ATLAS MDM is designed for authorized Android fleet management, APK deployment, activation-code validation, reseller credit control, support tickets, and consent-based remote support. This policy explains the categories of information handled by the platform and the controls expected before production launch.
We collect and process information only to operate the platform, secure accounts, verify role access, manage devices and APKs, support customers, investigate abuse, and maintain audit-ready records. We do not sell personal data. Production deployments should include a signed data processing agreement where enterprise customers require one.
This includes usernames, display names, account role, parent account, reseller hierarchy, status, credit balance, password hash, reset events, support permissions, and administrative notes. Admin may view all accounts for billing, support, security, and compliance. Resellers and sub resellers see only the data allowed by their hierarchy.
ATLAS stores device names, 8-character support IDs, Android agent state, activation code status, assigned owner, folder, last-seen timestamp, online/offline state, agent enablement, installed application summary, and command status. Activation checks should be verified by the backend each day.
Uploaded APK metadata may include file name, package name, version, file size, checksum, scanner result, signing certificate summary, manifest data, upload owner, assignment scope, and deployment history. Uploaded APKs should be quarantined until backend antivirus and static checks mark them clean.
Support tickets may contain user messages, attachment names, diagnostic details, screenshots supplied by customers, and replies from administrators or resellers. Remote support records include request time, client consent state, session route, reconnects, diagnostics, end time, and security suspension events.
Security records may include login attempts, IP address, browser/device signals, anomaly alerts, suspicious upload results, access denials, blocked-account flags, command audit events, and incident response notes. These records help protect customers and support legal compliance.
Remote support must be consent-based. The device user should see a clear Allow/Deny prompt before screen mirroring or keyboard/mouse control begins. The agent should show a visible active-session indicator and stop immediately if the client denies access, revokes consent, the session expires, a security anomaly is detected, or the operator ends the session.
Unattended access should be restricted to lawful enterprise, kiosk, or managed-device scenarios with written authorization, documented policy, and clear customer disclosure.
Data may be processed by hosting providers, security scanners, payment processors, email/SMS providers, analytics/monitoring tools, and infrastructure vendors only as needed to operate and protect the service. Reseller access remains scoped to the correct hierarchy.
Retention periods should be defined before launch. Account and device records usually remain while service is active. Audit logs, credit ledgers, APK scan results, security events, and support records may be retained longer for fraud prevention, disputes, legal obligations, and incident investigation.
Customers may request access, correction, deletion, or export subject to identity verification, contract requirements, security obligations, and legal retention rules. Some audit, billing, fraud, and security records may not be deleted immediately if needed for legitimate compliance reasons.