← Atlas

Privacy Policy

Last updated: July 2026

Atlas helps commercial real estate investors organize property, lease, and rent-roll data that already lives in their own Google and Microsoft accounts. This policy explains exactly what we access, why, and the control you have.

What we access, and why

Only the data sources you explicitly connect, using read-only access scoped to the specific folders (Google Drive, OneDrive) or the email label/folder (Gmail, Outlook) you choose. We request the narrowest permissions that work. We use this access solely to read the documents and emails you point us to so we can extract your property data and show it back to you. Atlas never sees anything else in your Drive, OneDrive, or inbox, and never writes to them.

Google API scopes and Limited Use

Atlas’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We request drive.file (only files you pick) and gmail.readonly (only the label you choose). We do not use this data for advertising, and we do not sell it.

Your data is not used to train AI

To structure your documents we use a third-party AI provider through a single interface configured so your content is not used to train AI models. With our current provider, content may be retained by the provider for up to 30 days for abuse monitoring only, then deleted. We make no “zero-retention,” “bank-grade,” SOC 2, or other certification claims we do not hold.

We send as little as possible

A lightweight first pass filters to genuinely relevant documents before anything is analyzed in depth. We never send whole inboxes or drives to any AI provider. We do not log the contents of your documents or emails.

Encryption and isolation

The tokens that grant access to your connected accounts are encrypted at the application layer with a key held outside our database, so a database leak alone cannot reach your accounts. Every customer’s data is isolated at the database level so no other customer can read yours. Data is transmitted over TLS and stored on infrastructure with encryption at rest.

Nothing changes without your review

Extracted data never reaches your live dashboard until you confirm it, and anything you correct becomes the source of truth that future syncs will not overwrite.

Revoke and delete anytime

You can disconnect any source at any time to revoke our access, or delete all of your ingested and extracted data in one click from your settings. You may also revoke access from your Google or Microsoft account security settings.

Contact

Questions about this policy or your data: bkluce13@gmail.com.