Privacy Policy — Atlas

Effective: May 2026 Last updated: May 2026

This privacy policy describes how Atlas ("we," "us," or "the app") collects, uses, and protects your personal information.

Read this in plain English first: Atlas treats your data like the private medical record it is. We don't sell anything. We don't run ads. We only use your data to power features you've explicitly enabled in the app.

If you have questions, email support@atlashealth.app.


What We Collect

Atlas collects only information you explicitly provide or generate within the app. We do NOT collect device location, contacts, browsing history, advertising identifiers, or any data from outside the app.

The categories we collect:

Account Information. Your email address and password when you create an account. Passwords are never stored in plaintext — they're hashed and managed by our authentication provider (Supabase).

Profile Information. Your name, age, sex, height, weight, body fat percentage, goals (cut/maintain/bulk), training frequency, and unit preferences. You enter these during onboarding and can update or delete them at any time.

Health and Wellness Data. Bloodwork panels you import (markers, values, reference ranges, lab provider, date), supplements and protocol items you log, weight measurements, food log entries (calories, macros, foods consumed), workout history (exercises sets, reps, durations, completion status), and AI chat conversations with Atlas.

Apple Health Data (optional). If you connect Apple Health, Atlas reads weight measurements and step counts from HealthKit. This data stays on your device and is only synced to our servers when you explicitly take an action that records it (e.g. tapping "Sync from Apple Health" on the Weight Tracker). You can disconnect Atlas from Apple Health at any time in iOS Settings → Health → Sources → Atlas.

Subscription Information. When you purchase Atlas Pro or Atlas Premium, Apple processes the payment. We receive only the subscription tier and renewal status — never your credit card, Apple ID, or billing address.


How We Store Your Data

All Atlas data is stored on Supabase, a managed PostgreSQL provider that complies with SOC 2 Type II. Your data is stored in a private row protected by Row Level Security (RLS) policies — this means your records can only be read or modified by your authenticated account. No other Atlas user, no Atlas employee without explicit break-glass access, and no third party can read your data.

Data in transit between your device and our servers is encrypted with TLS 1.2+. Data at rest in Supabase is encrypted with AES-256.

We do NOT store data in third-party advertising networks, analytics tools that fingerprint users, or marketing databases.


Artificial Intelligence Processing

Atlas uses Anthropic's Claude to generate AI insights and chat responses. When you request a lab read or send an Atlas chat message:

  1. Your data (bloodwork panel, profile, protocol, today's macros) is sent to Anthropic's API along with your message.
  2. Anthropic processes the request and returns a response.
  3. Anthropic does NOT use customer API data to train their models — this is contractually guaranteed under their commercial terms.
  4. The response is cached on your private Atlas record so reopening the same panel doesn't trigger another paid AI call.

Our Anthropic API key is stored in our backend environment and never exposed to your device. You are not billed for AI usage directly — your subscription tier covers the cost.

If you delete a chat thread or lab panel, the cached AI response is deleted with it.


What We DON'T Do


Your Rights

You can:

Export your data. Settings → Data & Privacy → Export. You receive a JSON file containing every row associated with your account.

Delete your account. Settings → Account → Delete Account. This permanently erases your profile, bloodwork, food log, workout history, protocol, and AI chat history from our servers. Deletion is immediate and irreversible.

Request a copy of what's stored. Email support@atlashealth.app from your account email and we'll send you everything within 30 days, free of charge.

Withdraw consent. Stop using Atlas at any time. Disconnect Apple Health in iOS Settings. Cancel your subscription via Apple's subscription management.

If you reside in California, the EU, the UK, or another jurisdiction with comprehensive privacy laws (CCPA, GDPR, UK-GDPR, etc.), you have additional statutory rights including data portability, correction, and the right to lodge a complaint with a supervisory authority.


Children's Privacy

Atlas is not intended for users under 13. We do not knowingly collect data from children. If you believe a minor has created an Atlas account, contact us and we'll delete it.


Medical Disclaimer (also referenced in our Terms of Service)

Atlas is not a medical device. Atlas does NOT diagnose, treat, cure, or prevent any disease. AI insights and recommendations are informational only and are not a substitute for professional medical advice. Always consult a qualified healthcare provider before making changes to your medications, supplements, or treatment.


Third-Party Services

Atlas uses the following sub-processors:

Provider Purpose What they receive
Supabase Auth + database All Atlas data
Anthropic AI processing Bloodwork + chat context (per request)
Apple App distribution + IAP Subscription status only
Expo (EAS) Build pipeline Source code at build time

We have data processing agreements with Supabase and Anthropic. None of these providers sell your data or use it for advertising.


Changes to This Policy

We will update this policy as Atlas evolves. Material changes will be notified in-app at least 14 days before taking effect. Continued use of Atlas after a change means you accept the updated policy.

The current version is always available at: https://lukehharris1.github.io/atlas-legal/privacy.html


Contact

Questions, complaints, or data requests:

support@atlashealth.app

Atlas is operated by Luke Harris (Individual). For physical correspondence, email first and we'll provide a mailing address.


This policy is provided as a starting point. Before launching to the public App Store, have it reviewed by an attorney familiar with mobile health apps, particularly if you serve users outside the US.