Skip to content

Privacy Policy

How AtomDigit collects, uses, and protects personal information. All binding policies live together on the Legal page.

Privacy Policy

2. Privacy Policy

Atom Digit LLC ("AtomDigit", "we", "us", or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains what personal data we collect, how we use it, with whom we share it, how long we keep it, and what rights you have in relation to it.

This policy applies to all individuals who interact with AtomDigit, including visitors to our website (atomdigit.com), prospective clients who submit enquiries, existing clients whose data we process in the course of delivering services, candidates who apply for roles, employees and contractors, and any other person whose personal data we hold.

As a digital transformation and AI services company that operates in the United States and serves clients globally, AtomDigit is subject to multiple privacy frameworks, including the General Data Protection Regulation (GDPR) where applicable to persons in the European Economic Area (EEA), the UK GDPR, and applicable US state privacy laws including the California Consumer Privacy Act (CCPA).

If you have any questions about this policy or wish to exercise any of your data rights, please contact our Privacy Lead at privacy@atomdigit.com.

1. Who We Are

Atom Digit LLC is a technology and AI services company operating in the United States. We provide B2B technology and AI services including digital transformation consulting, custom AI agent development, software and SaaS product development, digital experience design, digital marketing, AI Center of Excellence setup and management, and talent solutions.

Our dual role under data protection law: depending on the context, AtomDigit acts in different capacities.

  • As a Data Controller when we determine the purposes and means of processing personal data, such as data collected from website visitors, leads, marketing contacts, job applicants, and our own employees.
  • As a Data Processor when we process personal data on behalf of our clients under their instruction, such as when we access client systems, manage cloud infrastructure, build AI models trained on client datasets, or run digital marketing campaigns using client ad accounts and analytics platforms.

Where we act as a data processor, our processing is governed by a Data Processing Agreement (DPA) with the relevant client, and this Privacy Policy does not govern that processing. The client's own privacy policy applies to their end users.

2. What Personal Data We Collect

Personal data means any information from which a living individual can be identified, directly or indirectly. We collect the following categories of personal data, depending on your relationship with us.

2.1 Website Visitors. When you visit atomdigit.com, we automatically collect:

  • Technical identifiers: IP address, approximate geolocation derived from IP, browser type and version, operating system, device type, and screen resolution.
  • Behavioural data: pages visited, links clicked, time spent on each page, scroll depth, entry and exit pages, and referrer URLs.
  • Session data: session identifiers, date and time of your visit, and duration.
  • Cookie data: cookie identifiers and consent records. See Section 3 (Cookie Policy) below.
  • UTM and campaign parameters: if you arrive via a paid advertisement or marketing campaign, we record the campaign source, medium, and keyword.

2.2 Prospective Clients and Enquiries. When you contact us through our website contact form, by email, or by phone, we collect:

  • Identity information: your first name and last name.
  • Contact details: your business email address, phone number, and company name.
  • Role information: your job title or seniority level.
  • Enquiry content: the content of your message, including your project description, requirements, budget range, and any other information you choose to share.
  • Communication records: records of correspondence with you, including emails, call notes, and meeting summaries.

2.3 Clients and Client Contacts. When your organisation engages AtomDigit for services, we collect and hold:

  • Identity and contact information: names, job titles, business email addresses, and phone numbers of your designated contacts, project managers, and authorised users.
  • Contract and commercial information: signed agreements, statements of work, proposals, invoices, and payment records.
  • Access credentials provisioned by you: where required for service delivery, you may grant us access to your systems, including cloud platform credentials, code repositories, analytics accounts, ad accounts, content management systems, or databases. We treat all such credentials as strictly confidential, limit access to authorised team members only, and revoke all access at project conclusion.
  • Client business information: strategic plans, technical architecture documents, product roadmaps, and other confidential business information shared during an engagement.
  • Meeting and communication records: notes and summaries from discovery calls, project meetings, and status reviews. Where meetings are recorded, we will notify you in advance and obtain consent before recording.

