Version 1.0 | Effective 21 Nov 2024 | Last Reviewed 11 Apr 2025 | Prepared by Privacy & Compliance Office, AtomLeap.ai
1. Introduction
Welcome to AtomLeap.ai ("we", "us", "our"). We value your trust and are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services. It also outlines your rights and how you can exercise them.
We adhere to applicable data protection laws, including the Indian Digital Personal Data Protection Act (DPDPA), General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), UK GDPR and other relevant global privacy regulations.
2. Scope of This Policy
This Privacy Policy applies to all personal data collected through:
- Our website (atomleap.ai)
- Subdomains (e.g., collapse.atomleap.ai, connect.atomleap.ai, ask.atomleap.ai, blog.atomleap.ai, hrms.atomleap.ai)
- Web and mobile applications
- APIs and integrations
- Our social media channels
- Email communications and newsletter signups
- Customer support and live chat tools
- Events, webinars, and offline interactions
This policy applies regardless of the platform or device used to access our services.
3. Key Definitions
- Personal Data: Any information relating to an identified or identifiable person.
- Processing: Any operation performed on personal data, such as collection, storage, use, modification, or deletion.
- Data Controller: The entity determining the purposes and means of processing personal data.
- Data Subject: The individual to whom the personal data relates.
- Processor: A third party processing personal data on behalf of AtomLeap.ai.
- Third Country: Any country outside the European Economic Area (EEA) or jurisdictions with adequacy decisions.
- Profiling: Automated processing of personal data to evaluate personal aspects related to an individual.
- Consent: Any freely given, specific, informed, and unambiguous indication of a user’s wishes.
4. Categories of Data We Collect
a. Information You Provide Directly
- Full name, contact number, and email address
- Username and encrypted password
- Company name, designation, and industry
- Invoices, billing address, and payment information
- Job applications and resumes (for recruitment)
- Feedback, inquiries, and support tickets
b. Automatically Collected Information
- IP address and geolocation
- Browser type, version, and settings
- Operating system and device identifiers
- Pages viewed, time spent, and actions taken
- Referral sources (how you arrived at the site)
- Language settings and time zone
c. Information from Third Parties
- Social login integrations (Google, LinkedIn)
- Public sources like LinkedIn or company websites
- Marketing affiliates and lead generation services
- Data enrichment providers (firmographic data)
We never knowingly collect special categories of data (e.g., biometric, health, political opinions) unless legally required.
5. Purposes and Legal Basis for Processing
We only process personal data where a lawful basis exists. Our processing purposes and legal bases include:
| Purpose | Legal Basis |
|---|---|
| Account registration and authentication | Contractual necessity |
| Providing products and services | Contractual necessity |
| Improving product features and UX | Legitimate interest |
| Customer support and service delivery | Legitimate interest, Consent |
| Payment processing and invoicing | Contractual necessity, Legal obligation |
| Sending product updates or marketing | Consent, Legitimate interest |
| Security monitoring and fraud prevention | Legitimate interest, Legal obligation |
| Legal compliance and audit obligations | Legal obligation |
Where consent is the basis, users may withdraw consent at any time without affecting prior processing.
6. How We Use Your Information
We use your information to:
- Register, verify, and manage user accounts
- Provide access to services and features
- Send important service announcements and legal notices
- Deliver newsletters and event updates (with opt-in)
- Provide chat, ticket, and email-based support
- Prevent fraudulent behavior and protect platform integrity
- Analyze user behavior for UX and product improvements
- Monitor system performance and fix bugs
- Personalize content, interfaces, or recommendations
7. Use of Cookies and Tracking Technologies
We use cookies, pixels, and scripts to:
- Authenticate user sessions
- Track website usage and metrics
- Store user preferences and themes
- Deliver remarketing/retargeting ads
Refer to our Cookies Policy for details on categories, purposes, duration, and opt-out mechanisms.
8. Third-Party Data Sharing
We may share your data with:
- Hosting providers (e.g., AWS, DigitalOcean)
- CRM and email providers (e.g., Mailchimp, Brevo)
- Payment gateways (e.g., Razorpay, Stripe)
- Analytics and monitoring tools (e.g., Google Analytics, Sentry)
- Legal or compliance consultants
- Government agencies (only under lawful requests)
We perform due diligence and sign Data Processing Agreements (DPAs) with all third parties.
We never sell personal data to third parties.
9. International Transfers of Data
Where we transfer data outside the EEA or UK:
- We use Standard Contractual Clauses (SCCs) approved by the EU Commission
- We assess destination countries for adequacy and vendor privacy posture
- We implement encryption and access control on exported data
Transfers to India, the United States, or other third countries comply with applicable cross-border data frameworks.
10. Data Retention and Deletion Policy
We retain personal data only as long as necessary:
- User account data: For the duration of your active relationship with us
- Support and ticketing data: 3 years after last interaction
- Payment and invoicing records: 7 years (legal obligation)
- Email marketing consent: Until withdrawn or inactive for 12 months
- Cookies and analytics data: As defined in our Cookies Policy
Users may request deletion or anonymization at any time (subject to legal exceptions).
