Privacy Policy

Last updated: April 27, 2026

This Privacy Policy explains how Atelier ("Atelier", "we", "our", or "us") collects, uses, discloses, and protects information when you use the Atelier web application, the Atelier Product Clipper browser extension, our marketing website, and related services (collectively, the "Service").

By using the Service you agree to the practices described in this policy. If you do not agree, please do not use the Service.

1. Who We Are

Atelier provides software for interior design firms to manage projects, clients, vendors, products, and pinboards. For the purposes of the EU and UK General Data Protection Regulation (GDPR), Atelier acts as the data controller for the personal data of account holders and visitors to our website, and as a data processor for the project, client, vendor, and product data that you and your organization ("Studio") upload into the Service.

2. Information We Collect

2.1 Account & Profile Information

When you sign up, we collect your name, email address, profile image, and the Studio you belong to. Authentication is handled by our identity provider (Clerk); we do not store your password.

2.2 Studio & Project Content

While using Atelier, you and other members of your Studio may submit content including:

• Client records (name, email, phone, address, notes)
• Vendor records (company details, contacts, websites)
• Projects, phases, tasks, schedules, and comments
• Products (names, brands, prices, materials, dimensions, images, source URLs)
• Pinboards, sections, and uploaded attachments
• Contracts and other documents you upload for analysis

This content is stored on behalf of your Studio. The Studio's administrators control who within the Studio can access it.

2.3 Browser Extension Data

The Atelier Product Clipper extension only activates on pages you explicitly choose to clip. It transmits the URL of that page (and, in some cases, the rendered HTML) to our servers so we can extract product information. The extension reads the Atelier session cookie solely to authenticate you. It does not track your general browsing activity.

2.4 AI Assistant Inputs

When you use Atelier's AI features (for example, assigning a task to the AI assistant or running the contract analyzer), the relevant prompts, task content, attachments, and Studio context required to complete the request are sent to our AI sub-processor (Anthropic) for processing. Outputs are written back to your Studio.

2.5 Technical & Usage Information

We automatically collect limited technical information such as IP address, browser type, device information, pages visited, and timestamps of requests. This is used for security, debugging, and to operate the Service.

2.6 Cookies

We use a small number of strictly necessary cookies, including the Clerk session cookie (__session) for authentication. We do not use third-party advertising or cross-site tracking cookies.

3. How We Use Your Information

We process information to:

• Provide, maintain, and improve the Service
• Authenticate users and secure accounts
• Extract product data from URLs you submit
• Run AI features you invoke (assistant, contract analysis, etc.)
• Send transactional and service-related communications
• Detect, prevent, and respond to fraud, abuse, or security incidents
• Comply with legal obligations and enforce our terms

We do not sell your personal information, and we do not use your Studio content to train AI models.

4. Legal Bases for Processing (EEA / UK Users)

Where GDPR applies, we rely on the following legal bases: performance of a contract (to provide the Service to you and your Studio), legitimate interests (to secure, debug, and improve the Service), compliance with legal obligations, and consent where required (for example, for non-essential cookies, where applicable).

5. Sub-processors & Sharing

We share information only with service providers ("sub-processors") that help us operate the Service. Each is bound by confidentiality and data-protection obligations. Current sub-processors include:

• Clerk — authentication, user management, and session cookies
• Railway — application hosting and managed PostgreSQL database
• Cloudinary — image storage, transformation, and delivery
• Anthropic — large-language-model processing for AI features (Claude)
• Firecrawl — web page fetching for product extraction
• Browserbase — headless browser rendering for product extraction (when enabled)

We may also disclose information when required by law, to enforce our terms, to protect the rights, property, or safety of Atelier, our users, or others, or as part of a business transfer (e.g. merger or acquisition), in which case we will notify you in advance.

6. International Data Transfers

Atelier and several of our sub-processors are based in the United States. If you access the Service from outside the United States, your information will be transferred to, processed, and stored in the United States and other jurisdictions where our sub-processors operate. Where required, we rely on appropriate transfer mechanisms such as the EU Standard Contractual Clauses.

7. Data Security

We use industry-standard safeguards including TLS encryption in transit, encrypted storage at rest, scoped authentication tokens, role-based access controls within Studios, and regular dependency and security review. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. Data Retention

We retain account and Studio content for as long as your account is active or as needed to provide the Service. When you delete your account or your Studio cancels, we will delete or anonymize your personal data within a reasonable period, except where retention is required for legal, accounting, or security purposes (for example, backup retention windows).

9. Your Rights

Depending on where you live, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Request deletion of your data ("right to be forgotten")
• Restrict or object to certain processing
• Receive a copy of your data in a portable format
• Withdraw consent where processing is based on consent
• Lodge a complaint with your local data protection authority

To exercise any of these rights, contact us at privacy@getatelier.design. Note that some content (for example, project data) is owned by your Studio; we may direct you to your Studio administrator for those requests.

10. California Privacy Rights (CCPA / CPRA)

California residents have the right to know what personal information we collect, to request deletion or correction, and to opt out of any "sale" or "sharing" of personal information. Atelier does not sell or share personal information as those terms are defined under the CCPA. You may exercise your rights by contacting privacy@getatelier.design. We will not discriminate against you for exercising these rights.

11. Children's Privacy

Atelier is intended for business use and is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

12. Third-Party Sites

The Service may contain links to third-party websites (for example, the source URLs you clip). We are not responsible for the privacy practices of those sites and encourage you to review their policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you through the Service or by email. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions, requests, or complaints about this Privacy Policy or our handling of your personal data, please contact us at privacy@getatelier.design.