Legal
Data policy
Last updated: April 2, 2025
Atomz is built with privacy, performance, and trust at its core. We collect only the data needed to help shoppers discover the right products faster and help merchants grow with actionable insights. This policy explains how we handle data, ensure compliance, and give merchants control.
What we collect
We collect the data that powers product discovery:
- Search behavior: queries entered, prompts clicked, filters selected
- Interaction data: product views, cart additions, purchases made
- Engagement signals: click timing, time on search, conversion paths
We do not collect personally identifiable information unless it is explicitly provided through authorized means.
What we do not collect
- We do not collect sensitive personal information, such as credit card details, address, or account passwords
- We do not track users across different websites
- We do not sell or share customer data with third parties
How we use data
- To improve prompt and product relevance in real time
- To deliver personalization within the search experience
- To provide analytics that help merchants grow revenue
Merchant data control
- Merchants retain full ownership of their product, prompt, and performance data
- Merchants can request data exports or deletions at any time
- We operate in full compliance with GDPR and CCPA regulations
Data retention
Search and engagement data is retained for up to 12 months. Merchants may request shorter retention periods based on their preferences.
Subprocessors
Atomz uses trusted third-party platforms to ensure reliability, performance, and security, including providers for:
- Secure hosting and cloud infrastructure
- AI and semantic processing
- Frontend delivery and optimization
- Analytics and user interaction insights
All subprocessors are carefully vetted for compliance and data protection standards.
International data transfers
Where data is transferred outside of the merchant's country, Atomz ensures appropriate safeguards are in place in accordance with applicable law, including Standard Contractual Clauses where required.
Children's data
Atomz does not knowingly collect or store information from children under 16 years of age.
Incident response
In the event of a data breach, Atomz will notify affected merchants without undue delay, in accordance with applicable data protection laws and regulations.
Security
- End-to-end encrypted data transfers
- Secure hosting on SOC 2 and ISO-certified infrastructure
- Access to data is strictly limited to authorized internal services only
Cookies
Atomz does not use cookies for tracking or advertising purposes. Cookies may be used only for session-based personalization during search interactions, and no third-party cookie sharing is permitted.
Policy updates
This policy may be updated periodically. Material changes will be communicated via email or dashboard notifications.
Data processing addendum
Enterprise customers may request a signed DPA by contacting privacy@atomz.ai.
For questions or concerns about this policy, contact privacy@atomz.ai.