2.4 Client AI and Software Projects. Where AtomDigit develops AI solutions, builds software, or manages data pipelines on your behalf, we may access or process:

  • Client datasets: proprietary datasets used to train, fine-tune, or evaluate AI models. These datasets may contain personal data belonging to your customers or employees.
  • Source code and intellectual property: client application code, algorithms, and technical documentation held in version control systems.
  • End-user behavioural data: analytics data from your website or application processed during digital experience design or marketing engagements.

In all such cases, AtomDigit acts as a data processor on your instructions, and the data remains yours. We do not use client data for any purpose other than delivery of the contracted services.

2.5 Digital Marketing Clients. Where AtomDigit manages SEO, paid media, or performance marketing campaigns on your behalf, we may access and process your Google Ads, Meta Ads Manager, and LinkedIn Campaign Manager account data; your Google Analytics or equivalent analytics data; conversion tracking data; and marketing audience and retargeting lists. This data is processed solely to deliver and optimise your marketing campaigns and is never used for AtomDigit's own marketing purposes.

2.6 Job Applicants and Candidates. When you apply for a position at AtomDigit or are referred to us as a candidate for a client's talent requirement, we collect:

  • Identity information: full name, date of birth (where required), photograph (where provided).
  • Contact details: personal email address, phone number, and residential address.
  • Professional history: CV or resume, employment history, educational qualifications, certifications, and professional references.
  • Right-to-work information: proof of identity, nationality, and work authorisation documents (e.g. passport, visa).
  • Background verification data: employment verification, education verification, and criminal background check results, where required by the role and conducted with your explicit consent.
  • Interview records: notes taken during interviews, assessment scores, and panel feedback.
  • Compensation information: current and expected compensation, where shared.

We collect only what is necessary for the specific role and jurisdiction. Sensitive personal data is collected only where strictly required and with your explicit consent.

2.7 Employees and Contractors. For individuals engaged by AtomDigit as employees or contractors, we collect and maintain all information listed under Section 2.6, plus:

  • Payroll and financial data: bank account details, tax identification numbers, salary details, and expense records.
  • HR and performance records: attendance records, leave applications, appraisal records, and disciplinary records where applicable.
  • IT access records: records of system access, login events, and devices issued.
  • Training completion records: records of mandatory security awareness and compliance training completion.

3. How We Collect Personal Data

We collect personal data through direct interactions (you provide data when you fill in our contact form, email us, call us, attend a meeting, enter into a service contract, apply for a job, or correspond with us); automated collection on our website (cookies, web server logs, and analytics tools, see the Cookie Policy below); from your organisation (your employer or client organisation may share your contact details as a designated project contact); from third-party sources (professional contact information from third-party data providers, LinkedIn, or publicly available professional directories for B2B outreach, where we have a legitimate interest); and in the course of service delivery (where you grant us access to your systems, we may encounter personal data within those systems, which we process only as instructed).

4. How We Use Your Personal Data

We process personal data only where we have a valid lawful basis: (a) your consent, (b) performance of a contract with you or your organisation, (c) our legitimate interests (where not overridden by your rights), and (d) compliance with a legal obligation.

PurposeData categories usedLawful basis
Responding to website enquiries and contact form submissionsIdentity, contact, enquiry contentLegitimate interests (pre-contractual engagement)
Providing proposals, statements of work, and entering into service contractsIdentity, contact, contract informationPerformance of contract
Delivering contracted services, including AI development, software development, digital marketing, and talent solutionsIdentity, contact, client business data, client datasets, access credentials, candidate dataPerformance of contract
Managing and tracking projects, communications, and client relationshipsIdentity, contact, communication recordsLegitimate interests (business administration)
Sending marketing communications, industry insights, and event invitationsIdentity, contact, marketing preferencesConsent (where required); legitimate interests (B2B marketing)
Administering our website (analytics, performance monitoring, troubleshooting)Technical, behavioural, cookie dataLegitimate interests; consent (non-essential cookies)
Recruiting employees and contractors for AtomDigitApplicant and candidate dataLegitimate interests (hiring); legal obligation (right-to-work)
Recruiting talent for client engagementsApplicant and candidate dataPerformance of contract; legitimate interests; consent (background checks)
Managing employee and contractor relationships, payroll, and HR administrationEmployee personal and financial dataPerformance of contract (employment); legal obligation
Security monitoring of our systems and networksIT access logs, technical dataLegitimate interests (information security); legal obligation
Complying with legal, regulatory, and tax obligationsAny relevant dataLegal obligation
Fraud prevention and protection of our rightsAny relevant dataLegitimate interests; legal obligation
Responding to data subject rights requestsIdentity and any relevant dataLegal obligation

