Privacy Policy

Last updated: June 10, 2026

1. Introduction

This Privacy Policy describes how Atreo Labs Ltd. ("we", "us") collects, uses, and protects your personal information when you use atreoLINK.

Atreo Labs Ltd. (company number 17157164, registered in England and Wales, registered office: Collingwood Buildings, 38 Collingwood Street, Newcastle upon Tyne, NE1 1JF, United Kingdom) is the data controller for the personal information described in this policy. You can contact us about anything in this policy at privacy@atreolabs.com.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • A one-way login credential derived from your password on your device. Your password itself never leaves your device and is never sent to us; we store the derived credential as a salted hash.
  • An encrypted backup of your identity key, encrypted on your device before it is sent to us. We do not hold the key needed to decrypt it.
  • Two-factor authentication secrets (encrypted)
  • Your chosen subdomain and, on eligible plans, any custom domain you register

2.2 Device Information

When you pair a server or mobile device with atreoLINK, we collect:

  • Device name and identifier
  • Public keys used for pairing and tunnel establishment
  • Push delivery tokens for devices you pair for notifications (Apple/Google push tokens via Expo, or a Web Push subscription for browsers)
  • Connection metadata (IP address, connection timestamps)

2.3 Usage Data

We collect basic usage data to operate and improve the service:

  • Login timestamps and session data
  • Tunnel coordination metadata (which devices requested a connection to which server, and when; never the traffic itself, which flows directly between your device and your server without passing through our infrastructure)

2.4 App Catalog

When you register an app on your server (its name, internal URL, icon, and which family members can reach it), this configuration is stored on atreoLINK so it can be relayed to your agent and to your family's devices. We see the names and internal addresses of the apps you have configured.

2.5 Push Notification Relay

When an app on your server sends a push notification to an invited family member, atreoAGENT (running on your server) encrypts the payload and we relay it to the recipient's device. The payload is encrypted end-to-end between atreoAGENT and the recipient device — we cannot read its contents. We retain the encrypted payload, together with the routing metadata required to deliver it (sender and recipient device identifiers, timestamps, and delivery status), only until it is rotated out by newer notifications. We keep at most the 100 most recent notifications per recipient; once that cap is reached, each new notification causes the oldest one to be permanently deleted from our infrastructure and from the app's notification history. This bounded archive lets us deliver to devices that come back online and retry failed deliveries, and lets recipients view recent notification history in the atreoLINK app. Notifications that were not delivered before being rotated out by newer arrivals will not be delivered.

2.6 Payment Information

All payment processing is handled by Paddle.com, our Merchant of Record. We do not collect, store, or have access to your credit card numbers or payment method details. Please refer to Paddle's privacy policy for information about how they handle payment data.

2.7 Mailing List

If you sign up for our waitlist, beta programme, or product update emails, we collect your email address and the date you subscribed. This list is operated using Loops, who process subscriber data on our behalf to deliver these emails. You can unsubscribe at any time using the link in any email we send, or by contacting privacy@atreolabs.com. Marketing emails are separate from transactional account emails, which you cannot opt out of while your account is active.

3. Information We Do Not Collect

atreoLINK is designed so that we cannot see the contents of the traffic flowing between your family and your server:

  • We cannot see traffic through the WireGuard tunnel. Tunnel traffic flows directly between your device and your server — it does not pass through our infrastructure — and it is encrypted end-to-end; we do not hold the keys.
  • We cannot see the contents of push notifications. Payloads are encrypted end-to-end between atreoAGENT (running on your server) and the recipient device; we do not hold the keys.
  • We do not scan, index, or analyse the contents of any data you send through the service.

4. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the atreoLINK service
  • Authenticate your identity and secure your account
  • Provision subdomains and relay ACME DNS challenges so your agent can issue TLS certificates
  • Coordinate encrypted tunnels between your devices and your server (the tunnel traffic itself flows directly between them, not through our infrastructure) and relay end-to-end encrypted push notifications
  • Send service-related notifications (account alerts, security notices, billing reminders)
  • Investigate and prevent abuse or violations of our Terms
  • Improve the service based on aggregate usage patterns

5. Legal Bases for Processing

Where UK or EU data protection law applies, we rely on the following legal bases:

  • Performance of a contract: account information, device information, app catalog configuration, push relay, and usage data needed to provide the service you signed up for.
  • Legitimate interests: securing the service, preventing abuse and fraud, and improving the service based on aggregate usage patterns.
  • Consent: waitlist, beta, and product update emails. You can withdraw consent at any time by unsubscribing.
  • Legal obligation: retaining billing records required by tax and financial regulations, and responding to lawful requests.

