Privacy Policy

1. Overview

This Privacy Policy explains how Atmosphere Money Inc. collects, uses, shares, and protects information when people use ATM websites, dashboards, checkout, app integrations, APIs, webhooks, and related services.

ATM is built on AT Protocol. Some records and profile data are public by design. Other information, especially payment processor data, buyer contact details, fulfillment details, OAuth tokens, and compliance data, is kept private where ATM controls the system.

2. Information we collect

We collect AT Protocol identity information such as DID, handle, profile display name, avatar, description, OAuth grants, service endpoints, public records, and records you create or authorize ATM to create.

We collect payment and commerce information such as payment amount, currency, payment type, payer or guest status, recipient, originating app, product or ticket references, discounts, subscription status, invoices, receipts, refund status, dispute status, and app webhook events.

We may collect customer and fulfillment information such as name, email, billing address, shipping address, messages, order details, attendee names and registration answers for tickets, ticket status, tax information, and support communications when needed for checkout, fulfillment, compliance, support, or fraud/risk handling.

If your AT Protocol account shares an account email with ATM during sign-in, ATM stores it privately and uses it only as a convenience hint, such as prefilling processor onboarding or checkout contact fields. ATM never writes email addresses into public AT Protocol records and does not forward this account email hint to apps on its own; the only buyer contact details an originating app receives are those collected or confirmed during that app's checkout, delivered through private app-scoped channels such as signed webhooks and scoped endpoints.

We collect technical information such as IP address, device/browser data, logs, request metadata, rate-limit data (including IP-based rate-limit counters), and diagnostic events.

ATM uses first-party session cookies only: dashboard session cookies for signed-in ATM dashboard use, and a separate, more limited scanner session cookie for the ticket scanner app that proves control of an AT Protocol account without creating payment roles. Guest subscription management links use single-use tokens that are stored hashed and expire within 24 hours. ATM does not use third-party advertising or analytics cookies.

3. Payment processor information

ATM uses payment processors such as Stripe. Payment details, onboarding data, identity verification, bank account details, payment method details, disputes, payouts, tax settings, and similar processor information may be collected directly by the processor or displayed through embedded processor components. Where Stripe collects or processes information, Stripe's Privacy Policy and applicable Stripe terms also apply.

ATM stores only the processor information it needs to operate the service, reconcile payments, support dashboards, route app fees, handle refunds or disputes, and meet legal or compliance obligations. ATM does not store raw card numbers or full payment credentials.

Processor information may be shared between ATM, the processor, connected accounts, originating apps, financial partners, card networks, banks, and service providers as needed to process payments, manage risk, comply with law, support disputes, provide receipts, and operate connected-account services.

4. Public protocol data

Public AT Protocol data can be read, copied, indexed, cached, displayed, or stored by anyone. This may include ATM profile fields, catalog records, payment attestation records, proof records, and other public records that you or ATM write to a PDS.

Deleting data from ATM may not delete copies already stored by a PDS, appview, search index, cache, archive, or third-party app. Do not publish sensitive personal information in public protocol records.

5. How we use information

We use information to provide ATM, authenticate users, create and manage checkout sessions, process payments, route app fees, manage subscriptions, issue and verify tickets, write or verify payment proofs, deliver webhooks, display dashboards, provide support, prevent fraud and abuse, improve performance, and comply with law.

We may use aggregated or de-identified information to understand usage, reliability, checkout performance, app activity, and payment trends.

6. How information is shared

We share information with service providers that help us operate ATM. Current providers include Stripe (payment processing, Connect onboarding and identity verification, Link, and fraud/risk tooling), Neon (database hosting), Vercel (web hosting and deployment), Railway (hosting for ATM's AppView indexing service), Upstash (Redis infrastructure used for rate limiting), Cloudflare R2 (a delivery cache for avatars and media, not canonical storage), Resend (transactional email such as ticket delivery and guest subscription links), and Inngest (background job processing). ATM also interacts with the AT Protocol network, including the PLC directory for DID resolution and your PDS host for OAuth sign-in and record reads/writes. We may update this provider list as ATM's infrastructure changes.

We share app-scoped payment and order information with the app that originated a payment so the app can provide checkout, fulfillment, customer support, fraud/risk handling, refunds, reporting, webhooks, and proof status. Apps do not receive unrestricted creator payment-account data through ATM.

We share information with creators, organizers, or sellers when they need it to fulfill a purchase, support a payer, manage a subscription, verify a ticket, handle a refund, or respond to a dispute. We may share information when required by law, legal process, security needs, or to protect rights and safety.

We do not sell private payment, checkout, fulfillment, or connected-account personal information. Public AT Protocol records are different: they are public by design and may be viewed, copied, indexed, or reused by third parties outside ATM.

7. Your choices and rights

You may update your ATM profile from settings. You may revoke AT Protocol OAuth grants through supported account or provider tools. You may manage payment methods, subscriptions, and guest subscription links through ATM or processor-provided flows where available.

Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal information. Contact ATM to make a privacy request. Some information may need to be retained for payments, fraud prevention, legal, tax, accounting, security, or protocol-integrity reasons.

8. Data retention

We keep information as long as needed to provide ATM, maintain payment records, operate proof and ledger systems, comply with law, resolve disputes, prevent fraud, enforce agreements, and support accounting or tax obligations.

Short-lived operational data is trimmed on default schedules: completed checkout-session state after about 30 days; delivered webhook delivery logs after about 30 days and failed deliveries after about 90 days; processor webhook event logs after about 30 days; short-lived tokens after about 7 days; expired OAuth sessions after about 30 days; released or expired ticket holds after about 30 days; and ticket audit and ticket delivery logs after about 365 days. Guest subscription management links are single-use and expire within 24 hours. These windows are operational defaults that ATM may tune over time.

Canonical payment, receipt, ledger, attestation, dispute, refund, subscription, issued-ticket, and public protocol records are not trimmed by those operational schedules and may be retained for longer periods because they are part of financial, legal, audit, and protocol-integrity systems.

9. Security

We use technical and organizational safeguards designed to protect private data, including access controls, private no-store responses for sensitive dashboard APIs, rate limits, scoped service-auth, and separation between public protocol records and private payment data. Sensitive operational secrets are stored in reduced forms where possible: guest subscription management tokens and ticket scan tokens are stored as hashes, and payer-assertion tokens are never stored in full; ATM keeps only verification metadata such as issuer, expiry, and a token hash.

No system is perfectly secure. You are responsible for keeping your AT Protocol account, devices, email, payment processor account, and credentials safe.

App developers that receive ATM data must follow the App Developer Terms, keep webhook and service-auth secrets secure, and use payer, buyer, attendee, customer, and recipient information only for the app-scoped purposes ATM permits.

10. Children

ATM is not intended for children. You may not use ATM if you are under the age required to enter a binding agreement or use payment services in your jurisdiction.

11. International use

ATM, apps, processors, and service providers may process information in multiple countries. By using ATM, you understand that information may be transferred to and processed in countries different from where you live, subject to applicable law.

12. Changes and contact

We may update this Privacy Policy as ATM changes. If changes are material, we will make reasonable efforts to provide notice through the site, dashboard, email, app communications, or another appropriate channel.

Privacy questions or requests can be sent through ATM's contact page.