if continued service would expose us or others to legal or operational harm. We may preserve limited information after termination where necessary for legal, accounting, fraud-prevention, security, or dispute-resolution purposes.
Changes to these terms
We may update these terms from time to time. If we make a material change, we may provide notice through the product, by email, or by updating the date at the top of this page. Continued use after the updated terms take effect means you accept them.
These terms do not by themselves create a data processing agreement, service level agreement, or bespoke security commitment. If you need those documents, they should be agreed separately and reflected in your operational setup.
Privacy Policy
This Privacy Policy explains how Idle Atlas collects, uses, stores, shares, and protects personal data. It is intended to provide clear and accessible notice to users, customer contacts, invitees, and other individuals whose personal data may be processed in connection with the service.
Controller and scope
For the purposes of this Privacy Policy, Idle Atlas is the controller of personal data that it collects and uses for its own business purposes, such as account administration, authentication, security, communications, billing, and platform operations. When customer organizations use Idle Atlas to store or manage personal data in their own workspace, Idle Atlas may also act as a processor or service provider on behalf of that customer, depending on the circumstances.
Categories of personal data
We may collect account details such as name, email address, login identifiers, organization membership, role and permission assignments, audit and security events, API key metadata, communications you send to us, billing-related records, and technical data such as IP address, browser type, device information, log records, and usage telemetry that helps us secure and operate the service.
How we collect data
We collect personal data directly from you when you create an account, accept an invitation, sign in, configure security settings, contact us, or use the product. We may also receive personal data from your organization administrator, from authentication and infrastructure providers acting on our instructions, and from routine security and diagnostic logging generated through your use of the service.
Purposes and legal bases
We process personal data to provide and secure the service, authenticate users, manage organizations and permissions, respond to support requests, send transactional communications, maintain audit trails, prevent fraud and abuse, comply with legal obligations, and improve product performance. Depending on the context, our legal basis under the GDPR may be performance of a contract, compliance with legal obligations, our legitimate interests in operating and securing the service, or consent where consent is specifically requested.
Legitimate interests
Where we rely on legitimate interests, those interests typically include operating a secure SaaS platform, preventing unauthorized access and abuse, troubleshooting incidents, communicating with customers, enforcing our contractual rights, and improving reliability and usability. We assess those interests against the rights and freedoms of affected individuals before relying on that basis.
Recipients and subprocessors
We may share personal data with service providers and subprocessors that help us operate the service, such as cloud hosting providers, database and infrastructure vendors, authentication providers, email delivery providers, customer support tools, and professional advisers. We may also disclose information where required by law, legal process, or to protect rights, safety, security, and the integrity of the platform.
International transfers
Because our vendors and infrastructure may operate internationally, personal data may be transferred to and processed in countries outside the European Economic Area or the United Kingdom. Where required, we will rely on an adequacy decision, the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum or another lawful transfer mechanism, together with supplementary measures where appropriate.
Retention
We retain personal data for as long as necessary to provide the service, maintain security records, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods may vary by data type and business need. Authentication records, audit events, billing records, and abuse-prevention logs may be retained longer than ordinary product usage records where necessary for compliance and security.
Data subject rights
Subject to applicable law, individuals may have rights to request access, rectification, erasure, restriction, objection, portability, and the withdrawal of consent where processing is based on consent. Individuals may also have the right to lodge a complaint with their local supervisory authority. We will not discriminate against individuals for exercising applicable privacy rights.
When data is required
Some personal data is required for us to create accounts, authenticate users, enforce tenant boundaries, deliver transactional messages, and provide the service securely. If you do not provide the required information, we may not be able to create an account, complete an invitation flow, or provide some or all of the service.
Security
We use administrative, technical, and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, and disclosure. No system is completely secure, so we cannot guarantee absolute security, but we design our platform and processes to reduce risk and limit unauthorized access.
Children
Idle Atlas is intended for business and organizational use and is not directed to children. We do not knowingly collect personal data from children where prohibited by law.
Exercising privacy rights
To make a privacy or data protection request, contact us using the details below and describe your relationship to the service and the request you are making. We may ask for additional information to verify identity before acting on a request where permitted by law.
Contact
Questions about these terms, this Privacy Policy, or privacy and data protection requests can be sent to support@idleatlas.com.