ATAPIC ATAPIC
arrow_back Back to Home

Privacy Policy

Last updated: April 24, 2026

ATAPIC is a chat-first AI platform that helps founders, operators, and revenue teams discover opportunities, research people and companies, draft outreach, schedule meetings, and manage follow-up workflows. You can connect Google or Microsoft email and calendar, CRM tools (such as HubSpot or Salesforce), and other services to power those workflows.

  • We do not sell personal information, and we do not share it for cross-context behavioral advertising.
  • We do not use Google or Microsoft user data — including email and calendar content — for advertising.
  • We use Google API Services in compliance with the Google API Services User Data Policy, including the Limited Use requirements.
  • We minimize collection to what’s necessary to power discovery, research, drafting, scheduling, CRM workflows, and the features you actually use.
  • We use encryption, access controls, and audited logs to protect data.

Who controls your data

Controller: ATAPIC Inc

6650 Rivers Ave Ste 105, PMB 726652, North Charleston, SC 29406-4829, USA

Email: privacy@atapic.com

Information we collect

Account & Billing

  • Name, email, password (hashed), organization or team name
  • Plan, usage, invoices, and payment metadata (payments processed by our PCI-compliant provider; we don’t store full card details)
  • Support communications (for example, emails you send to our team)

Product & Usage Data

  • Saved people, opportunity lists, notes, deals, tasks, meetings, and any labels/tags you create in ATAPIC
  • Public business and profile data (e.g., names, role titles, company, public profile URLs) discovered from public web pages or licensed data partners
  • Outreach drafts, AI-generated content you create, and the prompts you send to ATAPIC
  • Basic device/usage analytics (browser type, pages/features used, events, approximate region); cookies/local storage for authentication and preferences

Connected accounts (Google, Microsoft, CRMs, social)

  • OAuth tokens and the minimum profile fields (name, email address, account ID) needed to authenticate you
  • Email metadata and message content from your connected mailbox only when you ask ATAPIC to read, send, draft, track, or sync messages
  • Calendar events, availability windows, and meeting metadata from your connected calendar only when you ask ATAPIC to schedule, propose times, sync, or summarize
  • CRM records (contacts, leads, deals, activities) you choose to sync between ATAPIC and your CRM (HubSpot, Salesforce, etc.)
  • For LinkedIn and similar platforms: only the public-profile elements and engagement signals you action through ATAPIC — never passwords or private DMs

We do not collect or store passwords from third-party sites. We do not read your private DMs on social networks. We only access email and calendar content to deliver the feature you specifically asked for, and we do not use it for any other purpose.

Use of Google and Microsoft user data

When you connect your Google account (Gmail, Calendar, or Workspace) or Microsoft account (Outlook, Microsoft 365, Calendar) to ATAPIC, we access only the scopes you grant during OAuth, and we use that data exclusively to provide user-facing product features that you have requested.

What we use it for

  • Sending and tracking outreach emails you compose, approve, or schedule in ATAPIC
  • Reading replies, opens, and bounces so we can keep your pipeline and follow-ups accurate
  • Reading your calendar availability so ATAPIC can propose meeting times
  • Creating, updating, or canceling calendar events you ask ATAPIC to schedule
  • Connecting messages and meetings to the corresponding CRM, lead, deal, or task records
  • Summarizing threads and meetings on request, so you can move work forward faster

What we will never do

  • We do not sell, rent, or trade Google or Microsoft user data
  • We do not use Google or Microsoft user data for advertising — ours or anyone else’s
  • We do not use email or calendar content to train general-purpose AI models for third parties
  • We do not let humans read your email or calendar except where you ask for support, with your consent, or where required by law
  • We do not retain content longer than needed to deliver the feature you used (see Retention below)

Google API Services User Data Policy — Limited Use

ATAPIC’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use Google user data only to provide or improve user-facing features that you specifically request inside ATAPIC, and only in ways disclosed in this policy. We do not transfer Google user data to third parties except as needed to provide or improve those features, comply with applicable law, or as part of a merger, acquisition, or sale of assets where the same protections apply.

Microsoft Graph and Microsoft 365 data

Microsoft account data accessed through Microsoft Graph (Outlook mail, Calendar, Teams metadata) is used under the same principles: only to deliver the feature you requested, never for advertising, never sold or shared for unrelated purposes, and only retained as long as needed for that feature plus a short window for diagnostics and abuse prevention.

How to revoke access

You can disconnect a Google or Microsoft account at any time:

Revoking access stops further reading, sending, or syncing immediately. We delete or anonymize the associated tokens; cached content tied to features you used is removed on the schedule described in Retention & Security.

AI processing

ATAPIC uses AI services to deliver the features you actually use — drafting messages, summarizing emails and meetings, recommending leads, generating research insights, normalizing your search intent, and automating workflow steps you trigger. AI is a tool inside the product, not an independent profile of you.

  • Your prompts and the data you direct ATAPIC to process (e.g., a search query, an email you’re drafting, a meeting transcript you upload) may be sent to our AI providers for that single task.
  • Our AI providers process this data on our behalf as data processors, under contractual terms that forbid using your content to train their general-purpose models.
  • We use AI only to provide the features you requested. We do not use Google or Microsoft user data — including email and calendar content — to train ATAPIC’s or any third party’s general-purpose AI models.
  • AI output can be wrong, incomplete, or out of date. You are responsible for reviewing AI-generated drafts, recommendations, and insights before sending them, acting on them, or relying on them in any decision. See our Terms of Service for the full disclaimer.

