NewAtlantic raises from Galata Business Angels at a $5M valuation
PRIVACY POLICY

Your data belongs to you.

We collect only what we need, use it only to serve you, and never train models on your data. Plain language, no weasel words.

01

Overview

Atlantic AI Inc. (“Atlantic”, “we”, “our”) operates the Atlantic platform at app.getatlantic.ai and the marketing site at getatlantic.ai. This Privacy Policy explains what data we collect, why we collect it, and your rights over that data.

Effective date: 2026-06-02.
Company: Atlantic AI Inc., 8 The Green STE D, Dover, Delaware 19901, USA.
Contact: info@getatlantic.ai.

02

Data we collect

Account & identity data. When you sign up, we collect your name, email address, company name, and a password hash. For SSO (Google / Microsoft), we receive the profile fields your provider grants.

Usage & product analytics. We use PostHog to capture product events (page visits, feature interactions, session replays) to improve the product. Session recordings are subject to your cookie consent selection. Raw event data is stored in the EU (PostHog EU Cloud) and not shared with ad networks.

Integration data. When you connect third-party services (Slack, Google Drive, Jira, etc.), Atlantic receives only the OAuth scopes you grant. That data is processed on your behalf as described in our Data Processing Addendum and is never used for model training.

Communications. If you contact support or book a demo, we retain the content of those communications to resolve your request.

Technical & infrastructure data. Logs include IP addresses, user-agent strings, and timestamps, retained for up to 90 days for security and debugging.

03

Google Workspace data (Limited Use)

When you connect Google Workspace, Atlantic accesses only the data covered by the OAuth scopes you grant, and only to carry out actions you explicitly request inside the app. We request the minimum scopes needed for these features:

  • Gmail (gmail.modify): read a thread for context, then draft, send, reply to, and label messages when you ask.
  • Calendar (calendar, calendar.events): read availability and create, update, or reschedule events you ask us to book.
  • Drive (drive, drive.file): search your existing files to answer a question, and create or edit files on request.
  • Docs, Sheets, Slides (documents, spreadsheets, presentations): read a document for context, then create or edit it on request.
  • Forms (forms.body, forms.responses.readonly): create and edit forms and read their responses to summarize results.
  • Chat (chat.spaces, chat.messages, chat.memberships, chat.messages.reactions): read a space for context, then post, edit, and react to messages, and manage spaces and members on request.
  • Meet (meetings.space.created, meetings.space.readonly): create Meet spaces and read meeting details, recordings, and transcripts to prepare or summarize meetings.

Limited Use. Atlantic’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, for data obtained through Google APIs we commit that we:

  • use Google user data only to provide or improve user-facing features that are prominent in Atlantic;
  • do not transfer Google user data to third parties, ad networks, or data brokers, except as necessary to provide or improve those features, to comply with applicable law, or as part of a merger or acquisition with notice to users;
  • do not use Google user data for advertising;
  • do not use Google user data to train, fine-tune, or evaluate generalized AI or machine-learning models;
  • do not allow humans to read Google user data unless you give explicit consent for a specific request, it is needed for security (such as investigating abuse), or the law requires it.

Google Workspace data is processed transiently to fulfill your request and is not retained beyond what is needed to operate the feature, except content you explicitly save to your workspace. You can disconnect Google at any time from the Integrations page, which revokes Atlantic’s access.

04

Purposes & legal bases

PurposeLegal basis (GDPR)
Provide and operate the Atlantic platformPerformance of contract (Art. 6(1)(b))
Send transactional emails (account, invoices, security)Performance of contract (Art. 6(1)(b))
Product analytics and session replayLegitimate interest + consent (Art. 6(1)(a)(f))
Security, fraud prevention, abuse detectionLegitimate interest (Art. 6(1)(f))
Comply with legal obligationsLegal obligation (Art. 6(1)(c))
Marketing to existing customers (product updates)Legitimate interest (Art. 6(1)(f)); opt-out always available
05

Retention

We retain your account data for the duration of your subscription plus 90 days after termination, unless a longer period is required by law.

Temporary conversations (when “Temporary Chat” is enabled) are soft-deleted immediately on session end and hard-deleted after 30 days.

Infrastructure logs are retained for 90 days. Analytics events are retained for 24 months, after which they are aggregated or deleted.

06

Sub-processors

We share data with a limited set of sub-processors necessary to deliver the service. Each sub-processor is subject to a data processing agreement with Atlantic. The full list is available at getatlantic.ai/sub-processors.

We will notify you at least 30 days before adding a new sub-processor that processes personal data.

07

No training on your data

Atlantic does not use customer data to train, fine-tune, or evaluate AI models. This commitment is contractual and applies to all tiers, including free trials. Your knowledge base, chat history, and integration data remain yours.

Model inference is performed via AWS Bedrock (Anthropic Claude). AWS Bedrock does not use API inputs to train Amazon models. See AWS’s Bedrock data privacy page for details.

08

International transfers

Atlantic is incorporated in the United States. If you are located in the EU/EEA, UK, or Turkey, your personal data may be transferred to and processed in the United States and other countries.

We protect such transfers using Standard Contractual Clauses (SCCs) approved by the European Commission. Our Data Processing Addendum (available at /dpa) incorporates the SCCs by reference.

Where local data protection laws apply, we honor their requirements, including explicit consent for international transfers where required, and maintain regional data residency where technically feasible.

09

Your rights

Depending on your jurisdiction, you have the right to:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: correct inaccurate data.
  • Erasure: ask us to delete your personal data (“right to be forgotten”).
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interest.
  • Restriction: request we limit processing while a dispute is resolved.
  • Withdraw consent: where processing is based on consent (e.g. session replay), withdraw at any time via cookie settings.

To exercise any right, email info@getatlantic.ai. We will respond within 30 days. You may also lodge a complaint with your local data protection authority.

10

Security

Atlantic is SOC 2 audited (report available under NDA on request). We apply AES-256 encryption at rest with customer-managed keys (BYOK) available on Enterprise plans, TLS 1.3 in transit, and role-based access control throughout.

On-prem airgap deployment is available for customers where no data leaves their network. Contact us to discuss your requirements.

11

Cookies

We use strictly necessary cookies (session authentication) without consent. We use analytics cookies (PostHog session replay, page-view tracking) only with your consent, set via the cookie banner on your first visit. You can change your preference at any time via the “Cookie preferences” link in the footer.

12

Changes to this policy

We will update this policy when our practices change materially. We will notify active subscribers by email at least 30 days before changes take effect. The current version is always at getatlantic.ai/privacy.