HomeAtmos

Privacy Policy

Last updated: May 21, 2026

1. Introduction

Atmos ("we", "our", or "the app") is an air quality and weather application built in Oslo, Norway. This policy applies to both the Atmos iOS app and the Atmos website. We take your privacy seriously and are committed to protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR) and Norwegian data protection law.

2. Data We Collect

Account Information

  • Email address and display name (when you create an account)
  • If you sign in with Google (web only), your Google name and email are synced to your profile
  • Authentication tokens stored locally on your device

Health Questionnaire

  • Home environment details (home type, building age, floor level, ventilation type, stove type)
  • Lifestyle factors (cooking frequency, exhaust hood, air purifier, window usage)
  • Health concerns (e.g. asthma, allergies, COPD, heart condition)
  • Other factors (smoking, pets, proximity to heavy traffic)
  • This data is used solely to calculate your personalized indoor air quality estimates

Location Data

  • GPS coordinates (with your permission) to fetch local air quality and weather data
  • Saved locations (e.g. Home, Work, Gym) are stored locally on your device, not on our servers
  • Your coordinates are sent to third-party APIs to retrieve localized weather and air quality data
  • On the web, if you do not grant GPS permission, your approximate location may be estimated from your IP address via Geoapify

Motion and Activity Data (iOS only)

  • With your permission, the app uses device motion sensors to detect activity type (walking, running, stationary)
  • This is used to estimate time spent outdoors vs. indoors for your exposure score
  • Activity minutes are stored locally on your device by default
  • Data is only sent to our servers when you explicitly tap "Log Exposure" in the Exposure tab

Exposure Records

  • Daily outdoor/indoor hours, outdoor and indoor AQI, and calculated exposure scores
  • Only recorded when you explicitly log exposure
  • Stored in your account to track health trends over time

Device Token (iOS only)

  • When you grant notification permission, Apple provides a device token — a unique identifier for your device
  • This token is stored on our servers (Supabase, EU) solely to deliver weather and air quality push notifications
  • It is automatically deleted when you sign out

App Preferences

  • Dismissed prompts and display preferences
  • These are stored locally on your device only

3. How We Use Your Data

  • Display real-time air quality, weather, UV, and pollen information for your location
  • Calculate personalized indoor air quality estimates based on your questionnaire responses
  • Track your air quality exposure over time when you choose to log it
  • Provide weather and air quality forecasts for your area
  • Authenticate your account and sync your profile data across sessions

We do not use your data for advertising, profiling, or marketing purposes.

4. Third-Party Services

We use the following third-party services. Your data shared with each is limited to what is necessary for the service to function:

ServicePurposeData Shared
WAQI (waqi.info)Real-time air quality indexGPS coordinates
YR / Met.noPrimary weather data (temperature, wind, conditions)GPS coordinates
Open-MeteoUV index, visibility, and AQI forecastsGPS coordinates
OpenWeatherPollen level dataGPS coordinates
Apple MapKitLocation search and geocodingSearch queries, coordinates
Geoapify (web only)IP-based location fallbackIP address
Supabase (EU)Authentication and databaseAccount, questionnaire, exposure data
Google OAuth (web only)Sign in with GoogleEmail, display name (from Google)
Vercel Analytics (web only)Anonymous website analyticsPage views, performance (no personal data)

Each service operates under its own privacy policy. We encourage you to review them.

5. Data Storage

Stored on Our Servers (Supabase, EU)

  • User profile (email, display name)
  • Questionnaire responses
  • Exposure records (only when you explicitly log them)
  • Device push token (stored while signed in, deleted on sign out)

Stored Locally on Your Device Only

  • Authentication tokens
  • Saved locations (Home, Work, etc.)
  • Daily activity minutes (outdoor, home, office, gym)
  • Display preferences
  • Cached email and avatar initial (for offline display)

We do not sell, rent, or share your personal data with third parties for advertising or marketing.

6. Tracking and Advertising

  • Atmos does not use any advertising SDKs or ad networks
  • We do not collect or use the Apple Identifier for Advertisers (IDFA)
  • We do not track you across other apps or websites
  • The iOS app contains no analytics SDKs — all analytics are website-only (Vercel Analytics, anonymous)

7. App Permissions (iOS)

Atmos may request the following permissions. All are optional and you can deny or revoke them at any time in iOS Settings:

  • Location (When In Use) — To show air quality and weather for your current location and to track outdoor exposure
  • Motion & Fitness — To detect activity type and estimate time spent outdoors for your exposure score
  • Notifications — To send daily weather briefings, rain alerts, pollen alerts, and air quality alerts

No other permissions (camera, microphone, contacts, calendar, HealthKit) are requested or used.

8. Your Rights (GDPR)

Under the GDPR and Norwegian data protection law (Personopplysningsloven), you have the right to:

  • Access — Request a copy of all personal data we hold about you
  • Rectification — Correct inaccurate or incomplete data
  • Erasure — Delete your account and all associated server-side data
  • Portability — Receive your data in a machine-readable format
  • Withdrawal of Consent — Revoke any permissions at any time
  • Complaint — File a complaint with the Norwegian Data Protection Authority (Datatilsynet)

To exercise any of these rights, contact us at the email below. We will respond within 30 days.

9. Data Retention

  • Account data is retained for as long as your account is active
  • If you delete your account, all server-side data (profile, questionnaire, exposure records) is permanently deleted
  • Locally stored data (saved locations, activity minutes, tokens) is cleared when you sign out or uninstall the app
  • Vercel Analytics data is anonymized and retained per Vercel's data retention policy

10. Security

  • All data transmitted between the app and our servers is encrypted using HTTPS/TLS
  • Authentication uses secure token-based sessions with automatic refresh
  • Passwords are never stored locally — authentication is handled by Supabase
  • Google OAuth uses the PKCE flow for secure token exchange

11. Children's Privacy

Atmos is not directed at children under 13 (or under 16 in the EU/EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date. If we make material changes, we will notify you through the app or by email.

13. Contact

If you have questions about this privacy policy, want to exercise your data rights, or have concerns about how your data is handled, contact us at:

breathe@atmos.guide

You may also file a complaint with the Norwegian Data Protection Authority (Datatilsynet) at datatilsynet.no.