Effective: May 11, 2026
Last updated: May 11, 2026
This privacy policy describes how Atlas ("we," "us," or "the app") collects, uses, and protects your personal information.
Read this in plain English first: Atlas treats your data like the private medical record it is. We don't sell anything. We don't run ads. We only use your data to power features you've explicitly enabled in the app.
If you have questions, email support@atlashealth.app.
Atlas collects only information you explicitly provide or generate within the app. We do NOT collect device location, contacts, browsing history, advertising identifiers, or any data from outside the app.
The categories we collect:
Account Information. Your email address and password when you create an account. Passwords are never stored in plaintext — they're hashed and managed by our authentication provider (Supabase).
Profile Information. Your name, age, sex, height, weight, body fat percentage, goals (cut/maintain/bulk), training frequency, and unit preferences. You enter these during onboarding and can update or delete them at any time.
Health and Wellness Data. Bloodwork panels you import (markers, values, reference ranges, lab provider, date), supplements and protocol items you log, weight measurements, food log entries (calories, macros, foods consumed), workout history (exercises, sets, reps, durations, completion status), and AI chat conversations with Atlas.
Apple Health Data (optional). If you connect Apple Health, Atlas reads weight measurements and step counts from HealthKit, and writes your Atlas-logged weight entries back to Apple Health for two-way sync. This data stays on your device and is only synced to our servers when you explicitly take an action that records it (e.g., tapping "Sync from Apple Health" on the Weight Tracker or logging a weight entry in Atlas). You can disconnect Atlas from Apple Health at any time in iOS Settings → Health → Sources → Atlas.
Subscription Information. When you purchase Atlas Pro or Atlas Premium, Apple processes the payment. We receive only the subscription tier and renewal status — never your credit card, Apple ID, or billing address.
All Atlas data is stored on Supabase, a managed PostgreSQL provider that complies with SOC 2 Type II. Your data is stored in a private row protected by Row Level Security (RLS) policies — this means your records can only be read or modified by your authenticated account. No other Atlas user, no Atlas employee without explicit break-glass access, and no third party can read your data.
Data in transit between your device and our servers is encrypted with TLS 1.2+. Data at rest in Supabase is encrypted with AES-256.
The raw image bytes you upload for vision scans (meal photos, lab panel images, supplement labels) are not stored on our servers after extraction. Only the structured data extracted from them (macros, marker values, ingredient lists) is saved to your account.
We do NOT store data in third-party advertising networks, analytics tools that fingerprint users, or marketing databases.
Atlas uses Claude, an AI service operated by Anthropic, Inc. (548 Market St #20120, San Francisco, CA 94104), to power several features. The AI features and what each one sends to Anthropic:
The first time you use any of the AI features above, Atlas displays an in-app consent screen identifying Anthropic, listing what data will be sent for the feature you're invoking, and explaining how Anthropic handles that data. You must explicitly tap "I agree, continue" before any data leaves your device. You can revoke consent at any time by deleting your Atlas account (Settings → Delete account), which also wipes all data Atlas has stored on your behalf.
Anthropic processes the data Atlas sends solely to generate the response Atlas requested. Per Anthropic's commercial API terms, Anthropic does not use your data to train their AI models. Anthropic may retain inputs and outputs for up to 30 days for trust and safety monitoring, after which the data is deleted. Anthropic's own privacy practices are published at https://www.anthropic.com/legal/privacy.
The response Anthropic returns is cached on your private Atlas record so reopening the same panel or chat doesn't trigger another paid AI call. Our Anthropic API key is stored in our backend environment and never exposed to your device. You are not billed for AI usage directly — your subscription tier covers the cost. If you delete a chat thread, scan result, or lab panel, the cached AI response is deleted with it.
Atlas never sends your password, payment information, account email, device identifiers, or any data unrelated to the specific AI feature you're invoking.
You can:
Delete your account. Settings → Delete account. A two-step confirmation prevents accidents. Deletion is immediate and irreversible — your profile, bloodwork, food log, weight history, workout history, protocol, recipes, and AI chat history are wiped from our servers within seconds. After deletion, Atlas retains no personally identifiable information about you.
Request a copy of what's stored. Email support@atlashealth.app from your account email and we'll send you everything within 30 days, free of charge.
Withdraw consent. Stop using Atlas at any time. Disconnect Apple Health in iOS Settings. Cancel your subscription via Apple's subscription management.
If you reside in California, the EU, the UK, or another jurisdiction with comprehensive privacy laws (CCPA, GDPR, UK-GDPR, etc.), you have additional statutory rights including data portability, correction, and the right to lodge a complaint with a supervisory authority.
Atlas is not intended for users under 13. We do not knowingly collect data from children. If you believe a minor has created an Atlas account, contact us and we'll delete it.
Atlas is not a medical device. Atlas does NOT diagnose, treat, cure, or prevent any disease. AI insights and recommendations are informational only and are not a substitute for professional medical advice. Always consult a qualified healthcare provider before making changes to your medications, supplements, or treatment.
Atlas uses the following sub-processors:
| Provider | Purpose | What they receive |
|---|---|---|
| Supabase | Auth + database | All Atlas data, stored under Row Level Security |
| Anthropic | AI processing (Claude) | Per-request: chat message + Atlas context, or scanned image, or lab panel data. Not used for model training. |
| Apple | App distribution + IAP + HealthKit | Subscription status only. HealthKit data stays on your device. |
| Expo (EAS) | Build pipeline | Source code at build time |
We have data processing agreements with Supabase and Anthropic. None of these providers sell your data or use it for advertising.
We will update this policy as Atlas evolves. Material changes will be notified in-app at least 14 days before taking effect. Continued use of Atlas after a change means you accept the updated policy.
The current version is always available at: https://lukehharris1.github.io/atlas-legal/privacy.html
Questions, complaints, or data requests:
support@atlashealth.app
Atlas is operated by Luke Harris (Individual). For physical correspondence, email first and we'll provide a mailing address.