Privacy Policy

Last updated: July 2, 2026

This Policy describes what personal data the Atlano service (the “Service”) processes, for which purposes, how it is stored and protected, and what rights you have as a data subject. The legal basis for processing account data and user content is the Terms of Service you accept at registration; no separate consent is required or requested for this.

1. What data we collect

Account data: email address, optional name, hashed password or external OAuth provider identifier.

User content: goals, tasks, notes, comments, journal entries, touch events, day plans. This data belongs to you.

Technical data: IP address, device and browser parameters, language, time zone, application telemetry.

Site analytics (atlano.app): anonymized visit events via Yandex.Metrica — only after you accept cookies.

Application telemetry: our own anonymous event counters with NO goal content — the full list is below, in “What we count and what we never see”.

Feedback: message text and attached technical context (URL, version, user-agent) submitted through the built-in form.

1a. What we count and what we never see (app telemetry)

Application telemetry is fully anonymous and published here in full — this is the entire event list: app open (once a day), onboarding steps and completion, the first touch and the first seen node movement, touches (source and a minutes bucket: “<5”, “5–15”…), goal created/completed (horizon only), section view (once per section per day), map actions (open, recenter), review completion (period), telemetry opt-out, app error (screen name, no content).

What telemetry NEVER contains: titles or texts of goals, tasks or entries; goal identifiers; your e-mail or account id; IP address. Every event property is a closed enum or a bucket — free text is technically impossible: the server drops anything outside the published schema.

The install identifier is a random UUID created on the device, never linked to the account (events are sent without authorization) and erased when telemetry is turned off.

Telemetry can be turned off at any moment: the toggle is shown on the first onboarding screen and in Settings → Data.

2. Purposes of processing

Providing Service functionality (storing and syncing your goals and tasks).

Authentication, protection from unauthorized access and abuse.

Communication regarding support and Service operation.

Product improvement based on anonymized analytics.

Compliance with applicable laws.

3. Legal basis

Account data and user content: performance of the Terms of Service you accept with the checkbox at registration.

Analytics cookies on the site: your consent given via the “Accept” button in the cookie banner, withdrawable at any time (the “Reject” button or clearing cookies).

Technical data and logs: the operator's legitimate interest in security and stable operation of the Service.

4. Retention

Account data and user content are stored while your account exists. When you delete your account from the Service settings, personal data and user content are removed from the database immediately and irreversibly, with no soft-delete intermediate state.

Logs and technical data are kept for up to 12 months.

Feedback data is kept as long as needed for processing and quality analysis.

5. Third parties

We do not sell your data. Transfer is possible only to contractors that operate the Service (hosting, email, analytics, payments) under confidentiality terms and only to the extent necessary.

Services used: Yandex.Metrica, GlitchTip (error monitoring, self-hosted), and a hosting provider in Russia.

Databases used to collect and store personal data are located in the Russian Federation. No cross-border transfer of personal data takes place.

6. Cookies and similar technologies

The Service uses technical cookies for authentication and analytics cookies for metrics. Analytics cookies are set only after your explicit consent via the cookie banner.

You can withdraw consent at any time by clearing cookies in your browser or clicking “Reject” in the banner.

7. Your rights

You may access, correct, or fully delete your data and demand that processing stops at any time. Account deletion is performed directly through Service settings (the “Delete account” button): data is erased from the database immediately and irreversibly. This also constitutes withdrawal of all consents you have given and termination of processing.

You can also withdraw consent or demand erasure by contacting the operator (contacts below) in free form: processing stops and data is destroyed within 30 days. Consent to analytics cookies is withdrawn with the “Reject” button in the banner or by clearing cookies in your browser.

The operator replies to data subject requests (what data is processed, its origin, etc.) within 10 business days.

For data processing matters, contact us on Telegram: https://t.me/kino_coder.

8. Security

We apply reasonable technical and organizational measures: traffic encryption (HTTPS/TLS), password hashing, limited access for staff and contractors, incident monitoring.

9. Changes to this Policy

We may update this Policy. The date of the last update is shown at the top of the document. Material changes are communicated by email or in the Service UI.

10. Contacts

ИП Лунин Алексей Алексеевич, ИНН 732728790500. For any data processing questions contact us on Telegram: https://t.me/kino_coder.