Privacy Policy — AtlasRisks

Plain-language summary. We collect your email so we can deliver the GGRI Daily and contact you about the service. We don't sell or share your data. We use Stripe to process payments — they store the credit card data, not us. We use FormSubmit.co to relay contact-form messages — they see your message in transit. That's it.

1. What we collect

Account information. Email address; optionally, name and company. Provided when you sign up for the waitlist or a paid tier.
Payment information. Handled exclusively by Stripe. We never see or store your full card number; we receive only a Stripe customer ID, the last 4 digits, and the card brand.
Usage data. Standard server logs (IP address, user-agent, timestamps) for security and abuse prevention.
Watchlist preferences. Country selections and alert preferences associated with your account.

2. How we use it

To deliver the GGRI Daily email and other service notifications.
To process subscription billing and payments via Stripe.
To respond to support inquiries.
To improve the product (aggregate, anonymized usage patterns).
To prevent abuse and meet legal obligations.

3. Who we share it with

Stripe — payment processing. stripe.com/privacy.
FormSubmit.co — contact-form relay. Forms submitted on this site are routed through their service to our inbox.
Email delivery providers — for the GGRI Daily (provider TBD; will be a reputable transactional email service).
Law enforcement — only when legally compelled, and we'll notify you if permitted by law.

We do not sell your personal information. We do not share your data with advertisers.

4. Cookies

We use minimal cookies — only a session cookie when you're logged in, and any required by Stripe Checkout. We do not use third-party advertising or tracking cookies. We do not use analytics tools that track individual users.

5. Your rights

You can request a copy of your data, request correction of inaccurate data, or request deletion at any time by emailing privacy@atlasrisks.com. We respond within 30 days.

If you're in the EU/UK: your rights under GDPR / UK GDPR apply, including the right to lodge a complaint with your supervisory authority.

If you're in California: your rights under the CCPA apply, including the right to know, delete, and opt-out of "sale" (we don't sell, so the third right is moot — but it's yours).

6. Data retention

Account data: retained for as long as you have an active account, plus 30 days after cancellation.
Billing records: retained for 7 years for tax/audit compliance.
Server logs: retained for 90 days.

7. Security

The site is served over HTTPS. Passwords (when applicable) are hashed. Subscriber data is stored in encrypted form at rest. We follow standard industry security practices but make no warranty against all possible attacks.

8. Children

AtlasRisks is intended for professional security and intelligence buyers. We do not knowingly collect data from anyone under 18.

9. Changes to this policy

We'll post material changes here and notify subscribers by email at least 14 days before they take effect.

10. Contact

Privacy questions: privacy@atlasrisks.com. General: hello@atlasrisks.com.

— AtlasRisks privacy policy v1.0 · 2026-05-06

Note: This is a starting policy. Once Stripe is wired and an email-delivery provider is selected, we update this page with specifics. For complete legal review, consult counsel.