This Privacy Policy ("Policy") explains how Atlas Academy ("Platform", "we", "us", "our"), operated by Atlas Aegis, collects, uses, stores, and protects personal data when you use our trading education and community platform. It has been prepared to comply with the Kenya Data Protection Act, 2019 (Cap. 411C) ("KDPA"), and to align with the General Data Protection Regulation ("GDPR") to the extent applicable to our global user base.
1. Data Controller Identity
2. Information We Collect
2.1 Account and Profile Data
- Email address (collected and managed via Supabase Auth)
- Display name and username (set by you during onboarding)
- Avatar or profile image (if uploaded by you)
- Account creation timestamp and last-seen metadata
- Subscription or premium status flags
2.2 User-Generated Content
- Community feed posts, including any attached chart markup images
- Group chat messages across all group channels
- Comments, reactions, and follow/unfollow relationship records
- Leaderboard performance submissions and ranking data
- Feedback or support messages submitted through in-app forms
2.3 Educational Progress Data
- Strategy module completion status and progress records
- DeepDive page access history and reading progress
- Roadmap milestone achievements and unlocked content markers
- Journal entries you create within the Platform
2.4 Technical and Connection Data
- Authentication session tokens (managed through Supabase Auth)
- IP address and approximate geographic region (processed by Cloudflare at the network layer)
- Browser type and user agent string
- Basic request logs for error detection and security analysis
We do not use cookies for advertising or behavioural tracking. Any cookies in use are strictly necessary for authentication session management.
2.5 Payment Data
Atlas Academy does not directly collect, store, or process payment card details or banking credentials. All payment transactions are handled exclusively by our external payment processing partner(s). We receive only a transaction confirmation and the subscription tier activated. Please review your payment processor's privacy policy for details of their data handling practices.
3. How We Use Your Data
We process your personal data only for the following lawful purposes:
- Authentication: To verify your identity and protect your account from unauthorised access
- Platform Operation: To display your profile, posts, and interactions within community features
- Educational Progress: To track and persist your learning progress and content access history
- Leaderboard and Gamification: To calculate and display community rankings and challenge submissions
- Real-Time Communication: To operate group chat and community feed updates
- Security and Abuse Prevention: To detect unauthorised access, scraping, and Terms violations
- Service Communications: To send essential notifications, including security alerts and policy updates
- Legal Compliance: To comply with applicable law and lawful legal orders
We do not sell, rent, or trade your personal data to third parties for marketing purposes, and we do not use your data to build advertising profiles.
4. Third-Party Data Processors
4.1 Supabase, Inc.
Role: Cloud database storage, authentication, and real-time subscription infrastructure. Data Processed: account credentials, profile data, User Content, progress records, and chat messages. Privacy Policy: supabase.com/privacy
4.2 Cloudflare, Inc.
Role: Secure network routing, application firewall, DDoS mitigation, and content delivery. Data Processed: IP addresses and connection metadata at the network layer. Cloudflare does not access the content of stored database records. Privacy Policy: cloudflare.com/privacypolicy
4.3 Payment Processor(s)
Role: Processing subscription payments and issuing transaction confirmations. Data Processed: payment card details, billing information, and transaction records — handled entirely externally. Atlas Academy does not store payment card numbers or banking credentials.
5. Data Retention
- Account profile data is retained for the duration of your account and for up to two (2) years after closure, unless earlier deletion is requested
- Community posts and chat messages may be retained for operational and moderation history unless you request deletion
- Technical security logs are retained for up to twelve (12) months
- Data subject to a legal hold is retained for the duration of the relevant proceeding
6. International Data Transfers
As a global platform using cloud infrastructure providers, your personal data may be processed in countries outside the Republic of Kenya. Where such transfers occur, we take steps to ensure appropriate safeguards are in place, consistent with the KDPA and, where applicable, GDPR transfer mechanisms.
7. Your Rights Under KDPA and GDPR
Depending on your jurisdiction, you have the following rights:
- Right of Access — request a copy of the personal data we hold about you
- Right to Rectification — request correction of inaccurate or incomplete data
- Right to Erasure — request deletion of your profile, posts, chat messages, and progress data (processed within 30 days, subject to legal retention obligations; deletion is permanent)
- Right to Restriction of Processing — request we restrict processing in certain circumstances
- Right to Data Portability — request your data in a structured, machine-readable format
- Right to Object — object to processing not strictly necessary for the Platform's operation
- Right to Lodge a Complaint — with the Office of the Data Protection Commissioner of Kenya (ODPC) at odpc.go.ke, or your national supervisory authority if in the EEA
To exercise any of these rights, submit a written request to atlasofficialhq@gmail.com. We will respond within the timeframes required by applicable law (generally thirty (30) days). We may require identity verification before processing your request.
8. Data Security
- All data in transit is encrypted using TLS via Cloudflare's secure routing layer
- Database access is governed by Row-Level Security (RLS) policies on our Supabase instance
- Authentication tokens are managed securely through Supabase Auth with appropriate expiry and revocation
- Administrative access to the database is restricted and access-controlled
While we take these precautions, no system is completely immune from security threats. We cannot guarantee absolute security and will notify you of any data breach as required by applicable law.
9. Children's Privacy
Atlas Academy is not directed at individuals under the age of eighteen (18). We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a person under 18, we will take immediate steps to delete that data. If you believe a minor has registered on our Platform, please contact us.
10. Changes to This Privacy Policy
We may update this Policy from time to time. We will notify users of material changes by updating the effective date above and, where practicable, via in-app notification. Continued use after changes take effect constitutes acceptance.
11. Contact and Data Protection Enquiries
For complaints, you may also contact the Office of the Data Protection Commissioner of Kenya: odpc.go.ke — P.O. Box 31272-00600, Nairobi, Kenya.