Log In Get Started
Log In Get Started

Privacy Policy

Last updated: February 2026

1. Introduction

AttoPhase, registered with the Dutch Chamber of Commerce (KVK 94787603), ("we", "our", or "us") is the data controller for personal data processed through our requirements management and risk assessment service ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Service.

For questions about this policy or your personal data, contact us at hello@attophase.com.

2. Information We Collect

Account Information

When you create an account, we collect your email address, name, and organization name. We also collect billing information if you subscribe to a paid plan.

Your Data

We store the data you upload to the Service, including requirements, risks, tests, test results, documents, and related content. This data belongs to you.

Usage Information

We automatically collect information about how you use the Service, including log data, device information, and analytics data to improve the Service.

3. How We Use Your Information

We use your information for the following purposes and legal bases under GDPR:

  • Providing the Service (contract performance): To operate your account, store your data, process transactions, and send service-related messages
  • Improving the Service (legitimate interest): To monitor and analyze usage trends and improve functionality
  • Security (legitimate interest): To detect, investigate, and prevent fraudulent or unauthorized activity
  • Support (contract performance): To respond to your comments, questions, and requests

4. Data Storage and Security

Your data is stored on secure servers provided by our infrastructure partners. We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction.

We use industry-standard encryption for data in transit (TLS) and at rest. Access to your data is restricted to authorized personnel on a need-to-know basis.

5. Data Sharing

We do not sell your personal information. We may share your information only in the following circumstances:

  • Service Providers: With third-party vendors who assist in providing the Service (e.g., hosting, payment processing)
  • Legal Requirements: If required by law or in response to valid legal process
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you have given us explicit permission

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete your data within 30 days, except where we are required to retain it for legal or regulatory purposes.

7. Your Rights

Under GDPR, you have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate personal information
  • Delete your personal information
  • Export your data in a portable format (data portability)
  • Object to or restrict certain processing of your data
  • Withdraw consent at any time, where processing is based on consent

To exercise these rights, please contact us at hello@attophase.com. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. For the Netherlands, this is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

8. Cookies

We use cookies and similar technologies to provide and improve the Service. These include:

  • Essential Cookies: Required for the Service to function (e.g., authentication and session management)
  • Analytics Cookies: We may use analytics cookies or similar technologies to understand how the Service is used. Where such cookies are used, we will obtain your consent before setting them.

You can control cookies through your browser settings, but disabling essential cookies may affect the functionality of the Service.

9. International Data Transfers

The Service is hosted on infrastructure provided by our sub-processors, which may involve data transfer outside the European Economic Area (EEA). Where such transfers occur, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs) or adequacy decisions to ensure your data remains protected in accordance with GDPR.

10. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: hello@attophase.com