atomly

Privacy Policy

Last updated: 22 May 2026

This policy explains what data Atomly collects when you use the service at atomlyapp.com (and any subdomain), why we collect it, how it's used, and the rights you have over it. We aim to handle your information honestly and minimally.

Who we are

The data controller is the operator of Atomly. Contact details are listed in our Imprint. For privacy questions, email hello@atomlyapp.com.

What data we collect

  • Account data — your email address and a one-way bcrypt hash of your password. We never store your password in plain text.
  • Usage data — which tools you've used, when, and how many credits each request consumed. We use this for billing, enforcing your plan's monthly limits, and improving the service.
  • Content you submit — the questions, answers, mechanisms, and uploaded papers you send to Clara. This is sent to our AI provider to produce a response. Uploaded files are parsed once and discarded; they are not stored on our servers.
  • Payment data — handled entirely by Stripe. We never see or store your card number. We keep a Stripe customer reference, your active plan, subscription status, and renewal date.
  • Session cookie — one httpOnly, SameSite=Lax cookie containing a random session token, used solely to keep you logged in. No third-party tracking cookies.

Legal basis (GDPR)

We process account, usage and content data on the basis of contract performance (Art. 6(1)(b) GDPR) — we need it to provide the service you signed up for. We process billing data on the same basis, plus our legal obligation to keep tax records (Art. 6(1)(c) GDPR).

Third parties we share data with

  • Anthropic — your prompts and uploaded paper text are sent to Anthropic's Claude API to generate responses. Anthropic's terms specify they do not train their models on API content.
  • Stripe — for payment processing, subscription billing, and invoices. Your card details go directly to Stripe; we never receive them.
  • Resend — for transactional email (password resets, billing receipts).
  • Hosting — Atomly runs on our own server infrastructure in Germany. Your data is stored there.

We do not sell your data and do not share it with advertisers.

How long we keep your data

Account and usage data are kept while your account is active. If you delete your account, we erase your personal data within 30 days, except for billing records, which we keep for the period required by tax law (typically 6 years in the UK, 10 years in Germany).

Your rights

Under GDPR (and equivalent UK / US frameworks) you have the right to:

  • Access the data we hold about you
  • Correct it if it's wrong
  • Have it erased ("right to be forgotten")
  • Export it ("data portability")
  • Object to processing or restrict it
  • Lodge a complaint with a supervisory authority

To exercise any of these, email hello@atomlyapp.com from the address on your account.

Security

All traffic is encrypted in transit (HTTPS / TLS). Passwords are hashed with bcrypt at cost factor 12 — we cannot read your password even if our database were compromised. Sessions live in our database; logging out from any device deletes that session token immediately. Password reset invalidates every active session on your account.

Cookies

Atomly uses one cookie — the session cookie described above. No analytics cookies, no advertising cookies, no third-party tracking. By using the site, that single session cookie is set when you log in and cleared when you log out.

AI content

Responses from Clara are generated by AI and may be wrong, even when they sound confident. Atomly is a study aid — it is not a substitute for verifying chemistry against your textbook, lecture notes, or tutor, especially for graded coursework. Always verify critical answers.

Changes to this policy

If we make material changes we'll update the "Last updated" date at the top of this page and, where appropriate, notify you by email.