Atapata

Privacy Policy

Effective Date: June 20, 2026

Last Updated: June 20, 2026

1. About Us

Atapata is a digital business card and contact management application operated by HydraLabs, a sole proprietorship based in Karachi, Pakistan (“Atapata,” “we,” “us,” or “our”).

If you have questions about this policy or your data, contact us at support@atapata.app.

2. What This Policy Covers

This Privacy Policy explains what information Atapata collects when you use our mobile app, web service, and physical NFC business cards, how we use it, who we share it with, and the choices you have.

By using Atapata, you agree to the practices described here.

3. Information We Collect

3.1 Information You Give Us

  • Account information: Email address, name, and password (stored as a one-way hash — we never see your plaintext password)
  • Profile information: Job title, company, phone number (optional), profile photo (optional), and any other details you choose to add to your digital cards
  • Shipping information: When you order a physical NFC card, we collect your full name, phone number, shipping address, and city
  • Voice memos: Audio recordings you attach to saved contacts (stored privately to your account)
  • Card scans: Photos of business cards you scan with our OCR feature

3.2 Information We Generate

  • Contact data: When you scan a card, we extract text from the image and create a contact entry. This may include the other person's name, title, company, phone, email, and address as printed on their card.
  • Sharing data: When you share your card with someone, we record who shared what and when, so you can see your sharing history.
  • Card analytics: View counts, save counts, and recent activity on the digital cards you create.

3.3 Information Collected Automatically

  • Usage data: Screens you visit, features you use, and events such as creating a card, scanning a contact, or sharing a card. We use this to understand how Atapata is used and to improve it.
  • Device information: Device model, operating system version, app version, and a unique device identifier for push notifications.
  • Session recordings: During our beta program, we record interactions with the app (with sensitive fields like passwords automatically masked) to help us debug issues and improve the experience.

4. How We Use Your Information

We use your information to:

  • Provide the core service: create cards, scan contacts, store voice memos, deliver NFC card orders
  • Process payments through Safepay (when you order an NFC card)
  • Send transactional emails (email verification, password resets, order updates)
  • Send push notifications related to your account (such as when someone scans your card)
  • Improve the app based on usage patterns and error reports
  • Investigate reports of abuse, spam, impersonation, or harassment
  • Comply with applicable laws

We do not sell your data to anyone.

5. Who We Share Your Data With

To run Atapata, we share data with the following service providers. Each is bound by their own privacy commitments:

  • Google Cloud Vision — Card images are sent to Google's Vision API for text extraction during scanning. Google does not store these images for training purposes per their Vision API terms.
  • Anthropic Claude — Extracted text from card scans is sent to Anthropic for structuring (name, title, company, etc.). Anthropic's API does not retain customer data for training.
  • Cloudflare R2 — Card images, profile photos, and voice memos are stored in encrypted object storage.
  • Railway — Hosts our application servers and PostgreSQL database (located in the United States).
  • Resend — Sends transactional emails (verification, password reset, order confirmations) on our behalf.
  • PostHog — Collects usage analytics, error reports, and session recordings (with sensitive fields masked).
  • Sentry — Collects crash reports and application errors to help us diagnose bugs.
  • Safepay — Processes payments when you purchase an NFC card.
  • Expo, Apple, Google — Deliver push notifications to your device.

If you would like links to these providers' privacy policies, contact us at support@atapata.app.

We may also disclose information when required by law, court order, or government request from Pakistani authorities, or to protect our rights, our users, or the public.

6. Data You Add About Other People

When you scan a business card, you create a contact entry containing information about another person (their name, phone, email, etc.). You are responsible for ensuring you have a legitimate reason to collect and store this information — for example, because the other person voluntarily gave you their business card.

Atapata does not display this information publicly. It is visible only in your account.

If we receive a verified request from a person whose information appears in your contacts, we may notify you and ask you to remove the entry.

7. Data Retention

  • Active accounts: We keep your data while your account is active.
  • Deleted accounts: When you delete your account, we delete your data within 60 days. This includes your cards, contacts, voice memos, card images, and profile photos.
  • Logs and analytics: Operational logs are retained for up to 30 days. Analytics events may be retained longer for trend analysis but are not tied to deleted accounts after 60 days.
  • Legal holds: If we receive a lawful preservation request, we may retain data longer than 60 days for that specific case.

8. Your Choices

You can:

  • Edit your data — Update your profile, cards, and contacts at any time through the app
  • Delete your account — From within the app, which triggers permanent deletion within 60 days
  • Opt out of push notifications — Through your device settings
  • Request a copy of your data — Email support@atapata.app and we'll provide a JSON export
  • Request deletion — Even of a specific contact, voice memo, or card

9. Security

We protect your data with industry-standard measures:

  • Passwords are hashed using bcrypt with high cost factors
  • Authentication tokens are stored on your device's secure storage (Keychain on iOS, Keystore on Android)
  • All API traffic uses HTTPS encryption
  • Payment processing happens entirely on Safepay's infrastructure — we never see your card details
  • Refresh tokens are revoked when you change your password

No system is perfectly secure. If we discover a breach affecting your data, we will notify you and the relevant authorities as required by law.

10. Children's Privacy

Atapata is for users aged 13 and older. If you are under 13, please do not use Atapata or provide any information to us. If we learn that a child under 13 has provided us with information, we will delete it.

11. International Users

Atapata is operated from Pakistan. If you access the service from outside Pakistan, you understand that your data will be transferred to and processed in Pakistan and the United States (where our infrastructure providers operate).

12. Changes to This Policy

We may update this policy as Atapata evolves. If we make material changes, we will notify you through the app or by email. The “Last Updated” date at the top will reflect the most recent revision.

13. Contact Us

HydraLabs
Operator of Atapata
Karachi, Pakistan

For questions, data requests, or complaints related to your privacy:
Email: support@atapata.app