This Policy should be read together with:

In the event of any conflict between this Policy and a separately executed Enterprise Agreement or DPA, the executed agreement shall prevail.

"Customer Content" means any information submitted to Atlas Services, including prompts, uploaded files, images, videos, audio files, embeddings, generated outputs, documents, structured inputs, API payloads, and other content submitted or generated through Atlas Services.

"Operational Metadata" means technical and business records generated during the operation of Atlas Services, including request identifiers, timestamps, model identifiers, token usage, latency measurements, status codes, account identifiers, billing records, and security monitoring records.

Operational Metadata does not intentionally include Customer Content.

Atlas currently supports multiple service configurations. The retention practices applicable to Customer Content depend on the specific service, model provider, deployment architecture, and contractual arrangement.

Standard Services may temporarily retain Customer Content for operational purposes, including customer access to generated assets, download functionality, customer-accessible history, troubleshooting, abuse prevention, service delivery, and operational continuity.

For Standard Services, Customer Content may be retained for up to seven (7) days unless otherwise specified in service documentation or customer agreements. Examples may include image generation services, video generation services, customer-accessible generation history, download portals, and certain hosted multimedia services.

Following expiration of the applicable retention period, Customer Content is scheduled for deletion from Atlas-controlled systems.

Atlas may offer Zero Data Retention configurations for eligible enterprise customers, approved model providers, approved deployment architectures, dedicated environments, Atlas-controlled infrastructure, and services specifically designated as Enterprise ZDR Services.

Availability of Enterprise ZDR Services is subject to technical feasibility, provider capabilities, contractual agreement, and service configuration. Enterprise ZDR Services are governed by a separate Enterprise Zero Data Retention Addendum.

For Standard Services, Atlas may temporarily retain Customer Content for operational purposes. Such retention may support customer access, download functionality, troubleshooting, abuse investigations, customer support, and service delivery.

Atlas seeks to minimize retention periods and remove Customer Content after expiration of the applicable retention window.

For services operating under an approved Enterprise Zero Data Retention configuration, Atlas does not intentionally retain prompts, generated outputs, uploaded files, images, videos, audio files, embeddings, or other Customer Content following completion of processing.

This commitment applies only to the specific services identified in the applicable Enterprise Zero Data Retention Addendum.

Atlas does not use Customer Content submitted through Atlas-controlled services to train, fine-tune, improve, evaluate, benchmark, or develop Atlas-hosted AI models unless expressly authorized by the Customer in writing.

For Third-Party Model Providers, data usage practices are governed by provider-specific terms, privacy policies, enterprise agreements, and data processing commitments. Atlas does not represent that all Third-Party Model Providers maintain identical training, retention, or privacy practices.

Customers requiring provider-specific restrictions should contact Atlas before using the applicable services.

Atlas may retain Operational Metadata necessary for billing, security monitoring, fraud prevention, abuse prevention, reliability monitoring, troubleshooting, service analytics, legal compliance, and dispute resolution.

Examples may include:

Operational Metadata is not intended to contain Customer Content.

Atlas retains account information and billing records as necessary to provide services, manage customer accounts, process payments, comply with tax obligations, comply with legal requirements, maintain financial records, and enforce agreements.

Examples may include:

Retention periods may vary based on applicable legal requirements.

Certain Atlas Services route requests to Third-Party Model Providers. Examples may include OpenAI, Google, BytePlus, Alibaba Cloud, xAI, and other approved providers.

Where a Third-Party Model Provider processes Customer Content, the provider's own retention, deletion, security, compliance, and data usage practices may apply.

Customers with data residency requirements, regulatory requirements, industry-specific restrictions, or retention restrictions should discuss provider-specific routing controls with Atlas prior to production use.

Atlas maintains commercially reasonable technical and organizational measures designed to protect Customer Content and Customer Personal Data. Such measures may include:

Additional information may be provided through Atlas Security Overview documentation.

Atlas may provide security and compliance documentation upon request.

Unless expressly stated in a separate written agreement executed by Atlas, Atlas does not represent that it currently maintains SOC 1 certification, ISO 27001 certification, or any specific regulatory certification.

Certain Third-Party Model Providers utilized through Atlas Services may maintain such certifications independently. Customers should review provider-specific documentation where such certifications are required.

Enterprise customers may request:

Availability of documentation may depend on applicable confidentiality obligations.

Atlas maintains procedures designed to identify, investigate, contain, and remediate security incidents.

Where required by applicable agreements or law, Atlas will provide notification regarding confirmed Security Incidents affecting Customer Personal Data.

Enterprise customers should refer to the applicable DPA and Enterprise Zero Data Retention Addendum for additional obligations.

Atlas may update this Policy from time to time to reflect changes in services, infrastructure changes, provider changes, legal requirements, operational practices, and security improvements.

Material changes may be communicated through service notices, customer communications, or updates to Atlas legal documentation.

For questions regarding privacy, security, data retention, or enterprise compliance documentation: