Data handling
Where your client briefs and proposals live, who can read them, and how to get them out.
Data handling
Your data lives in your workspace, on Supabase Postgres. You can pick a region. You can export or request deletion at any time.
The 30-second version
AtelyaOS is hosted on Supabase Postgres. Each workspace is tagged with a logical data region (US, EU, Middle East, or Asia Pacific). Sensitive fields — message content, OAuth tokens, integration credentials — are encrypted at rest with libsodium authenticated encryption. You can export your workspace data or request deletion via the DSAR flow under Settings → Data residency.
Why this matters
Marketing agencies hold client confidential information — internal communications, financials, unannounced launches. The minimum bar for an AI tool that handles that data is: clarity on where the data lives, what's encrypted, and how to get it out. This page covers all three.
How it works
Where your data lives
- Database: Supabase Postgres.
- File storage: Supabase Storage (bucket-scoped, private by default).
- Region: configurable per workspace from Settings → Data residency.
Region options
You can pick from four logical regions:
| Region code | Display name |
|---|---|
us | United States (Virginia) — default |
eu | European Union (Frankfurt) |
me-south | Middle East (Bahrain) |
ap-northeast | Asia Pacific (Tokyo) |
Today's region selection is logical — it tags your workspace and influences default LLM provider region routing, certifications metadata, and applicable legal context. Physical separation (a separate Supabase project per region) is on the roadmap. The current implementation is documented as Phase 1.
If you have a hard requirement for physical regional isolation today, talk to sales (Enterprise tier).
[SCREENSHOT: data residency settings page showing region picker]
What's encrypted
Sensitive fields are encrypted with libsodium secretbox (XSalsa20-Poly1305 authenticated encryption) using a per-record nonce. The master key is supplied via environment variable; KMS / Vault-backed keys are on the roadmap.
Encrypted fields include:
- Message content in conversations.
- OAuth tokens for Notion, Google, Slack, and Meta integrations.
- Custom webhook API keys.
- MCP client credentials.
- WhatsApp tokens.
Database transport is over TLS (1.2+, enforced by Supabase). Application-to-browser transport is over TLS (1.2+, enforced by the host).
For the full breakdown, see encryption.
Who can read your data
- You and your workspace members. Roles (
owner,admin,member,viewer) gate read/write access at the application layer. - AtelyaOS engineering: only with operational need. Logs scrub PII before any error report.
- LLM providers: prompt content goes to the configured provider (Anthropic Claude) when an agent runs. See no training on data.
- Stripe: receives billing metadata (customer ID, plan, payment) — not workroom content.
Exporting your data (DSAR)
From Settings → Data residency → Data subject requests:
- Click Create request → type Access.
- Confirm.
- AtelyaOS produces a JSON export (user, workspace, workrooms, messages, audit log) and uploads it to a private bucket.
- You receive a 7-day signed URL by email.
Encrypted message content remains encrypted in the export — it's a structured snapshot for porting or audit, not a plaintext dump.
Response times depend on jurisdiction; the EU GDPR clock is 30 days. The runbook is the same regardless.
Deleting your data
Same panel, type Deletion. Behaviour:
- Your user row is pseudonymised (email replaced with
deleted-<uuid>@deleted.invalid, display name set toDeleted User, language preference cleared). - Workspace data is processed per the DSAR runbook.
A separate one-click "Delete my account" button outside the DSAR flow is coming soon. For now, DSAR is the supported path.
A 30-day automatic post-cancellation purge is not implemented today. Cancellation drops your subscription to the Free Trial; it doesn't delete data. To delete after cancelling, file a DSAR.
Auditing access
The Activity page shows every meaningful event in the workspace — plan changes, agent edits, exports, DSAR requests. CSV export is available from the Insights page.
Common pitfalls
- Assuming region selection is physical. It's logical (Phase 1). For physical isolation today, talk to sales.
- Treating the DSAR JSON as a Markdown export. It's structured data for porting or audit, not a re-printable proposal. To port a proposal, re-export the workroom to
.docx. - Filing for deletion before exporting. Deletion isn't reversible. Pull an Access export first, verify you have what you need, then file the deletion.
- Skipping the audit log. It's the cheapest way to find out who did what. Use it before asking support.
What's next
- Encryption — the algorithm details.
- Compliance — GDPR, SOC 2, HIPAA, ISO 27001 status.
- No training on data — what AtelyaOS and its LLM providers do with your prompts.