Privacy Policy

Privacy Policy

Version: 2026.02

Effective Date: 2026-02-18

Last Updated: 2026-02-21

1. Introduction

At Atropos, we respect your privacy and are committed to protecting your personal data. We operate on a local-first principle: most processing happens on your device, and we only keep server-side data required to run licensing and billing.

2. Data We Store (Server-Side)

We store only the minimum data needed to manage subscriptions, trial limits, and support.

• Account & Billing: Billing email and account entitlement status.
• Subscription State: Plan status metadata synced from our payment provider (for example, active/canceled state and renewal timing).
• Trial Usage: Trial counters used to enforce free-trial limits.
• Device Authorization Metadata: Limited device-linked metadata used to validate access and help prevent abuse.
• Legal Acceptance Metadata: Records that track terms/policy acceptance versions required to use the service.

3. Data Stored on Your Device (Local)

Atropos keeps project and workflow content on your machine. We do not upload your media files to Atropos servers as part of normal operation.

Atropos uses a device-bound account identifier (device_id_hash) and does not provide email/password login. Local credentials are stored in your operating system keychain or equivalent secure store. Optional recovery phrases are shown once; only a hash is stored server-side for verification.

• Media Files: Source videos, clips, shorts, and exports.
• Connected Account Credentials: OAuth tokens, session cookies, and other platform auth data for services you connect.
• Application Settings: Local preferences and configuration values.

4. AI Models, Runtimes, and Optional Providers

Atropos can use local AI runtimes and models directly on your device. If you enable optional third-party AI providers, data is only sent to those providers when you request those features.

• Local AI Runtime: Native local inference runtime and compatible model packages run on-device.
• Optional Local Connectors: You may connect tools like LM Studio or Ollama, which run on your own hardware.
• Optional Cloud AI Providers: If enabled by you, prompts/transcript content required for the requested feature can be sent to the provider you configure.

For the current list of model identifiers, third-party packages, and supporting dependencies, see our Open Source Credits.

5. How We Collect Data

• Directly from You: When you activate the app or contact support.
• From Service Providers: Subscription status webhooks and billing state from Stripe.
• Locally Generated: Device and runtime metadata used for license validation.

6. Why We Process Data

• License Management: To validate access and enforce trial limits.
• Billing Operations: To keep subscription status accurate.
• Security: To prevent abuse and protect account access.
• Support Communications: To respond to user inquiries.

7. Legal Bases for Processing

Depending on where you are located, we rely on one or more of the following

legal bases:

• Contract: Processing needed to provide the Service you request.
• Legal Obligations: Processing required for tax, accounting, and compliance duties.
• Legitimate Interests: Processing for security, fraud prevention, and service reliability.
• Consent: Processing based on your permission where applicable.

8. Data Retention

• Account Data: Retained while your account is active and needed to provide the Service.
• Billing Records: Retained as required for tax, accounting, and legal compliance.
• Deleted Accounts: Data is scrubbed after deletion requests, except minimal records required for compliance, fraud prevention, or legal obligations.
• Operational Logs: Retained for a limited period for security and fraud prevention.

9. International Transfers

Our services are operated in the United States. If you access the Service from

outside the United States, your information may be transferred to and processed

in the United States.

10. Third-Party Infrastructure

• Stripe: Payment processing and subscription state.
• Cloudflare: API edge hosting, transport security, and delivery.

11. Your Rights

Depending on your location, you may have rights to:

• Access the account/license data we hold about you.
• Correction of inaccurate account or billing fields.
• Deletion of your account record (which ends service access).
• Objection to certain processing where applicable under local law.
• Complaint to your local data protection regulator, where applicable.

12. Children

The Service is not directed to children under 13 (or higher age where required

by local law).

13. Contact Us

If you have questions about this policy or want to exercise your rights, contact contact@atropos-video.com.