Privacy Policy

Last updated on April 12, 2026

1. Introduction

Welcome to Atomicule ("we", "our", or "us"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains what information we collect, how we use it, with whom we share it, and what rights you have — in accordance with the General Data Protection Regulation (GDPR) and applicable privacy laws.

This policy applies to the Atomicule mobile application (available on iOS and Android) and the atomicule.com website.

If you have questions about this policy, please contact us at privacy@atomicule.com

2. Data Controller

The data controller responsible for your personal data is Atomicule. For any privacy-related enquiries or requests, contact us at privacy@atomicule.com

3. What Data We Collect

We collect only the data necessary to provide and improve the Atomicule service.

3.1 Account Information

Email address (required for account creation and authentication)
Display name (required during sign-up, or set via Settings after social login)
Authentication method (email/password, Apple Sign-In, or Google Sign-In)
Account creation date and subscription status

3.2 App Content

We store the content you create within the app:

Time blocks (name, duration, category, colour, optional notes)
Flows (ordered collections of blocks, name, category, pinned status)
Session history (date, flow name, duration, completion status, optional notes)

3.3 Technical & Crash Data

We may collect basic technical information such as device type, operating system version, app version, and crash reports to diagnose issues and ensure stability. This data does not identify you personally.

3.4 Payment Information

We do not store your payment card details. Subscription payments are processed entirely through Apple App Store or Google Play Store in-app purchases. RevenueCat manages subscription entitlements and links your subscription status to your account.

3.5 Push Notification Preferences

If you grant notification permissions, your reminder time, active days, and enabled notification types are stored locally on your device only. This data never leaves your device and is used solely to deliver the reminders you have configured.

3.6 Analytics Data

We use PostHog to collect analytics on how users interact with the atomicule.com website and the Atomicule app. PostHog automatically collects the following data:

Screen views and navigation paths (current and previous screen)
Feature interactions and in-app events
Approximate location derived from your IP address (city, postal code, country, latitude and longitude with ~5 km accuracy radius)
Device type and screen dimensions
App version, build number, and bundle identifier
Locale and timezone
A randomly-generated session ID

PostHog does not receive your email address or any content you create in the app. Your IP address is used only to derive approximate location and is not stored. Analytics data is routed through our own proxy server to PostHog's cloud infrastructure for processing. This data is used solely to understand how the product is used and to guide improvements.

4. How We Use Your Data

We use your data for the following purposes and legal bases:

Purpose	Legal Basis
Providing the app and its core features	Contract performance
Managing your account and authentication	Contract performance
Processing and managing your subscription	Contract performance
Sending reminders and notifications you configure	Consent
Sending trial expiry and subscription notices	Legitimate interests (service communication)
Analysing usage to improve the product	Legitimate interests
Complying with legal obligations (e.g. GDPR deletion requests)	Legal obligation

5. Third-Party Services

We rely on the following trusted third-party providers to operate the service. Each processes your data only as necessary for the described purpose.

Provider	Purpose	Data shared
Supabase	Authentication, storage	Account data, app content, session history
RevenueCat	Subscription and entitlement management	User ID, subscription events
Apple / Google	Single sign-on, in-app purchases, push notifications	Platform account identifier, device token
Cloudflare	Content delivery, DDoS protection, tag management & anonymous website analytics (Zaraz)	IP address, request metadata, anonymous pageview data — no cookies used for Cloudflare analytics
PostHog	Product analytics (website & app usage)	Anonymous session ID, screen views, feature interactions, GeoIP-derived location, device type, screen dimensions, app version, locale, timezone — IP address used for geolocation only, not stored

We do not sell your personal data to third parties, and we do not share it for advertising purposes.

6. Data Storage and Security

Your data is stored on Supabase's cloud infrastructure. Supabase uses PostgreSQL with row-level security and JWT-based authentication to ensure that each user can only access their own data.

All data is transmitted over encrypted connections (TLS). We apply appropriate technical and organisational measures to protect your data against unauthorised access, loss, or disclosure.

Supabase's infrastructure is hosted in the European Union where possible. For details on Supabase's data processing and sub-processors, refer to their privacy documentation.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with the service.

If you cancel your subscription, your account data — including your blocks, flows, and session history — is retained so you can resume access if you re-subscribe.

If you delete your account, your data is soft-deleted immediately and permanently purged within 30 days. During this window you will not be able to log in, and no further processing of your data takes place. After 30 days all personally identifiable data is removed from our systems.

8. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have the following rights regarding your personal data:

Right of access — you can request a copy of the personal data we hold about you.
Right to rectification — you can update or correct inaccurate data. Most account data can be updated directly in the app under Settings.
Right to erasure — you can delete your account at any time from Settings → Delete Account. This triggers permanent data removal within 30 days.
Right to data portability — you can request an export of your personal data in a machine-readable format.
Right to restrict processing — you can ask us to limit how we process your data in certain circumstances.
Right to object — you can object to processing based on legitimate interests.
Right to withdraw consent — where processing is based on consent (e.g. push notifications), you can withdraw it at any time in your device or app settings.

To exercise any of these rights, contact us at privacy@atomicule.com . We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

9. Push Notifications

Atomicule may send push notifications for daily reminders, streak-at-risk alerts, and subscription notices. You are prompted for notification permission after your first completed session — not on first launch.

You can manage or disable notifications at any time from the Settings screen within the app, or from your device's system notification settings.

10. Children's Privacy

Atomicule is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@atomicule.com and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you via the app or email.

Continued use of Atomicule after changes are published constitutes acceptance of the updated policy.

12. Contact

For any questions, concerns, or requests regarding your privacy or this policy, please reach out at privacy@atomicule.com