COALS

Privacy Policy

Last Updated: January 18, 2026

COALS AI is a platform operated by Insaan LLC ("we", "our", or "us"). We operate the AtomC web application (coals.ai), AtomC mobile application (iOS and Android), and AtomC desktop application (macOS, Windows, and Linux). This Privacy Policy explains how we collect, use, store, and protect your information across all platforms.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (optional)
  • Password (securely hashed, never stored in plain text)
  • Profile photo (optional)

If you sign in using Apple Sign-In or Google Sign-In, we receive:

  • Your name and email address from the authentication provider
  • A unique identifier from the provider (not your password)

1.2 Device Information & Identifiers

We collect device information to provide and secure our services:

  • Web: Session identifiers, IP address, browser type, and user agent
  • Mobile: Device identifier, platform (iOS/Android), app version
  • Desktop: Device identifier, operating system, hostname, app version

Device identifiers are used to authenticate your sessions and are transmitted with each request.

1.3 Usage & Billing Data

We track usage to manage your subscription and credits:

  • Subscription plan (Free, Pro, or Max)
  • Token usage (input and output tokens consumed)
  • Credit balance and transaction history
  • Feature usage (chat requests, image generations, web searches)
  • Team/organization association (if applicable)

1.4 Conversation Data

  • Messages you send to AtomC are processed to generate AI responses
  • Web: Conversation history is stored on our servers to enable features like conversation history, continuation across sessions, and feedback collection
  • Mobile & Desktop: Conversation history is stored locally on your device and transmitted to our servers during active sessions

You can delete individual conversations or all conversation history at any time.

1.5 Images & Media

  • Uploaded images: Temporarily stored on Amazon S3 for processing, then deleted after analysis is complete
  • Generated images: Stored on our servers and accessible through your account
  • Mobile: Images attached to conversations may be saved locally on your device in the app's documents folder

1.6 Voice Input (Mobile Only)

If you use voice-to-text features:

  • Audio is processed for speech recognition
  • We do not store audio recordings
  • Transcribed text is handled the same as typed messages

1.7 Feedback & Ratings

When you rate AI responses (thumbs up/down) or provide feedback:

  • Your rating and optional feedback text
  • The associated user message and AI response
  • The AI model used for that response

This data helps us improve response quality.

2. How We Store Your Data

2.1 Server Storage

Data stored on our servers includes:

  • Account information and authentication tokens
  • Conversation history (web platform)
  • Usage records and billing data
  • Feedback and ratings
  • Generated images

2.2 Local Storage by Platform

Platform Storage Location Security
Web Server-side only (browser session cookies) HTTPS, HTTP-only cookies
Mobile Secure storage (tokens), app storage (conversations) iOS Keychain / Android Keystore for tokens
Desktop ~/.coalcode/config.json File system permissions

Important for Desktop users: Authentication tokens and conversation history are stored in a configuration file that is not encrypted. Protect access to your computer accordingly.

2.3 Data Retention

  • Conversations: Retained until you delete them or delete your account
  • Usage records: Retained for billing and service improvement purposes
  • Feedback: Retained to improve AI quality
  • Account data: Retained until account deletion

3. How We Use Your Information

We use your information to:

  • Provide AI assistant services and generate responses
  • Process payments and manage subscriptions
  • Authenticate your identity and secure your account
  • Improve service quality through feedback analysis
  • Ensure platform safety and enforce our terms of service
  • Send important service updates and notifications
  • Comply with legal obligations

4. Content Safety & Moderation

We are committed to preventing misuse of our platform. Our systems automatically scan content to detect and prevent:

  • Child sexual abuse material (CSAM)
  • Violent extremist content
  • Terrorist content

4.1 What Happens During a Violation

When our systems detect a potential policy violation:

  1. First occurrence: A warning is logged
  2. Repeated violations: Additional data is collected for investigation
  3. Continued violations: Your account may be automatically suspended

4.2 Data Collected During Violations

For safety and legal compliance, we may collect:

  • Your account information (user ID, email, name)
  • IP address and device information
  • The content that triggered the violation
  • Timestamp and session details

4.3 Law Enforcement Cooperation

We may report violations involving illegal content (particularly CSAM) to the National Center for Missing & Exploited Children (NCMEC) and appropriate law enforcement agencies, as required by law. Forensic data collected during serious violations may be preserved and shared with authorities.

5. Web Search Feature

When AtomC performs web searches on your behalf:

  • Our AI generates search queries based on your conversation context
  • Your original messages are not sent directly to search providers
  • AI-generated queries are executed through DuckDuckGo
  • Search results are fetched and summarized by our AI
  • We do not store your search history

This approach protects your privacy by ensuring your actual questions and messages are not shared with third-party search providers.

6. Third-Party Services

We use the following third-party services:

Service Purpose Data Shared
DuckDuckGo Web search AI-generated search queries only
Stripe Payment processing (Web) Payment information, billing details
RevenueCat Subscription management (Mobile) Purchase history, subscription status
Apple Sign-In Authentication Name, email, identity token
Google Sign-In Authentication Name, email, identity token
Amazon S3 Image storage Uploaded and generated images (temporary)

We do not sell your personal information to third parties.

7. Data Security

We implement multiple layers of security:

7.1 Encryption in Transit

All data transmitted between your device and our servers is encrypted using HTTPS/TLS.

7.2 Request Signing

Mobile and desktop applications use HMAC-SHA256 request signing with cryptographic nonces to prevent request tampering and replay attacks.

7.3 Authentication Security

  • Passwords are securely hashed using industry-standard algorithms
  • OAuth tokens are hashed before storage on our servers
  • Sessions expire after periods of inactivity

7.4 Infrastructure Security

  • Regular security audits
  • Access controls and monitoring
  • Secure cloud infrastructure

8. Your Rights & Controls

8.1 Access Your Data

You can view your account information, conversation history, and usage data through your account settings.

8.2 Delete Your Account

You can delete your account at any time through the app or by contacting us. Account deletion removes:

  • Your account information
  • Server-stored conversation history
  • Usage records associated with your account
  • Feedback you have provided

Note: Local data on mobile and desktop devices must be cleared separately by uninstalling the app or manually deleting the configuration files.

8.3 Delete Conversations

You can delete individual conversations or clear all conversation history from within the app.

8.4 Opt Out of Communications

You can opt out of non-essential communications through your account settings or by contacting us.

8.5 Data Portability

To request a copy of your data, contact us at privacy@coals.ai.

9. Platform-Specific Information

9.1 Mobile App

  • Permissions requested: Camera (for photo capture), Photo Library (for image selection), Microphone (for voice input)
  • Biometric authentication: If you use Face ID, Touch ID, or fingerprint authentication through Apple or Google Sign-In, biometric data is processed entirely on your device and never transmitted to us

9.2 Desktop App

  • File system access: The desktop app can read and write files on your computer when you explicitly request it through the AI assistant
  • Command execution: The desktop app can execute commands on your computer when you explicitly request it
  • Auto-updates: The app checks for updates on startup, transmitting your current version and platform information

10. Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete that information.

11. International Data Transfers

Your data may be transferred to and processed in the United States, where our servers are located. By using our services, you consent to this transfer. We implement appropriate safeguards to protect your data in accordance with this Privacy Policy.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via:

  • Email notification
  • In-app notification
  • Notice on our website

The "Last Updated" date at the top indicates when the policy was last revised.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights:

Email: privacy@coals.ai Website: https://coals.ai/support

Insaan LLC Sacramento, CA, USA