Only what helps us serve you.
When you become a patron, we collect the information needed to do the work — your name, your email, your business details, the patrons you serve, and the work product Bob and Alice generate on your behalf.
When you visit the workshop without becoming a patron, we collect basic analytics — pages visited, browser type, anonymized IP — to understand how visitors find us.
Data categories we may collect include contact details, account and billing records, business and project context you provide, work product generated during service delivery, support correspondence, and limited technical usage data (such as browser type, pages viewed, and IP-derived region). We use only essential site technologies and basic measurement tools needed to operate and improve the site.
When you connect Atelier to ChatGPT, Codex, Claude, or another MCP client, we also process the account identity needed to authenticate you, the site files you ask Bob to read or edit, audit records of tool calls, and the live site URL and repository slug associated with your account. We use that data only to confirm that you own the site, perform the requested edit, keep an audit trail, and recover or publish the site when asked.
To do the work.
The information we collect is used for one thing: to deliver the patronage you’ve hired us for. Bob needs your business context to build your site. Alice needs your patron list to draft follow-ups. The principal needs your history to give you good counsel.
We don’t repurpose your data. We don’t enrich it for advertising. We don’t sell it. We don’t share it with anyone other than the service providers we need to operate (hosting, payments, email delivery, authentication, database storage, source control, and secure traffic routing), who are bound by confidentiality.
For connected-app site editing, those providers may include Clerk for login, Supabase for account/site mapping, GitHub for the customer site repository, Cloudflare for secure routing, and OpenAI or Anthropic as the client surface you choose to use.
Our processing is based on service delivery, legitimate operational interests, and legal obligations where required. If a jurisdiction requires consent for specific processing, we rely on consent for that processing.
Three commitments.
- We don’t sell your data. Not to anyone, ever.
- We don’t track you across the internet. No third-party advertising trackers, no fingerprinting, no cross-site identity stitching.
- We don’t enrich your data with third-party sources. What you tell us is what we know.
We’re a processor, not a controller.
When Alice manages your CRM or your customer comms, the data she handles is your patrons’ data — and you’re the controller of it. We process it on your instruction and don’t use it for any other purpose.
Where required, we handle that data under a written data-processing agreement describing confidentiality, security, subprocessors, and deletion/return obligations.
How to reach us about your data.
To request a copy of your data, ask us to delete it, or correct it, write to us:
We respond within seven days. If you’re in a jurisdiction with formal data-subject rights (GDPR, CCPA, etc.), we’ll handle requests within the timeframes those laws require.
You may request access, correction, deletion, export, or restriction of your personal data, and may object to certain processing where local law provides that right. If local law gives you an appeal path or regulator complaint right, you may use it.
Updates to this notice.
When we make material changes to how we handle data, we’ll update this page and tell patrons by email. The effective date below tracks the most recent version.
Effective date: 2026-05-31