Privacy Policy

Introduction

At Roia Labs Limited ("we", "us", "our", or "Atlantis"), we are committed to protecting your privacy and ensuring your personal data remains under your complete control. Atlantis AI is built on a privacy-first, zero-knowledge architecture that ensures your data never leaves your ecosystem of devices.

This Privacy Policy explains how we handle information in connection with your use of Atlantis AI products and services, including the Atlantis desktop application (macOS/Windows/Linux), Atlantis mobile app (iOS/Android), and our website at roia.io/atlantis.

Our Privacy Commitment

Atlantis operates on three fundamental privacy principles:

1. Local-First Processing: All AI processing happens on your devices. Your personal data never reaches our servers.
2. Zero-Knowledge Architecture: We cannot access, read, or decrypt your data - even if we wanted to.
3. End-to-End Encryption: When syncing between your devices, all data is encrypted using Curve25519 + ChaCha20Poly1305 encryption that only you can decrypt.

What Information We Collect

Information That Never Leaves Your Device

The following data remains exclusively on your devices and is never transmitted to our servers:

• Personal Documents: All files, documents, photos, and media you process with Atlantis
• Health Data: Medical records, fitness data, health metrics
• Communications: Emails, messages, chat histories
• Journals & Notes: Personal writings, diaries, notes
• AI Conversations: All interactions with Atlantis AI
• Vector Databases: Local knowledge bases and embeddings
• Custom Workflows: Your personalized AI agents and automations

Information We Collect for Service Operation

We collect minimal information necessary to provide and improve our services:

Account Information

• Email address (for account creation and support)
• Payment information (processed by our payment provider, not stored by us)
• License keys and activation status

Anonymous Telemetry (Optional)

With your permission, we collect anonymized usage statistics:

• App performance metrics (crash reports, response times)
• Feature usage patterns (which features are used, not how)
• Device type and operating system version
• App version information

Important: All telemetry data is:

• 100% anonymized with all personal content redacted
• Completely optional (can be disabled in Settings)
• Never linked to your identity
• Used solely for improving app stability and performance

Website Analytics

On roia.io/atlantis, we collect:

• Pages visited
• Referring websites
• Browser type and device category
• Approximate geographic region (country/state level)
• Visit duration
• Heatmaps and session recordings (via Contentsquare, with your consent)

We use Contentsquare for analytics and user behavior insights. You can control cookie preferences through our Cookie Policy and consent banner. For more details on how we use cookies, visit our dedicated Cookie Policy page.

How Your Data Is Protected

On-Device Encryption

• All local data is encrypted at rest using AES-256 encryption
• Encryption keys are stored in your device's secure keychain/keyring

Device-to-Device Sync

When you link multiple devices:

• Each device generates a unique Curve25519 key pair
• All sync data is end-to-end encrypted using ChaCha20Poly1305
• Encryption happens on-device before any transmission
• Our relay servers only see encrypted data packets
• Only your authenticated devices can decrypt the data
• Encryption protocols may be updated to ensure ongoing compliance with platform requirements (including Apple's security guidelines)

Zero-Knowledge Proof

• We cannot decrypt your data - we don't have the keys
• We cannot see your data - it never leaves your devices unencrypted
• We cannot access your local databases - they exist only on your hardware
• We cannot recover your data if you lose your devices - you control all backups

Device Authentication & Security

Atlantis uses WhatsApp-style device pairing for secure multi-device support:

1. Primary Device Setup: Your first device becomes the authentication anchor
2. QR Code Pairing: New devices scan a QR code containing encrypted authentication tokens
3. Key Exchange: Devices exchange public keys for secure communication
4. Local Verification: All authentication happens locally, not on our servers
5. Device Management: View and revoke device access anytime from Settings

Data Sharing and Third Parties

We Never Share Your Personal Data

We do not sell, rent, or share your personal information with third parties for marketing purposes.

Service Providers

We work with trusted service providers for:

• Payment Processing: Stripe/Paddle (they handle payment information securely)
• Email Communications: Gmail/Outlook 365 (for transactional emails only)

These providers are bound by strict data protection agreements and only process data necessary for their specific services.

Legal Requirements

We may disclose information if required by law, but since we don't have access to your encrypted personal data, we cannot provide what we don't have.

Your Rights and Controls

You have complete control over your data:

Access and Portability

• Export all your data anytime as SQL databases
• Create encrypted backups you control
• Transfer data between your devices

Deletion

• Delete specific data within the app
• Uninstall the app to remove all local data
• Request account deletion to remove your account information from our servers

Opt-Out Options

• Disable telemetry collection entirely
• Opt-out of product updates and announcements
• Choose which devices can sync

Data Location

You control where your data resides:

• Choose local-only mode (no sync)
• Select which devices store which data
• Manage your own backup locations

Children's Privacy

Atlantis AI is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.

International Data Transfers

Since your personal data never leaves your devices, there are no international data transfers of your personal information. Account information (email, payment records) is stored in the UK in compliance with UK data protection laws.

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via:

• In-app notifications
• Email to your registered address
• Prominent notice on our website

Continued use of Atlantis after changes indicates acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Roia Labs Limited
Email: info.atlantisai@gmail.com
Website: roia.io/atlantis

Data Protection Officer: info.atlantisai@gmail.com

Additional Rights for EU/UK Residents

If you are located in the European Union or United Kingdom, you have additional rights under GDPR/UK GDPR:

• Right to Rectification: Correct inaccurate personal data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data
• Right to Object: Object to certain types of processing
• Right to Complain: Lodge a complaint with your supervisory authority

To exercise these rights, contact info.atlantisai@gmail.com.

California Privacy Rights

California residents have additional rights under CCPA:

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information
• Right to non-discrimination for exercising privacy rights

We do not sell personal information as defined by CCPA.

Security Measures

We implement industry-standard security measures including:

• TLS 1.3 for all network communications
• Certificate pinning for mobile apps
• Regular security audits and penetration testing
• Bug bounty program for security researchers (coming soon)
• Secure software development lifecycle
• Regular security updates and patches