The FAQ pages will be revised once 50 paying customers have onboarded.
How do I share part of my atlas with someone outside the team?
Use a Guest Pass. Guest Passes → New Guest Pass, or click Share on any section. A pass is a time-limited, scope-limited link granting read access to a specific part of the atlas. The recipient does not need an account. See Guest Passes explained.Can someone forward a Guest Pass to a third party?
By default, no. Forwarding is disabled per pass. Even if the link is shared, the link recognises the original recipient’s session and asks unfamiliar sessions to request access. The brand owner can enable forwarding per pass; this is not the default and rarely the right choice.How do I see who has accessed a Guest Pass?
Open the pass in Guest Passes → Active and click Access log. Every view is recorded with timestamp, IP, approximate location, and the pages viewed. The full access log across all passes is in Settings → Brand Record → Access log. See Expiring links and access logs.What is the difference between a team member and a guest?
A team member has an account on Brand Atlas, occupies a seat on your tier, can search, can (on Keeper and Guardian) raise Update Requests, and persists across sessions. A guest accesses through a Guest Pass, has no account, sees only the scope of the pass, and disappears when the pass expires. For long-term collaborators, team member. For specific external use cases (a printer, a partner, a one-time reviewer), Guest Pass.Can I require two-factor authentication for my team?
Yes, on Guardian. Settings → Security → Require 2FA. All team members are required to enable 2FA on next sign-in. Until they do, their access is suspended. The supported second factors are authenticator app, passkey, and hardware security key. SMS is not supported. On Keeper, 2FA is per-user (each team member can enable it themselves but it is not required atlas-wide).Does Brand Atlas use encryption?
Yes:- In transit. TLS 1.2 or 1.3 on every connection.
- At rest. AES-256 or equivalent across all storage. API keys and other sensitive material are additionally protected through Supabase Vault.
- Backups. Encrypted at rest with separate keys.
Where is my data stored?
Primary storage is in the European Union (Supabase EU region). The portal and CDN serve from globally distributed edge locations. For Guardian customers with specific data-residency requirements, alternative regions are available on request. See the Privacy Policy for the formal description.Do you process my data outside the EU?
In specific cases:- AI processing. Henry and Oswald send the relevant brand-record context to their respective AI providers, which process the content in their hosted infrastructure (currently US-based for both OpenAI and Anthropic; Gemini has multi-region options).
- Stripe. Billing processing happens through Stripe’s infrastructure.
- Email delivery. Notification emails are sent through an email provider with global delivery infrastructure.
Who owns the brand material I upload?
You do. Brand Atlas takes the licence necessary to operate the service (host, serve, back up, and process the material to provide the product), and nothing more. We do not have a training licence on your content. We do not use your content to improve our product. We do not share your content with third parties except as needed to operate the service (the sub-processors above), and we do not sell your content. See Customer content and IP.Can I export my data?
Yes. Settings → Brand Record → Export. Three formats: PDF milestone (printable), MDX bundle (reversible into another atlas), JSON record (structured machine-readable). Available on every tier, including Scout. See Cancelling and exporting.What if I want my data deleted?
Two paths:- Cancel the subscription and let the grace period elapse. Standard flow. The brand record is deleted 30 days after the subscription ends.
- Request immediate deletion. Write to legal@brandatlas.pro. The brand record is removed from active systems immediately; backups age out per the retention policy.
What happens to my data if Brand Atlas closes?
We do not plan to close. If circumstances ever required it:- Customers would be notified 90 days in advance.
- Exports would be enabled at no cost during the notice period.
- The product would continue to operate through the notice period.
- After the notice period, data would be deleted in line with the standard retention policy.
Can I report a security issue?
Yes. Write to security@brandatlas.pro. We have a public vulnerability disclosure policy with safe-harbour terms; see Vulnerability Disclosure. Asecurity.txt is published at brandatlas.pro/.well-known/security.txt.
Is Brand Atlas SOC 2 / ISO 27001 certified?
Not yet. Both are on the roadmap. The Security Overview describes the controls we run today. Customers needing a specific certification today should write to security@brandatlas.pro for the current status.Related pages
Guest Passes explained
The full reference.
Security Overview
The security details.
Privacy Policy
Personal data handling.