Skip to main content
AtlasOrc
Legal

PrivacyPolicy

Last updated June 2, 2026

1. Scope

This Privacy Policy explains how AtlasOrc processes personal data when you visit the website, create an account, sell products, buy or claim products, contact support, subscribe to seller updates, use the chat assistant, or interact with platform emails.

2. Personal data we collect

  • Account data - email address, user ID, role, login provider, name, avatar, and authentication session details when you sign in.
  • Seller data - store name, slug, bio, avatar, product listings, product files and previews, plan status, subscription status, referral relationships, discount codes, subscriber list records, payout history, and UPI ID for payouts.
  • Buyer data - email address, purchase or free-claim history, download-token usage, receipts, order status, opt-in subscriber choices, saved / wishlist products, reviews and star ratings you post, support messages, dispute details, and library-linking data if you later sign in.
  • Payment data - Razorpay order IDs, payment IDs, subscription IDs, status, amount, currency, and webhook records. AtlasOrc does not store full card, UPI, CVV, bank-account, or netbanking credentials.
  • Technical and security data - IP-derived request identifiers, device/browser data, logs, rate-limit events, CAPTCHA/Turnstile verification results, referral cookies, analytics events, error reports, and security telemetry.
  • Communications - emails you send us, chat-assistant messages, admin dispute notes, broadcast unsubscribe actions, and replies related to orders, payouts, or support.

3. Why we use personal data

  • To authenticate users and keep accounts secure.
  • To create stores, review listings, host files, publish products, and deliver downloads.
  • To process buyer checkout, free claims, receipts, seller Pro billing, refunds, disputes, and payouts.
  • To prevent fraud, abuse, spam, self-purchases, unauthorised access, and payment or referral manipulation.
  • To let sellers view sales, export opted-in subscribers, and send compliant broadcasts through AtlasOrc tools.
  • To publish product reviews and ratings — shown publicly with your display name and avatar — and let sellers reply to reviews on their own products.
  • To provide support, chat responses, product moderation, takedown handling, and admin audit trails.
  • To measure site usage, improve performance, debug errors, and understand product and marketplace health.
  • To comply with legal, tax, accounting, payment-partner, security, and dispute-resolution obligations.

4. Buyer email and seller access

Sellers can see buyer email addresses and order details that are necessary for sales records, support, refund handling, payout reconciliation, and storefront analytics. If a buyer opts in at checkout, that buyer may also be added to the seller's subscriber list for broadcasts. Sellers must use exported buyer/subscriber data only for their AtlasOrc store relationship, honour unsubscribe choices, and comply with applicable email, privacy, and consumer-protection laws.

5. What we do not do

  • We do not sell personal data.
  • We do not store full card, UPI PIN, CVV, or netbanking credentials.
  • We do not run Google Ads, Meta Ads, TikTok pixels, or cross-site advertising trackers.
  • We do not send your email to a seller's marketing list unless you opt in or otherwise ask us to.

6. Service providers and sharing

We share personal data only where needed to run, secure, support, or comply with the platform:

  • Supabase - database, authentication, sessions, and storage-related platform services.
  • Razorpay - buyer checkout, seller Pro subscriptions, payment verification, refund and dispute workflows.
  • Cloudflare R2 and Cloudflare Turnstile - product file storage, signed file delivery, and bot-abuse protection.
  • Resend - transactional emails, purchase receipts, payout emails, product-status emails, and seller broadcasts.
  • PostHog - product analytics using pseudonymous identifiers and redacted URLs.
  • Sentry - error and performance monitoring with query-string and email redaction safeguards.
  • Anthropic - admin-triggered automated screening of listing text for policy review where configured.
  • Chat assistant providers such as n8n - support-chat messages where the assistant integration is enabled.
  • Professional advisers, payment partners, banks, authorities, or courts - where required for compliance, fraud prevention, tax, disputes, or lawful requests.

7. Analytics and cookies

AtlasOrc uses cookies, localStorage, and similar technologies for authentication, referral attribution, cookie consent, security, and analytics. PostHog is configured to avoid sending email or names, redact sensitive query parameters, and use pseudonymous identifiers. See the Cookie Policy for details and controls.

8. Retention

  • Account and store data are kept while your account or store is active.
  • Products, files, previews, and storefront data are kept while listed, archived, or needed for disputes, records, or takedown handling.
  • Purchase, payout, refund, subscription, tax, accounting, and dispute records may be retained for at least 7 years or longer if required by law.
  • Download tokens expire after 72 hours, although purchase and access records may remain for library and support purposes.
  • Security logs, rate-limit data, analytics, and error data are retained for the period needed for safety, debugging, audit, and platform improvement.

9. Your privacy choices and rights

Depending on where you live and the law that applies, including India's Digital Personal Data Protection Act, 2023 where applicable, you may request access, correction, completion, updating, erasure, withdrawal of consent, grievance redressal, or nomination of another person to exercise your rights. We may ask you to verify your identity before acting on a request.

Some data cannot be deleted immediately if we need it for transactions, tax records, fraud prevention, security, legal claims, payment disputes, or compliance. Where deletion is not possible, we will limit use to the purpose that requires retention.

10. Security

We use access controls, private file storage, signed download URLs, rate limits, webhook signature verification, CAPTCHA on free-product claims, admin audit logs, and monitoring tools to protect the marketplace. No online service can guarantee perfect security, so please keep your login access and download links private.

11. International processing

AtlasOrc is operated from India, but some providers may process data in other jurisdictions. We use service providers for the purposes described above and apply contractual, technical, and organisational safeguards appropriate to the service.

12. Children

AtlasOrc is not directed to children under 18. If you believe a child has provided personal data to AtlasOrc, contact us and we will take appropriate action.

13. Contact and grievance redressal

For privacy questions, rights requests, or grievances, email hello@atlasorc.com with the subject Privacy Request. We aim to acknowledge requests promptly and respond within the period required by applicable law.

Questions about this policy? Email us and we'll reply within 48 hours.