11. Your Rights Under Applicable Laws
You have rights under GDPR, CCPA, and other laws:
- Access: Request copies of personal data
- Rectification: Request correction of inaccurate data
- Erasure: Request deletion of data, subject to exemptions
- Restriction: Request to limit processing in certain situations
- Portability: Request transfer of data to another service
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Revoke previously granted permissions
- Lodge Complaint: File a complaint with a local data protection authority
To exercise any of the above rights, email us at: privacy@atomleap.ai
12. Data Protection and Security Measures
We implement multiple layers of data security:
- HTTPS enforced for all communications
- AES-256 encryption for data at rest
- Periodic penetration testing and vulnerability scans
- Secure password hashing (bcrypt/argon2)
- Daily database backups and integrity checks
- Staff access control based on roles and responsibilities
- Continuous monitoring and alerting for anomalies
We follow the principle of least privilege and maintain incident response protocols.
13. Data Breaches and Incident Response
In the event of a data breach:
- We will assess scope and risk to affected individuals
- Notify affected users and authorities within 72 hours (as per GDPR)
- Take containment, mitigation, and recovery actions
You will be informed if your data is involved and steps to protect yourself.
14. Children’s Privacy
AtomLeap.ai does not target users under the age of 16. We do not knowingly collect data from children. If we become aware that personal data of a minor has been collected inadvertently, we will delete it promptly.
15. Automated Processing and Profiling
We may use automated tools for:
- Email engagement scoring
- Website behavior segmentation
- Marketing personalization
These activities do not involve automated decisions that produce legal effects or similarly significant consequences.
16. Links to Other Sites
Our platform may include links to third-party sites (e.g., YouTube, LinkedIn, Calendly). We are not responsible for their content, terms, or privacy practices. Users are advised to read the privacy notices of those sites.
17. Policy Updates and User Notifications
We may update this Privacy Policy due to:
- New regulations or court decisions
- Expansion of services
- Introduction of new technologies or tracking mechanisms
When changes occur:
- We will revise the "Effective Date" at the top
- Significant changes will be communicated via email or in-app notices
18. Contacting Us
For any questions, requests, or complaints:
Data Protection Officer
AtomLeap.ai Email: privacy@atomleap.ai
Subject line: "Privacy Policy Inquiry"
We aim to respond within 7–10 business days.
19. Appendix A – Data Categories Table
| Data Type | Examples | Collected From |
|---|---|---|
| Identity Data | Name, email, phone, profile photo | Users, integrations |
| Technical Data | IP, device ID, browser, OS | Web and app usage |
| Financial Data | Card info (tokenized), billing address | Payments and checkout |
| Usage Data | Login timestamps, clicks, interactions | Analytics tools |
| Communication Data | Emails, support messages, chat logs | CRM, live chat |
| Marketing Preferences | Newsletter opt-ins, event registrations | Forms, email lists |
20. Appendix B – List of Data Processors
| Processor | Purpose of Processing | Location | Safeguards |
|---|---|---|---|
| Amazon Web Services | Cloud infrastructure and hosting | USA, India | SCCs, encryption, ISO/IEC 27001 |
| Google LLC | Analytics, email infrastructure | USA | SCCs, Privacy Shield Legacy, DPA signed |
| Microsoft Corp. | Office suite, document storage | USA, EU | SCCs, DPA, enterprise controls |
| Brevo (Sendinblue) | Email campaign delivery | EU | GDPR Compliant, DPA signed |
| Razorpay | Payment processing (India clients) | India | PCI-DSS Compliant, localized data controls |
| Stripe | Global payment gateway | USA, EU | PCI-DSS, SCCs, ISO/IEC 27001 |
| Sentry | Application error monitoring | USA, EU | SCCs, access controls, data retention policies |
| Calendly | Scheduling and calendar integrations | USA | SCCs, privacy notice, user opt-in required |
| Intercom | Customer support and live chat | USA | SCCs, access control, logging and audit trail |
| Hotjar | Heatmaps and user feedback | EU | GDPR Compliant, IP anonymization enabled |
Each processor has been assessed for compliance with applicable laws and bound by Data Processing Agreements (DPAs) wherever applicable.
21. Appendix C – Legal References and Frameworks
This Privacy Policy is aligned with the following legal and regulatory frameworks:
Indian Digital Personal Data Protection Act, 2023 (DPDPA)
- Section 4: Consent-based processing
- Section 7: Legitimate uses
- Section 9: Personal data protection duties of data fiduciaries
- Section 14: Rights of data principals
- Section 25: Cross-border transfers
- Section 27-30: Penalties and redress mechanisms
General Data Protection Regulation (GDPR) – EU Regulation 2016/679
- Article 5: Principles relating to processing of personal data
- Article 6: Lawfulness of processing
- Article 7: Conditions for consent
- Article 12-23: Rights of the data subject
- Article 32: Security of processing
- Article 33-34: Notification of a personal data breach
- Article 44-49: International data transfers
UK GDPR (Post-Brexit Framework)
- Mirrors the principles and rights set out in the EU GDPR
- Enforced by the UK Information Commissioner’s Office (ICO)
California Consumer Privacy Act (CCPA) & CPRA
- Section 1798.100: Consumer rights to know
- Section 1798.105: Right to delete
- Section 1798.120: Right to opt out of sale
- Section 1798.130: Notice requirements and methods for consumers to exercise rights
- CPRA (2023 update): Introduced sensitive personal data category and right to correction
Additional References
- ePrivacy Directive (EU Cookie Law) – Directive 2002/58/EC
- PCI-DSS – Payment Card Industry Data Security Standard for payment processors
- ISO/IEC 27001 – Information Security Management standard (for vendors and internal compliance)
These legal references inform AtomLeap.ai’s data governance policies, processing agreements, and security practices.