Privacy Policy

1. Overview

Atara (“we”, “our”, “us”) is committed to protecting your privacy. This policy explains what information we collect, how we use it, and your rights regarding your data.

We comply with the General Data Protection Regulation (GDPR) and applicable Bulgarian data protection laws.

2. Data We Collect

2a. Local Storage (No Account Required)

When using Atara without an account, all your fasting data is stored exclusively on your device using the browser's local storage. This data never leaves your device and is not accessible to us.

This includes: fasting start/end times, completion status, target hours, and history.

2b. Account Data (Atara+ Subscribers)

When you create an account, we collect via Clerk (our authentication provider):

• Email address
• Name (optional)
• OAuth profile data if using Google/Apple login
• Authentication tokens and session data

2c. Payment Data

Payments are processed by Stripe. We do not store your card details. Stripe collects and processes payment information in accordance with their own privacy policy. We receive only a subscription status identifier.

2d. Future: Cloud Sync

When cloud sync is enabled (a future Atara+ feature), your fasting history will be stored securely in our database. You will be explicitly notified before this feature is activated.

3. How We Use Your Data

• To authenticate your identity and manage your account
• To process subscription payments and manage your billing
• To provide and improve the Atara service
• To send transactional emails (receipts, account notifications)
• To respond to support requests

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Third-Party Services

• Clerk — Authentication. Privacy Policy
• Stripe — Payment processing. Privacy Policy
• Vercel — Hosting and analytics. Privacy Policy

5. Data Retention

We retain your account data for as long as your account is active. If you delete your account, your personal data will be removed within 30 days, except where retention is required by law.

Local storage data on your device is entirely under your control and can be cleared at any time through your browser settings.

6. Your Rights (GDPR)

Under GDPR, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate personal data
• Request deletion of your personal data (“right to be forgotten”)
• Object to processing of your personal data
• Request data portability
• Withdraw consent at any time

To exercise these rights, contact us at privacy@atarafast.com

7. Cookies

Atara uses only essential cookies for authentication session management. We do not use tracking, advertising, or analytics cookies.

8. Children's Privacy

Atara is not intended for use by children under the age of 16. We do not knowingly collect personal data from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the “Last updated” date and, where appropriate, by email notification.

10. Contact

For privacy-related inquiries: privacy@atarafast.com

For general support: support@atarafast.com