6. Information We Share

We do not sell your personal information. We share information only in the following circumstances:

  • Hosting: Our control plane and databases are hosted on DigitalOcean. Account information and metadata stored by atreoLINK reside on DigitalOcean infrastructure. Refer to DigitalOcean's privacy policy for details.
  • Edge, DNS, and bot protection: We use Cloudflare for edge delivery, DNS, and Turnstile bot protection on our registration and password reset forms. Cloudflare processes technical information (IP address, request metadata, browser characteristics) to route requests and perform verification. Refer to Cloudflare's privacy policy for details.
  • Transactional email: Password reset and other account emails are delivered via Postmark. Postmark processes your email address and the contents of those messages to deliver them. Refer to Postmark's privacy policy for details.
  • Marketing email and mailing list: Waitlist signups, beta invites, and product update emails are delivered via Loops. Loops processes your email address and the contents of those messages to deliver them and to manage subscriptions. Refer to Loops' privacy policy for details.
  • Payment processing: Account and transaction details are shared with Paddle to process payments and manage subscriptions.
  • Push delivery: Encrypted push notification payloads for mobile devices are delivered via the Expo Push service, which routes them to Apple Push Notification service (iOS) or Firebase Cloud Messaging (Android). Browser notifications are delivered via the Web Push service operated by your browser vendor (for example Google, Mozilla, or Apple). Expo and these providers see routing metadata and the encrypted blob, but cannot read the encrypted payload.
  • Legal requirements: We may disclose information if required by law, court order, or governmental regulation. Where permitted, we will notify you before doing so.

7. International Transfers

Some of the providers listed above process data outside the United Kingdom and the European Economic Area, including in the United States. Where they do, we rely on appropriate safeguards recognised by UK and EU data protection law, such as adequacy regulations (including the UK Extension to the EU-U.S. Data Privacy Framework, where the provider is certified), standard contractual clauses, or the UK International Data Transfer Addendum.

8. Data Retention

  • Active accounts: We retain your account information and metadata for as long as your account is active.
  • Cancelled accounts: Account information may be retained for operational and legal purposes after closure. You may request deletion at any time by contacting privacy@atreolabs.com.
  • Push notification payloads: We retain at most the 100 most recent notifications per recipient. When a new notification arrives at the cap, the oldest is permanently deleted from our infrastructure in the same transaction; there is no separate time-based expiry. Recipients can view recent notification history in the atreoLINK app within this bounded window only; once a notification has been rotated out it is gone from our infrastructure and from the app. Notifications that were not delivered before being rotated out by newer arrivals are lost. We never have access to payload contents.
  • Billing records: We may retain minimal billing records as required by applicable tax and financial regulations.

9. Data Security

We implement appropriate technical and organisational measures to protect your information, including:

  • Encryption in transit (TLS) for all connections to our control plane
  • End-to-end encryption for tunnel traffic (WireGuard) and push notification payloads
  • Mandatory two-factor authentication (TOTP) for all customer accounts
  • Salted password hashing
  • Regular security reviews

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Delete your account and associated data
  • Export your account data
  • Object to certain processing activities

To exercise any of these rights, contact us at privacy@atreolabs.com.

If you are in the UK, you also have the right to lodge a complaint with the Information Commissioner's Office (ico.org.uk). If you are in the EU/EEA, you may complain to your local data protection supervisory authority. We would appreciate the chance to address your concerns first, but you may contact a supervisory authority at any time.

11. Cookies and Local Storage

The atreoLINK web application stores an authentication token and related session state in your browser's local storage; this is essential for signing you in and keeping you signed in. Cloudflare Turnstile, used for bot protection on our registration, password reset, and waitlist forms, may set strictly necessary cookies as part of its verification. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

12. Children's Privacy

atreoLINK is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the service at least 30 days before they take effect.

14. Contact

For privacy-related questions or requests, contact us at privacy@atreolabs.com.