Privacy Policy

The data controller is ATOMIRA TECHNOLOGIES, S.L. (CIF B27662717), registered office at Calle Lepant 270, 08013 Barcelona, Spain. Registered at the Registro Mercantil de Barcelona (entry nº 2026060968).

For any privacy question or to exercise your rights, contact hello@atomira.eu.

We only collect data you actively give us. We do not run analytics, ad trackers, or third-party fingerprinting scripts.

Contact form

• Name you provide
• Email address
• Subject category (general, partnership, investment, support)
• Message body
• Hashed (SHA-256, truncated) representation of your IP address — for rate-limiting only

Product waitlists and beta/alpha applications

• Email address
• Optional: name and a public profile URL you provide (e.g. LinkedIn)
• The product you signed up for
• Hashed representation of your IP address

Feedback form

• Type of feedback (rating, idea, feature request, bug report)
• Rating (when applicable) and body text
• Optional: name, email, public profile URL
• The product the feedback is about
• Hashed representation of your IP address

Server logs

Our hosting provider (Hetzner) keeps short-term access logs containing IP address and request metadata, used solely for security and to investigate operational issues.

Admin sign-in

If you sign in to the administration area, we receive your email address from Google's OAuth flow. Only the company's authorised administrator can use this area; visitor accounts do not exist.

• To answer your messages and follow up on contact-form inquiries — legal basis: legitimate interest (responding to communications you initiated).
• To notify you when a product you signed up for becomes available, or to evaluate beta/alpha applications — legal basis: your explicit consent (which you can withdraw at any time via the unsubscribe link or by emailing us).
• To improve our products based on the feedback you send us — legal basis: your consent when you submit feedback.
• To prevent abuse and to operate the site safely (rate-limiting, server logs) — legal basis: legitimate interest in keeping the service available and secure.
• To meet our legal and tax obligations — legal basis: compliance with a legal obligation.

• Contact form messages: kept for as long as the conversation is active and for up to 24 months afterwards, so we can refer back to prior context.
• Product waitlist / beta / alpha signups: kept until you unsubscribe or ask us to delete the record, then erased within 30 days.
• Feedback submissions: kept indefinitely in aggregated form for product decisions; individual identifiers (name, email) are removed on request.
• Server logs: rotated by the hosting provider, typically within 14 days.
• Tax-relevant records linked to a commercial relationship (none currently apply to this site): retained as required by Spanish law.

We use a small number of carefully chosen service providers. We do not sell your data to anyone.

• Hetzner Online GmbH (Germany / Finland) — hosting of the website, application, and database, plus the SMTP service that delivers our transactional emails.
• Google LLC (United States) — only for administrator sign-in via OAuth. No visitor data is shared with Google.

We may also disclose data when we are legally required to (e.g. court order, regulatory request from a competent authority).

Hetzner processes data inside the European Economic Area. Google's OAuth service may transfer administrator login data to the United States; that transfer is covered by Google's adherence to the EU-U.S. Data Privacy Framework. We do not export visitor data outside the EEA.

You have the following rights at any time:

• Access — get a copy of the data we hold about you.
• Rectification — ask us to correct inaccurate data.
• Erasure — ask us to delete your data (also known as the right to be forgotten).
• Restriction — ask us to limit how we process your data.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interest.
• Withdraw consent — at any time, with no effect on processing already carried out.

To exercise any of these rights, email hello@atomira.eu. We will respond within 30 days. You also have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos, www.aepd.es) if you consider that the processing of your data infringes the GDPR.

Every product-launch email we send contains an unsubscribe link. Clicking it stops all future product-launch notifications for that signup. Transactional emails (confirmations of forms you submitted, responses to your messages) are not subject to unsubscribe because they are not marketing.

We only use cookies that are strictly necessary for the site to function. We do not use analytics, advertising, or tracking cookies.

• locale — remembers the language you prefer (en, es, ca). Lifetime: 1 year.
• next-auth.session-token — set only inside the administration area when an administrator signs in. Visitors never receive this cookie.

We apply technical and organisational measures appropriate to the data we hold: TLS everywhere, restricted database access, hashing of IP addresses, and the principle of least privilege for administrator accounts. No system is perfectly secure; if you become aware of a vulnerability, please email hello@atomira.eu.

The site is not directed to children under 14. We do not knowingly collect data from anyone under that age. If you believe we may have done so, contact us and we will delete the data.

We may update this Privacy Policy from time to time. The latest version will always be at this page, and the 'Last updated' date at the top will reflect when it changed.