Marketing and opting out. Where we send marketing communications, you have the right to opt out at any time. Every marketing email includes an unsubscribe link. You can also opt out by emailing privacy@atomdigit.com. Opting out of marketing will not affect our ability to contact you about services you have contracted with us, or to fulfil legal obligations.

AI model training, important notice. AtomDigit does not use client data, client datasets, or data relating to clients' end users to train, fine-tune, or improve AtomDigit's own AI systems or models. Any AI development work performed on client data is carried out exclusively for that client's benefit and is governed by the relevant service agreement and DPA. Our full responsible AI commitments are set out at /responsible-ai.

5. Disclosure of Your Personal Data

We do not sell your personal data to third parties. We do not share your personal data with third parties for their own marketing purposes. We share personal data only as described below.

5.1 Sub-processors and service providers. We engage carefully selected third-party service providers who process personal data on our behalf as sub-processors, subject to appropriate security measures and Data Processing Agreements. Our current sub-processors are listed in the Sub-Processors section below.

5.2 Client disclosures. Where we are engaged to recruit talent or provide talent solutions, candidate personal data is shared with the relevant client organisation as part of the placement process. Candidates are made aware of this at the point of data collection.

5.3 Professional advisors. We may share personal data with our legal counsel, auditors, accountants, and insurance providers on a strictly need-to-know basis and subject to confidentiality obligations.

5.4 Corporate transactions. If AtomDigit undergoes a merger, acquisition, restructuring, or sale of all or part of its business, personal data held by us may be transferred to the relevant successor entity. We will notify affected individuals as required by applicable law.

5.5 Legal and regulatory disclosures. We may disclose personal data to courts, regulators, law enforcement agencies, or government bodies where required by applicable law, or where we reasonably believe disclosure is necessary to protect the rights, property, or safety of AtomDigit, our clients, or the public.

6. International Transfers of Personal Data

AtomDigit operates in the United States and engages sub-processors in multiple jurisdictions, including the United States and the European Union. Personal data may therefore be transferred internationally in the course of our operations. Where personal data is transferred from the EEA, the UK, or other jurisdictions with transfer restrictions, we ensure that appropriate safeguards are in place. These may include the use of Standard Contractual Clauses (SCCs) approved by the European Commission or the UK Information Commissioner's Office, adequacy decisions, or other lawful transfer mechanisms. If you would like information about the specific safeguards in place, please contact us at privacy@atomdigit.com.

7. Data Security

Protecting personal data is a core part of AtomDigit's information security programme. We maintain technical and organisational security measures proportionate to the nature and sensitivity of the personal data we hold, including access control (need-to-know, least-privilege, role-based access controls, and multi-factor authentication enforced for all employee accounts); encryption (personal and client data encrypted in transit using TLS 1.2 or higher, sensitive data encrypted at rest); credential management (client-provided credentials stored securely, shared only with authorised team members, and revoked promptly on project completion); audit logging (retained for a minimum of twelve months and reviewed periodically); employee training (mandatory security awareness training on joining and annually); vendor security (sub-processors assessed before engagement and required to maintain appropriate security standards); and incident response (a documented Incident Response Plan; where a breach is likely to result in risk to individuals, we will notify the relevant supervisory authority within 72 hours of becoming aware, and affected individuals without undue delay). Our full security program is described at /responsible-ai. No security system is impenetrable. If you believe your personal data has been compromised, contact us at security@atomdigit.com.

8. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable law, regulation, or contractual obligation.

