Privacy Policy

1. Introduction and Overview

Atlas Authentication ("Atlas", "we", "us", "our") is committed to protecting your privacy and ensuring transparency in how we collect, use, process, and safeguard your personal information. This Privacy Policy explains our practices regarding data collection, processing, storage, and user rights across all platforms and services provided by Atlas Authentication.

This policy applies to all users of our authentication platform, including but not limited to: individual developers integrating our client library, enterprise clients managing licenses through our web panel, end-users authenticating through protected applications, and resellers distributing our solutions. By accessing or using Atlas Authentication services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

2. Information We Collect

2.1 Account Registration Data

When you create an Atlas Authentication account, we collect:

• Username and Email Address: Required for account creation and communication purposes
• Password Hash: Securely hashed using bcrypt with salt rounds ≥12; passwords are never stored in plaintext and cannot be recovered by Atlas staff
• Organization Name: For enterprise and reseller accounts
• Contact Information: Phone number (optional), company details, billing address
• Account Type: Individual developer, enterprise, reseller, or trial account designation

2.2 Hardware Fingerprinting Data

To enforce license agreements and prevent piracy, Atlas collects a hardware fingerprint from your system. This fingerprint is a unique identifier derived from various system characteristics (such as system configuration, device identifiers, and hardware specifications) that helps us bind licenses to specific machines.

The hardware fingerprint is created using cryptographic hashing, which means the original system data is securely encrypted. We do not store the raw hardware details—only the hashed fingerprint. This allows us to verify that a license remains bound to its authorized device while maintaining strong privacy and security.

Changes to your system hardware (such as upgrades or modifications) may result in a different hardware fingerprint, which may require license reactivation.

2.3 Authentication and Session Data

• IP Addresses: Source IP addresses from all authentication requests for geographic analysis and fraud detection
• Login Timestamps: Exact date, time, and timezone of each authentication attempt
• Authentication Methods: Whether login used email/password, API key, or other authentication mechanism
• Session Tokens: JWT tokens and session identifiers for active sessions
• Login Success/Failure Status: Authentication attempt outcomes and failure reasons (invalid credentials, account locked, etc.)
• Geolocation Data: Approximate geographic location derived from IP address (country, region, city level)
• Device Browser/User Agent: Browser type, version, operating system, and user agent strings

2.4 License and Subscription Data

• License Keys: Unique license key identifiers assigned to each purchased license
• License Tier Information: Which pricing tier (3-month, 6-month, 12-month) the user purchased
• Activation Data: When licenses were activated and on which hardware
• Activation Attempts: Failed and successful license activation attempts with timestamps
• Current Status: Whether licenses are active, suspended, revoked, or expired
• Concurrent Session Limits: Number of simultaneous active sessions per license
• Expiration Information: License expiration dates and renewal history

2.5 Payment and Billing Information

• Payment Method Type: Whether payment was made via PayPal, cryptocurrency, or other method (not full payment details)
• Transaction IDs: Payment processor transaction identifiers
• Purchase History: What licenses/subscriptions were purchased and when
• Invoice Records: Amount paid, billing address (for invoice generation)
• Refund Status: Whether refunds were requested, approved, or completed
• Billing Anomalies: Flagged transactions requiring manual review (duplicate charges, geographic anomalies, etc.)

2.6 Application and Integration Data

• Application Hash: SHA-256 hash of protected applications integrating our client library for verification
• Application Metadata: Application name, version, publisher information
• Authentication Request Logs: When protected applications request license validation
• API Key Usage: Which API keys made authentication requests and call frequency
• Integration Environment: Production vs. development environment designation

2.7 Behavioral and Analytics Data

• Web Panel Activity: Pages visited, buttons clicked, forms submitted, time spent on each section
• Authentication Patterns: Time-of-day patterns, frequency of logins, typical geographic regions accessed from
• Anomalous Behavior Flags: Suspicious activities triggering our behavioral analysis system
• Feature Usage: Which license management features are used and how frequently
• Error Logs: API errors, failed validations, and system exception data
• Performance Metrics: Authentication response times, API latency, success rates

2.8 Communication Data

• Support Tickets: Content of support requests and associated correspondence
• Email Communications: Emails sent to and from user accounts, including newsletters and transactional emails
• Feedback and Reports: User-submitted feedback, bug reports, security disclosures, and feature requests