How we use data

  • Provide and improve people discovery, research, and opportunity management features
  • Personalize results, suggestions, and AI responses based on your goals and usage
  • Measure performance, prevent abuse/fraud, and secure the service
  • Comply with law, enforce terms, and maintain business and financial records

GDPR legal bases

  • Contract (to deliver the service you requested)
  • Legitimate interests (product analytics, security, anti-abuse, and improving ATAPIC)
  • Consent (marketing emails, optional integrations, and non-essential cookies)
  • Legal obligation (tax/financial records and compliance)

How we share data

  • Subprocessors and service providers: trusted vendors who process data on our behalf under written confidentiality and data-processing terms (see the categories below).
  • Business transfers: in mergers, acquisitions, or financing events, data may transfer under this same policy or a successor policy with comparable protections.
  • Legal: to comply with law, enforce terms, or protect rights, property, and safety.

Categories of subprocessors we use

  • Cloud hosting & infrastructure — to run the ATAPIC application and database (Microsoft Azure)
  • AI / large language model providers — to power drafting, summarization, intent parsing, and recommendations (Azure OpenAI / OpenAI). These providers process your prompts and the content you direct ATAPIC to handle, under contracts that forbid using your content to train their general-purpose models.
  • Email and calendar APIs — Google APIs (Gmail, Calendar) and Microsoft Graph (Outlook, Calendar) when you connect those accounts
  • CRM APIs — HubSpot, Salesforce, and similar, when you connect a CRM
  • Lead enrichment and public business-data providers — independent providers that supply public business and profile data (such as company names, role titles, public profile URLs). These providers do not receive your Google or Microsoft user data, your prompts, or your private content; they send public information to us about third parties. Bound by written confidentiality and data-processing terms.
  • Meeting intelligence — transcription/recording services for meetings you ask ATAPIC to summarize (Recall.ai)
  • Payments & billing — PCI-compliant payment processor (Stripe). We don’t store full card numbers.
  • Analytics & error monitoring — privacy-respecting product analytics and error reporting
  • Email delivery — transactional email providers for system notifications and password resets

Enterprise customers can request a current named subprocessor list under our Data Processing Addendum by emailing privacy@atapic.com.

We do not sell personal information and do not share it for cross-context behavioral advertising under the CPRA.

Retention & Security

  • Account data: kept while your account is active. Deleted within 30 days of account closure, except where we’re required to keep records longer for tax, fraud-prevention, or legal reasons.
  • Saved lists, leads, deals, notes, and content you created: persist until you delete them or close your account, then deleted within 30 days.
  • Email and calendar content accessed via OAuth: only retained as long as needed to deliver the feature (e.g., a tracked thread, an open scheduling proposal). Tokens are revoked and cached content is purged within 30 days of you disconnecting the account.
  • AI prompt and output logs: short-lived diagnostic logs (typically up to 30 days) used only for debugging, abuse prevention, and quality. Not used to train general-purpose models.
  • System and security logs: typically 90–180 days, longer where needed for security, fraud-prevention, or legal obligations.
  • Backups: encrypted; rolled forward on a regular schedule. Deleted records are removed from active systems immediately and from backups on the normal backup-rotation schedule.
  • Security: encryption in transit and at rest, role-based access, audit logging, least-privilege access, and regular backups.

How to delete your data

  • In the app: open your account settings and choose Delete account, or delete individual leads, lists, deals, or documents from their detail page.
  • By email: send a request to privacy@atapic.com with the subject "Delete my data." We’ll verify your identity and confirm completion. Most requests are completed within 30 days.
  • Disconnect a connected account: see the revoke-access instructions in Use of Google and Microsoft user data above.

International data transfers

ATAPIC is operated from the United States. If you’re outside the US, your data may be transferred to and processed in the US or in other countries where our subprocessors operate. Where required, we rely on appropriate safeguards such as the EU Standard Contractual Clauses (SCCs) and equivalent UK and Swiss mechanisms to protect your data.

Your rights

GDPR (EEA/UK)

  • Access, correction, deletion, and portability of personal data
  • Restriction of or objection to certain processing
  • Withdraw consent (for processing based on consent)
  • Complain to your local supervisory authority

CPRA (California)

  • Know, access, correct, and delete personal information
  • Opt-out of “sale” or “sharing” of personal information (we do not sell/share)
  • Limit use of sensitive personal information where applicable
  • Non-discrimination for exercising your rights

How to make a request: email privacy@atapic.com with the subject "Privacy Request." We’ll verify your identity and respond within applicable timelines.

Browser Extension Disclosures

If you install an ATAPIC browser extension, it is designed to enhance people discovery and research on supported sites and in the ATAPIC app.

  • Scope & Permissions: Uses permissions such as activeTab, tabs, and storage to read publicly visible page content on supported domains you visit and to save settings. It does not collect passwords, payment info, or private messages.
  • Data handled: Public profile elements (name, title, company, profile URL), public engagement signals visible to you, and UI context needed to build/save people into your ATAPIC lists.
  • Local processing first: Content is parsed client-side; only the fields needed to create a record or run a feature you invoke are sent to ATAPIC.
  • Limited Use: We use extension-collected data only to provide or improve extension and ATAPIC features you request, not to build unrelated profiles, and we do not sell this data.
  • Opt-out: You can disable the extension or specific features in the extension settings. Removing the extension stops collection.

Marketing communications

We may send product updates, tips on using ATAPIC to find people, and educational content. You can opt out at the link included in any email or by emailing privacy@atapic.com.

Contact us

Email: privacy@atapic.com

Mail: ATAPIC Inc, 6650 Rivers Ave Ste 105, PMB 726652, North Charleston, SC 29406-4829, USA