How Atelier Logos protects the people behind every request.

We are an LLM solutions studio that treats privacy as a feature. This page explains how we collect, use, secure, and share the data you entrust to us so you can partner with confidence.

Key data we work with

Contact data: names, titles, business emails, and phone numbers you provide when you request a consultation or access deliverables.
Project context: architecture notes, spec docs, and logs that we process on your behalf for product and engineering work.
Usage insights: analytics (e.g., page visits, clicks) that help us improve this website and make our proposals sharper.
Payments: invoice metadata, vendor references, and budget approvals required for retainer agreements.

How we collect data

We rely on explicit customer inputs (emails, forms), integrations with tooling you authorize (e.g., analytics, scheduling), and the cookies that power necessary sessions. All marketing tracking can be disabled through our cookie banner, and you are welcome to email us at hello@atelierlogos.com if you prefer we remove you from our lists.

Data processing principles

Lawfulness, fairness and transparency

We only process personal data when there is a lawful basis, we share clear notices, and we never surprise people with uses they did not expect.

Purpose limitation

Data collected for one objective—such as delivering a discovery report—will not be repurposed for unrelated marketing without explicit consent.

Data minimization

We gather only the fields that enable service delivery and prune logs, analytics, and backups on a regular cadence.

Accuracy

Customers control their contact information and we provide easy ways to update, delete, or confirm it at any time.

Storage limitation

Personal data is retained only as long as needed; project data is expired when contracts close and access tokens rotate quarterly.

Integrity and confidentiality

Secure defaults, encryption in transit (TLS 1.3) and at rest, and role-based access ensure only authorized employees can reach sensitive records.

How we secure it

We host services on managed providers (AWS, Vercel, Supabase) with SOC 2 Type II controls. We encrypt all data in transit (TLS 1.3) and at rest, rotate secrets quarterly, and require multi-factor authentication plus least-privilege approvals before granting new tool access. Incident response runs on a documented plan and is tested annually.

Third-party processors (Stripe, Cal.com, PostHog, Resend) are bound by our Data Processing Agreement and we conduct regular reviews of their certifications, data transfer rules, and subprocessors.

Your rights

Depending on your jurisdiction, you may have additional rights. We respect them all. Submit requests at hello@atelierlogos.com.

Access: request a copy of the data we hold.
Correction: ask us to update inaccurate or incomplete information.
Deletion: remove personal data from our systems.
Portability: extract data in a machine-readable format.
Restriction: limit processing while a dispute is resolved.
Objection: stop profiling or direct marketing based on personal data.

Contact & updates

We publish policy changes at least 30 days before they take effect. If you are a client, we will surface notices inside the shared workspace and by email. You can also reach us directly at hello@atelierlogos.com.