3. How We Use Your Information

3.1 Core Service Delivery

• Authenticating user identity and managing account access
• Validating license activation and enforcing license agreements
• Binding licenses to specific hardware configurations to prevent piracy and unauthorized sharing
• Processing subscription renewals and license expirations
• Generating invoices and maintaining transaction records
• Delivering authentication responses to protected applications within 100ms average latency

3.2 Security and Fraud Prevention

• Detecting and preventing unauthorized access attempts and account compromise
• Identifying suspicious authentication patterns indicative of credential theft or brute force attacks
• Flagging impossible travel scenarios (authentication from geographically distant locations within physically impossible timeframes)
• Detecting multiple concurrent logins from different geographic regions suggesting account compromise
• Analyzing hardware fingerprints to identify license sharing and cloning attempts
• Identifying payment fraud, refund fraud, and chargeback patterns
• Detecting compromised payment credentials through anomaly analysis
• Implementing proof-of-work challenge systems to mitigate denial-of-service attacks
• Rate limiting to prevent brute force attacks on accounts and APIs

3.3 Legal Compliance and Investigations

• Complying with court orders, subpoenas, and legal process requests
• Investigating suspected violations of our Terms of Service
• Responding to law enforcement inquiries with appropriate legal authority
• Maintaining audit trails for regulatory compliance and financial auditing
• Documenting anti-piracy enforcement actions

3.4 Communication and Support

• Responding to support requests and technical issues
• Sending account notifications, security alerts, and transaction confirmations
• Notifying users of license expirations, upcoming renewals, and subscription changes
• Communicating changes to our Terms of Service and Privacy Policy
• Sending product updates and new feature announcements (opt-in)

3.5 Analytics and Service Improvement

• Analyzing aggregated authentication success rates and performance metrics
• Identifying common errors and technical issues for resolution
• Understanding user behavior patterns to improve our platform
• Monitoring system health and capacity planning
• Developing new security mechanisms and protection features

4. Data Storage and Retention

4.1 Storage Location and Infrastructure

Atlas stores user data on secure servers located in North America. We utilize encrypted storage with redundant backups to ensure data availability and protection against loss. All data is stored in PostgreSQL databases with encrypted connection strings and network isolation.

4.2 Data Retention Periods

• Account Information: Retained while your account is active. After account deletion, basic identity information is retained for 90 days for refund and chargeback dispute resolution, then securely deleted.
• Authentication Logs: Retained for 365 days to support fraud investigation, security analysis, and regulatory compliance
• Hardware Fingerprints: Retained as long as associated license is active; deleted 30 days after license expiration unless under dispute
• Payment Records: Retained for 2095 days (7 years) as required by financial regulations and tax compliance
• Support Tickets and Communications: Retained for 1095 days (3 years) for dispute resolution and service improvement
• Session Logs: Retained for 90 days for security analysis; detailed logs flagged for fraud investigation retained for 365 days
• Refund Records: Retained for 2095 days (7 years) for chargeback and dispute documentation

4.3 Secure Deletion

When data is scheduled for deletion, we employ cryptographically secure deletion methods. Sensitive data such as payment details and password hashes are overwritten using the DOD 5220.22-M standard (minimum 3 passes) before physical deletion. Hardware fingerprint data is deleted through database truncation, and backup copies are purged according to our backup retention schedule.

5. Data Security Measures

5.1 Encryption Standards

• In-Transit Encryption: All data transmitted to Atlas services uses TLS 1.3 encryption with Perfect Forward Secrecy (PFS). Only ciphers with minimum 256-bit key strength are accepted.
• At-Rest Encryption: Database encryption uses AES-256-GCM for all sensitive fields. Encryption keys are stored separately from encrypted data and managed through hardware security modules.
• Password Security: Passwords are hashed using bcrypt with minimum 12 salt rounds, making brute force attacks computationally infeasible
• Authentication Tokens: JWT tokens are signed using RS256 (RSA-2048) with expiration times of 1 hour for access tokens and 30 days for refresh tokens

5.2 Access Controls

• Role-based access control (RBAC) limiting employee access to the minimum required data for their function
• Multi-factor authentication (MFA) required for all administrative accounts accessing production systems
• Principle of least privilege applied throughout our infrastructure
• Logging and auditing of all administrative access to sensitive data
• Regular access reviews and automated access revocation when employees change roles

