Privacy Policy
Introduction
ipsolabs ("we", "us", "our") operates the myAtlas application ("the App"). This Privacy Policy explains how we collect, use, and protect your information when you use the App.
Key principle: myAtlas is a local-first application. Your tasks, notes, and personal content are stored on your device and never transmitted to our servers unless you explicitly enable cloud sync.
Information We Collect
Information stored locally only (never sent to us)
- Tasks, notes, lists, and all content you create in the App
- Vault files (Markdown documents on your device)
- App preferences and settings
- Encryption keys (stored in your device's secure storage)
Information collected when you create an Ipso Account
If you choose to create an account (optional), we collect:
- Email address — used for account identification and password recovery
- Authentication tokens — managed by AWS Cognito for secure sign-in
- User ID — a unique identifier assigned to your account
Information collected when you subscribe to Pro
If you purchase a subscription, the following is processed by our payment provider:
- Subscription status — active, expired, trial, or cancelled
- Purchase receipts — processed by RevenueCat (our subscription management provider) and the respective app store (Apple App Store or Google Play)
- Anonymous subscriber ID — used to sync subscription status across devices
We do not receive or store your payment card details. All payment processing is handled by Apple, Google, or Stripe (for web purchases).
Information collected automatically
- Crash reports — sent to Sentry and Firebase Crashlytics to help us fix bugs. These may include device type, OS version, and stack traces. They do not include your personal content.
- Website analytics — collected by Umami, a privacy-first analytics service. Umami does not use cookies, does not collect personal data, and does not track users across sites. Data is aggregated and anonymous (page views, referrer, country).
How We Use Your Information
- Account management — to authenticate you and sync your subscription status across devices
- Subscription delivery — to verify your Pro subscription and enable paid features
- Bug fixing — to identify and resolve crashes and errors
- App improvement — to understand which features are used and improve the App
We do not:
- Sell your personal information to third parties
- Use your data for advertising
- Read, analyze, or access your local content (tasks, notes, files)
- Train AI models on your data
Cloud Sync (Optional Paid Feature)
If you enable cloud sync (ipso-one subscription):
- Your task data is encrypted on your device using AES-256-GCM before transmission
- Encrypted data is stored in AWS DynamoDB
- We cannot read your encrypted data — only your device holds the encryption key
- You can transfer your encryption key between devices using a recovery phrase
- Disabling cloud sync removes your data from our servers
Third-Party Services
We use the following third-party services. Each service receives only the minimum data necessary for its function:
| Service | Purpose | Data Shared | Legal Basis (GDPR) | Privacy Policy |
|---|---|---|---|---|
| AWS Cognito | Authentication & account management | Email address, user ID, authentication tokens | Contract performance | AWS Privacy |
| AWS DynamoDB | Cloud sync storage (encrypted) | Client-side encrypted task data only — we cannot read it | Contract performance | AWS Privacy |
| RevenueCat | Subscription management | Anonymous subscriber ID, purchase receipts, subscription status | Contract performance | RevenueCat Privacy |
| Stripe | Web payment processing | Payment details (handled entirely by Stripe, not stored by us) | Contract performance | Stripe Privacy |
| Sentry | Crash reporting & error tracking | Device type, OS version, app version, stack traces. No personal content. | Legitimate interest | Sentry Privacy |
| Firebase Crashlytics | Crash reporting (iOS/Android) | Device info, crash logs, app state at time of crash. No personal content. | Legitimate interest | Google Privacy |
| Umami | Website analytics (privacy-first) | Anonymous page views, referrer, country. No cookies, no personal data, no cross-site tracking. | Legitimate interest | Umami Privacy |
What we store locally on your device:
- SQLite database — all tasks, notes, and content stored locally. The source of truth for your data. Never transmitted without explicit opt-in.
- Markdown exports — portable file exports (YAML frontmatter) for backup and interoperability.
- Encryption key — stored in platform-native secure storage (iOS Keychain, Android Keystore, macOS Keychain). Never transmitted to our servers.
- Preferences — theme, notification settings, and UI state stored via SharedPreferences. Never transmitted.
Data Retention
- Local data: Stored on your device indefinitely. You control deletion.
- Account data: Retained while your account is active. Deleted upon account deletion request.
- Subscription data: Retained by RevenueCat per their retention policy.
- Crash reports: Retained for 90 days by Sentry and Firebase.
Your Rights
You have the right to:
- Access your data — your local data is always accessible on your device as standard Markdown files
- Delete your account — use the "Delete Account" button in the App, which removes your Cognito identity and all cloud data from our servers
- Export your data — use the in-app ZIP export, or copy your vault folder directly. Cloud data can be exported via Settings > Data > Export Cloud Data (JSONL format)
- Opt out of crash reporting — contact us at privacy@ipsolabs.io
GDPR (European Users)
If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under GDPR:
- Right of access — request a copy of personal data we hold about you. For cloud data, use the in-app export feature. For account data, contact privacy@ipsolabs.io.
- Right to rectification — request correction of inaccurate data
- Right to erasure — request deletion of your data. Use the "Delete Account" button in the App, or contact us.
- Right to restrict processing — request that we limit how we use your data
- Right to data portability — your data is stored in portable Markdown format. You can copy it at any time without our involvement.
- Right to object — object to processing based on legitimate interest (crash reporting, analytics)
- Right to lodge a complaint — you may file a complaint with your local data protection authority
To exercise any of these rights, email us at privacy@ipsolabs.io. We will respond within 30 days.
CCPA (California Users)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
- Right to know — you may request the categories and specific pieces of personal information we have collected about you
- Right to delete — you may request deletion of your personal information
- Right to opt-out of sale — we do not sell, share, or rent your personal information to third parties for monetary or other valuable consideration
- Right to non-discrimination — we will not discriminate against you for exercising your privacy rights
To exercise your rights, email privacy@ipsolabs.io or use the in-app account deletion feature. We do not require identity verification beyond your account credentials, as we hold minimal personal data.
Do Not Sell My Personal Information
ipsolabs will never sell your personal information. We have never sold personal information and never will. Privacy is a core principle of this project, not a negotiable policy.
Children's Privacy
The App is not directed at children under 13. We do not knowingly collect information from children under 13. If you believe we have collected such information, contact us at privacy@ipsolabs.io.
Security
We implement industry-standard security measures:
- AES-256-GCM client-side encryption for cloud sync data
- TLS 1.2+ for all network communication
- AWS Cognito for secure authentication
- Encryption keys stored in platform-native secure storage (Keychain on iOS, Keystore on Android)
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes through the App or by email.
Contact Us
For privacy-related questions or requests:
- Email: privacy@ipsolabs.io
- Website: https://ipsolabs.io/privacy