Trust isn’t claimed.
It’s shown.
Your memories deserve more than a privacy policy. This page describes — in plain words — what we collect, how we protect it, who touches it, and how you stay in control.
Every claim here is verifiable.
Only what makes Atlas work.
Atlas is a photo-and-trip product, not a data harvest. We collect the minimum needed to deliver the experience, and we tell you exactly what that is.
- Your photos and their metadata.
The image bytes you upload, plus EXIF data (capture date, GPS coordinates if present, camera model). We store these in your private library and never expose them to other users without your explicit share.
- Your account information.
Email address, display name, optional profile photo. If you sign in with Google, we receive your name + email + Google profile picture URL — nothing else.
- Your trips and albums.
Names, dates, locations, and notes you write. These exist only inside your account.
- Server logs.
Standard web access logs (IP address, request path, timestamp) retained 30 days for security and debugging. Never linked to your photo content.
What stays off the record.
Atlas is not advertising-supported. We never need behavioral profiles, cross-site tracking, or third-party cookies — and so we don’t collect them.
- No third-party advertising trackers.
No Facebook Pixel, no Google Ads tag, no behavioral remarketing. We use first-party analytics only, and only to measure aggregate product usage.
- No biometric face data leaves your account.
When you opt into face grouping, AWS Rekognition extracts face vectors that are stored in your account scope. We never share, sell, or pool them across users.
- No selling. Ever.
Your data is not a product. Atlas does not sell, rent, or barter user data to anyone for any purpose, including aggregated or anonymized data.
Defense at every layer.
Your photos sit on AWS infrastructure in US regions, encrypted at rest, served over TLS, accessed only through scoped credentials.
- Encryption at rest (AES-256).
All photo bytes and database content are encrypted at rest using AWS-managed AES-256. This is the same encryption standard the U.S. government uses for top-secret data.
- Encryption in transit (TLS 1.2+).
Every byte that moves between your device, our servers, and AWS storage uses TLS 1.2 or higher. We do not accept downgraded connections.
- Scoped credentials, least-privilege access.
Atlas application code holds the minimum AWS permissions needed to function. Customer-data access is logged. No human at Atlas browses your photo library.
- Per-user content isolation.
Your photos live under a per-user S3 prefix. Database queries are constrained to your user ID at every read. There is no admin UI for browsing user libraries.
- Hardened authentication.
Passwords are stored using bcrypt with a cost factor of 12. We support Google OAuth so you don’t have to manage another password if you don’t want to.
Your data has an address.
Transparency is a precondition for trust. Here’s exactly which services touch your data and what they do.
- AWS S3 — photo storage.
Original photo bytes and generated thumbnails. US regions. AES-256 encryption at rest. Lifecycle rules move long-untouched files to AWS Glacier for cost efficiency without changing access semantics.
- Neon Postgres — application database.
Your account, albums, trips, and photo metadata. Hosted in US regions. Encryption at rest and in transit by default.
- AWS Rekognition — face detection (opt-in).
Used only when you opt into people grouping. Face vectors stay scoped to your account. AWS does not retrain its models on your data per the AWS service terms.
- AWS Location — reverse geocoding.
GPS coordinates from your photos are sent to AWS Location to look up city + country names. The lookup is per-photo and stored on your photo row, never aggregated.
- AWS SES — transactional email.
Album invites, password resets, security notifications. We do not send marketing email through SES.
- Google OAuth — sign-in (optional).
If you choose Continue with Google, we receive only your name, email, and profile picture URL. Atlas never reads your Google Photos, Drive, Gmail, or Calendar.
You hold the keys.
Every meaningful control over your data is one or two clicks away — not buried in a support ticket.
- Export everything, anytime.
Download all your original-resolution photos plus a JSON of your trips, albums, notes, and metadata. Two clicks from your profile.
- Delete with grace.
When you delete a photo it goes to Recently Deleted for 30 days. After that, the bytes are permanently removed from S3 and references are scrubbed from our database.
- Close your account.
Account deletion removes all your photos, albums, trips, and metadata within 30 days. Backups roll off within 90 days.
- Per-album sharing scopes.
When you share, you choose: viewer (read-only), contributor (can add photos), or editor (can rename + reorder). Revoke any time.
- Withdraw consent for face grouping.
Disable face detection in your profile and we delete all face vectors from AWS Rekognition for your account within 30 days.
The work isn’t finished.
We don’t claim what we haven’t shipped. Here’s what’s on the roadmap, what’s still under consideration, and what you can ask us about today.
- End-to-end encryption (E2EE) for shared albumsPlanned
Today, photos are encrypted at rest by AWS but Atlas application servers can read them in transit (this is required for face detection, geocoding, and thumbnail generation). E2EE for shared albums where Atlas can’t read the contents is on our roadmap; we’ll publish the cryptographic design before shipping.
- SOC 2 Type II auditPlanned
Independent attestation of our security controls. We’ll pursue this once we’ve shipped to enterprise customers; until then, we describe our controls openly on this page.
- GDPR Data Processing AddendumAvailable on request
We honor the GDPR principles outlined here. If you’re an EU customer who needs a signed DPA, email security@luminexa.tech.
- EU data residencyConsidering
Today, Atlas data lives in AWS US regions. EU residency is on the table once we have meaningful EU adoption to justify the operational complexity.
Questions, requests, or a vulnerability to report?
Email security@luminexa.tech. We acknowledge security reports within 48 hours and follow responsible-disclosure practices for any verified issue.
For data-subject requests (export, deletion, correction), the controls in your profile cover most needs in one click. For anything else, the same email works.