5.3 Infrastructure Security

• Network segmentation isolating payment processing systems, user data, and administrative networks
• Web Application Firewall (WAF) protecting against OWASP Top 10 attacks
• DDoS mitigation through proof-of-work challenge systems and rate limiting
• Intrusion detection and prevention systems monitoring for unauthorized access
• Regular security audits and penetration testing by qualified third parties
• Vulnerability scanning of all systems on 24-hour schedules

6. Data Sharing and Third Parties

6.1 When We Share Data

Atlas does not sell personal data to third parties. However, we may share data in the following limited circumstances:

6.2 Payment Processors

PayPal and cryptocurrency payment processors receive transaction data necessary to process payments. We share payment method type, transaction amount, and billing address but do not share full payment credentials with our systems (payment data is tokenized).

6.3 Email Service Providers

We use third-party email providers to send transactional emails (purchase confirmations, license keys, password resets, support responses). These providers receive only the email address and content necessary for email delivery and have contractual obligations to maintain confidentiality.

6.4 Law Enforcement and Legal Process

We may disclose personal information when required by law, court order, subpoena, or government request. We will provide notice to affected users except where legally prohibited. We challenge overly broad requests and provide only the minimum information legally required.

6.5 Service Providers and Contractors

We engage service providers (hosting, monitoring, backup, security analysis) who access data on our behalf under strict contractual data processing agreements requiring confidentiality and appropriate security measures.

6.6 No Direct Sharing with Competitors

We do not share user data with competing authentication or licensing providers under any circumstances.

7. User Rights and Data Control

7.1 Right to Access

You have the right to request a complete copy of personal data we maintain about you. Submit requests to atlassolutionsnoreply@gmail.com with subject line "Data Access Request". We will provide data in a structured, commonly-used format within 30 days.

7.2 Right to Correction

You may request correction of inaccurate personal data. We will update records within 14 days and notify affected systems. You can also update certain information directly through your account settings.

7.3 Right to Deletion

You may request deletion of your account and associated personal data. We will delete data within 90 days except where we have legal obligations to retain it (financial records, fraud investigation files, disputed transactions). Deleted accounts cannot be recovered.

7.4 Right to Data Portability

You may request your personal data in a machine-readable format suitable for import into other systems. We will provide data in JSON or CSV format within 30 days.

7.5 Right to Object

You may object to processing of your data for marketing communications. We will honor opt-out requests within 5 business days. You cannot object to processing necessary for service delivery or legal compliance.

8. Regional Privacy Rights

8.1 GDPR (European Users)

If you are a resident of the European Union, United Kingdom, or EEA, you have additional rights under the General Data Protection Regulation (GDPR). Our legal basis for processing personal data includes: (1) performance of services you requested, (2) legal obligations, (3) legitimate business interests in fraud prevention and security. You have the right to lodge a complaint with your supervisory authority.

8.2 CCPA (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) including the right to know what personal information is collected, the right to delete, the right to opt-out of sale (we do not sell data), and the right to non-discrimination for exercising these rights.

8.3 PIPEDA (Canadian Users)

If you are a Canadian resident, your personal information is protected under the Personal Information Protection and Electronic Documents Act (PIPEDA). You have the right to access, correct, and request deletion of your information.

9. Cookies and Tracking

9.1 Session Cookies

We use session cookies to maintain authentication state and improve user experience. These cookies are essential to service delivery and expire when you log out or after 24 hours of inactivity.

9.2 Analytics

We may collect aggregated analytics data about how users interact with our platform to improve performance and user experience. This data is anonymized and does not identify individuals.

9.3 Third-Party Tracking

We do not use third-party tracking pixels or analytics services that follow users across other websites. We do not facilitate behavioral advertising.

10. Policy Changes and Updates

We may update this Privacy Policy periodically. We will notify you of material changes by posting the updated policy here with a revised "Last Updated" date. For significant changes affecting your rights or substantially increasing our data usage, we will provide additional notice through email or dashboard notification. Continued use of our services following notification of changes constitutes acceptance of the updated policy.

11. Contact Information

If you have questions about this Privacy Policy, our data practices, or wish to exercise your rights, contact us at:

Atlas Authentication
Email: atlassolutionsnoreply@gmail.com
Website: https://atlassecurity.site