Data categoryRetention periodReason
Website visitor and cookie dataUp to 26 months from date of collectionAnalytics review cycles; statutory limitation periods
Lead and prospect contact data3 years from last contact, or until opt-outSales cycle and relationship management
Client contract and commercial records7 years from contract end dateLegal, tax, and accounting obligations
Client project data and deliverablesPer the service agreement; typically deleted or returned within 30 days of project closureContractual obligation; client IP protection
Client system access credentialsRevoked and deleted immediately upon project completionSecurity best practice
Candidate data (unsuccessful applications)6 months from end of recruitment processLimitation periods for employment claims
Employee and contractor HR recordsDuration of engagement plus 7 yearsEmployment law, tax, and statutory obligations
Security audit logs12 months minimumSecurity monitoring and incident investigation
Marketing communication recordsUntil opt-out, then deleted within 30 daysConsent and legitimate interest basis
Meeting recordings and transcripts (with consent)90 days, unless longer retention agreed in writingInternal reference; deleted thereafter

Where personal data is retained beyond these periods for legal or regulatory reasons, we will inform you of the extended retention and the reason for it.

9. Your Rights

Depending on your location and the applicable privacy law, you may have some or all of the following rights: the right to be informed, the right to access (a Data Subject Access Request, provided free of charge within 30 days of a valid request), the right to rectification, the right to erasure, the right to restriction of processing, the right to data portability, the right to object (including to direct marketing), the right to withdraw consent, and the right to non-discrimination for exercising your privacy rights.

Rights under US state privacy laws. If you are a resident of a US state with a comprehensive consumer privacy law, you may have rights to know what personal information we collect and how it is used, to access and delete your personal information, to correct inaccuracies, to opt out of the sale or sharing of personal information and of targeted advertising, and the right not to be discriminated against for exercising your rights. AtomDigit does not sell personal information. These laws currently include, among others, the California Consumer Privacy Act as amended (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), and the Utah Consumer Privacy Act (UCPA).

To exercise any of these rights, submit a request to privacy@atomdigit.com with the subject line "Data Rights Request" and sufficient information for us to verify your identity. We will respond within 30 days, or such shorter period as required by applicable law. There is no fee for standard requests. If a request is manifestly unfounded, repetitive, or excessive, we may charge a reasonable administrative fee or decline the request, with written reasons provided.

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority: in the EEA, your local Data Protection Authority; in the UK, the Information Commissioner's Office (ico.org.uk); in the USA, the Federal Trade Commission or your state Attorney General.

10. Cookies

Our website uses cookies and similar tracking technologies. We categorise cookies as strictly necessary (essential for the website to function, cannot be disabled), functional (remember preferences such as region or language), and targeting and marketing (placed by advertising networks including Google Ads, LinkedIn Insight Tag, and Meta Pixel, to build a profile of your interests). When you first visit our website, we present a cookie consent banner asking permission to set non-essential cookies. You may accept all, reject all non-essential cookies, or customise your preferences by category, and you can change your preferences at any time via the cookie settings link in our footer. See the Cookie Policy section below for full detail. If you block all cookies, some parts of the website may not function correctly.

11. Children's Privacy

AtomDigit's website and services are directed exclusively at business professionals and organisations. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have inadvertently collected personal data from a minor, we will delete it promptly. If you believe we may have collected data from a minor, contact us at privacy@atomdigit.com.

12. Third-Party Websites

Our website may contain links to third-party websites, tools, or integrations, which have their own privacy policies. We are not responsible for the content, privacy practices, or data processing activities of any third-party website. We encourage you to review the privacy policy of any third-party site you visit.

13. Changes to This Privacy Policy

We review this Privacy Policy periodically and will update it when our practices change or as required by law. The "Last Updated" date reflects the most recent revision. If we make material changes, we will provide prominent notice on our website and, where we have your contact details, notify you directly.

14. Contact Us

For privacy enquiries and data subject rights requests: privacy@atomdigit.com. For security concerns and vulnerability disclosures: security@atomdigit.com. Postal address: Atom Digit LLC, 18310 Montgomery Village Avenue, Suite 300 #1148, Gaithersburg, MD 20879, United States. We aim to respond to all privacy enquiries within 5 business days, and to resolve data subject rights requests within 30 days of receiving a valid, verified request.