Privacy Policy

We collect only the data required to onboard a legally constituted business, evaluate institutional fit, and execute payment instructions: registered company name, jurisdiction of incorporation, company registration number, registered address, UBO information where mandated, and the corporate email of the authorised representative. Personal data of the authorised representative is held under a separate access-controlled record from operational transaction data — a deliberate split-collection design that prevents identity correlation outside the explicit settlement workflow.

For every quote and instruction we persist:

{
  "tx_id":          "uuid v4",
  "corridor":       "ISO-3166 + ISO-4217",
  "source_amount":  "decimal(18,2)",
  "quote_window":   "ISO-8601 duration",
  "router_path":    "[provider, ...]",
  "captured_at":    "ISO-8601 timestamp"
}

We do not persist beneficiary KYC payloads on Platform infrastructure; those remain on the books of the executing third-party provider under their own data-protection regime.

Production infrastructure runs in EU-region data centres operated under ISO/IEC 27001:2022 and SOC 2 Type II attestations. Application controls include AES-256 at-rest encryption, TLS 1.3 in-transit, hardware-backed key custody, role-segregated database access via row-level security, and immutable append-only audit logging. Production access is gated by short-lived OIDC tokens and quarterly access-review cycles. Penetration testing is performed annually by an independent assessor; remediations are tracked in public-facing release notes.

Atlas Logica AI does not sell, license, lease, or otherwise commercially distribute Client data, transaction metadata, or derived analytics to third parties under any circumstance. We do not operate an advertising surface. We do not enrich third-party profiles. Aggregated, fully-anonymised corridor-level liquidity statistics may be disclosed in research publications, never linked back to any identifiable Client.

Clients retain perpetual sovereignty over their own data. On written request you may exercise the following rights at no cost:

• GETRequest a structured export of all data held about your entity (delivered as signed JSON within 14 days).
• PATCHCorrect or update any business identity record we hold.
• DELETEErase records subject to mandatory regulatory retention.
• LOCKRestrict processing for the duration of a dispute or investigation.

Requests should be sent from the registered representative email to privacy@atlaslogica.com.

Transaction metadata and audit logs are retained for a minimum of five (5) years to satisfy AML/CTF record-keeping obligations under UK and EU regimes, after which they are cryptographically purged. Internal admin access to production data is logged immutably in the audit_logs store and reviewed monthly by the Information Security Officer.