Privacy Policy

We collect information you provide directly, information collected automatically when you use our Service, and in some cases, information from third parties such as Meta Platforms (Facebook/Instagram).

Information you provide directly:

• Email address (when registering for our waitlist or creating an account)
• Name and profile information (when you create or update an account)
• Payment information (processed securely by third-party payment processors; we do not store card numbers)
• Communications you send us, including support requests or feedback
• Any other information you voluntarily provide

Information collected automatically:

• IP address and approximate geographic location
• Browser type and version, operating system, device type
• Pages visited, features used, time spent, referring URLs
• Log data and error reports
• Cookies and similar tracking technologies (see Section 7)

Information from third-party platforms (e.g., Meta/Facebook):

• If you connect or log in via Facebook or Instagram, we may receive your public profile information, email address, and any permissions you explicitly grant
• We only request the minimum permissions necessary to provide the Service
• We do not receive or store your Facebook password

We use the information we collect for the following purposes:

• To provide, operate, and improve the Service
• To create and manage your account and authenticate your identity
• To send you service-related communications (onboarding, product updates, security alerts)
• To send you marketing communications where you have given consent or where permitted by applicable law — you may opt out at any time
• To respond to your questions, support requests, and feedback
• To analyze usage patterns and improve our product
• To detect, prevent, and address fraud, abuse, security incidents, and technical issues
• To comply with legal obligations
• To enforce our Terms of Service

We do not sell your personal data to third parties. We do not use your data to build advertising profiles for Meta or any other advertising network unless you have explicitly consented.

For users in the European Economic Area (EEA), United Kingdom, and similar jurisdictions, we process your personal data under the following legal bases:

• Contractual necessity: Processing required to provide you with the Service (e.g., account creation, authentication)
• Legitimate interests: Improving our Service, security monitoring, fraud prevention — where these interests are not overridden by your rights
• Consent: Marketing communications and optional analytics; you may withdraw consent at any time without affecting the lawfulness of prior processing
• Legal obligation: Where we are required to process data to comply with applicable law

We do not sell, rent, or trade your personal data. We may share your information in the following limited circumstances:

Service providers: We engage trusted third-party companies to perform services on our behalf (hosting, database management, email delivery, analytics, payment processing). These providers access your data only as necessary to perform their services and are contractually bound to protect it.

Third-party platforms you connect: When you connect Ataraxy to Meta (Facebook/Instagram) or other platforms, data is shared as you authorize and as required to operate those integrations.

Legal requirements: We may disclose your data if required by law, court order, or government authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Ataraxy, our users, or the public.

Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you via email or a prominent notice on the Service.

With your consent: We may share your information for any other purpose with your explicit consent.

Our current key service providers include:

• Supabase Inc. — database and backend infrastructure
• Vercel Inc. — hosting and deployment
• Meta Platforms, Inc. — social login and platform integrations (subject to Meta's own privacy policy)

We retain your personal data for as long as necessary to provide the Service and fulfill the purposes described in this policy, unless a longer retention period is required by law.

• Account data: Retained for the duration of your account, plus up to 90 days after deletion to allow recovery
• Waitlist data: Retained until you request deletion or we close the waitlist program
• Log and analytics data: Retained for up to 12 months in identifiable form, then aggregated or deleted
• Legal and compliance records: Retained as required by applicable law (typically 5–7 years)

When data is no longer needed, we securely delete or anonymize it. You may request early deletion of your data at any time (see Section 6).

Depending on your location, you may have the following rights regarding your personal data:

• Right to access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure ("right to be forgotten"): Request deletion of your personal data, subject to certain legal exceptions
• Right to restriction: Request that we limit processing of your data in certain circumstances
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent: Where processing is based on consent, withdraw it at any time
• Right not to be discriminated against: We will not deny service or provide a different level of service because you exercised your privacy rights (CCPA)

To exercise any of these rights, email us at info@ataraxyapp.com. We will respond within 30 days. We may need to verify your identity before processing your request.

If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority.

We use cookies and similar technologies (local storage, session storage, pixels) to operate and improve the Service.

• Essential cookies: Required for authentication and core functionality; cannot be disabled
• Analytics cookies: Help us understand how users interact with the Service (e.g., session duration, features used); you may opt out
• Preference cookies: Remember your settings and preferences
• Marketing cookies: Only placed with your explicit consent

You can control cookies through your browser settings. Disabling certain cookies may affect functionality. For more control, you may also use browser extensions that block tracking technologies.

Our Service may integrate with or link to third-party platforms including Meta (Facebook, Instagram). When you connect these integrations, the third-party's own terms and privacy policy govern their use of your data. We encourage you to review those policies.

Specifically regarding Meta integrations:

• We only request permissions that are necessary for the features you use
• We do not build or augment user profiles using Meta Platform Data without your valid consent
• We comply with Meta's Platform Terms and Developer Policies
• You may disconnect Meta integrations at any time through your account settings or directly through Facebook/Instagram settings
• Our privacy policy is publicly accessible and not geo-blocked, as required by Meta's developer policies effective February 2025

The Service is not directed to individuals under the age of 13 (or 16 in the EEA/UK). We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at info@ataraxyapp.com and we will delete that information promptly.

Ataraxy operates globally and your data may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from those of your jurisdiction.

When transferring data from the EEA, UK, or Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms. By using the Service, you consent to such transfers in accordance with this policy.

We implement industry-standard security measures to protect your personal data, including:

• Encryption in transit (TLS/HTTPS) and at rest
• Access controls and authentication requirements for our team
• Regular security reviews and monitoring
• Row-level security on our database infrastructure

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that affects your rights and freedoms, we will notify you and relevant authorities as required by applicable law.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (if you have provided one) and update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to all legitimate requests within 30 days. In some cases, due to the complexity or number of requests, we may extend this period by an additional 60 days, in which case we will notify you.