Atriux

Privacy & security

How Atriux handles your data, your project's data, and the AI-generated code that runs on the platform. This page is the technical companion to Privacy and Terms.

What Atriux stores about you

  • Account: name, email, OAuth provider ID, profile image URL — pulled from your sign-in provider (Google).
  • Profile: display name, optional handle, optional bio. You control these on Settings.
  • Credits + transactions: balance, top-ups, per-call deductions tagged with project_slug so you can audit spend.
  • Creator data (only if you enroll): payout method (encrypted), lifetime earnings, pending balance. See Payout methods.
  • Tax data (only past $600 US lifetime): W-9 fields with SSN/EIN encrypted at rest. See Tax forms.
What we don't collect: third-party trackers, ad-network cookies, fingerprints, or analytics that follow you off-platform. Atriux uses first-party session cookies only.

What projects can see about their users

Projects are sandboxed iframes. The @atriux/runtime SDK exposes only:

  • useUser(){ id, name, email, avatar }. The id is a stable per-user UUID. Email and name come from the user's account.
  • useProjectData() → row-level data the user has saved on this specific project. Scoped per-project; one project cannot read another's rows.
  • useDataAgent() → an AI helper the project can use to summarize the user's data. The agent runs server-side; the project doesn't see your raw API key.

The runtime does not expose: your credit balance, your other projects, your payment method, your tax data, your handle, your DOB, or any session cookies. Projects can't initiate network calls outside the runtime — the iframe runs with sandbox="allow-scripts" and no allow-same-origin, which kills cross-origin fetch by default.

The five-layer sandbox

Generate-mode projects run AI-authored code. We don't trust LLM output, so the runtime defends in depth:

  1. Filesystem isolation. Each project compiles to its own bundle. The build runner has no access to the host filesystem — it reads from a project-scoped virtual FS.
  2. Import allowlist. Only @atriux/runtime, react, and a tiny vetted set of utility imports resolve. Anything else fails the build.
  3. Static-analysis lint. Pre-build pass rejects eval, Function constructors, dynamic import(), raw fetch, and other escape hatches.
  4. esbuild compilation. Source is bundled to a single ESM file. No source maps shipped to the client.
  5. Iframe sandbox. Final bundle runs in an iframe with sandbox="allow-scripts". The parent and child communicate only via a closed-set postMessage RPC protocol.
The sandbox is the threat boundary. If the lint pass misses something, the iframe still contains the blast radius — escaping both requires breaking V8. We treat any compromise across the iframe boundary as a critical incident.

Encryption at rest

  • SSN / EIN (W-9): AES-256-GCM with a 32-byte hex key held in a Vercel env var.
  • Bank account + routing numbers: same scheme, same key.
  • OAuth refresh tokens: stored encrypted by NextAuth's default adapter.
  • Database passwords + API keys: never in code; all in Vercel env / Neon-managed secrets.

Decryption only happens server-side, only at the moment a downstream system needs the value (payout dispatch, 1099 generation). Decrypted values never appear in logs, never round-trip to the client, and never leave the dispatching server.

Authentication

  • Sign-in via Google OAuth (NextAuth v5).
  • Session cookies are HTTP-only, Secure, SameSite=Lax.
  • No passwords stored — Atriux never sees your Google credentials.
  • Sign-out clears the session cookie and bounces you to /.

Account deletion

On SettingsDelete account:

  • Your user row is soft-deleted (deleted_at timestamped). You're signed out and locked out of sign-in.
  • Your projects are unpublished and hidden from the public catalog.
  • Your data on other creators' projects (rows in their per-project tables) is anonymized to a placeholder user.
  • Hard deletion of personally-identifying fields (email, name, image URL, OAuth ID, profile data) runs in a 30-day cron job.
  • Tax records are retained for the IRS-mandated retention period (currently 7 years), then hard-deleted.

Want a faster hard-delete or an export of everything we have on you? Email rhimaaron@gmail.com.

Submission gate & AI moderation

Before a project goes public, the submission gate (Phase 10) inspects its name, description, and source for content that would violate the Terms. The gate is a heuristic prefilter plus a Claude Haiku evaluator. If it flags the project, the project lands in unlisted status and the creator sees the reason on the project page.

The gate fails open: if the API call errors, the project ships as public. We'd rather have a small number of false negatives than silently unlist legitimate work on transient infrastructure flakes.

Logs & metrics

  • Structured logs: request method, path, status, duration, user ID. No PII bodies.
  • Error logs: stack traces, error messages. Scrubbed of secrets via a deny-list before write.
  • Metrics: aggregate counters only (e.g. "daily active creators", "credits spent today"). No per-user dashboards exposed externally.
  • Retention: 30 days for hot logs, 90 days for cold archive, then deleted.

Reporting a security issue

Email rhimaaron@gmail.comwith details and a proof-of-concept. We aim to triage within 48 hours and ship a fix or mitigation within 7 days for high-severity issues. We don't currently run a public bug bounty, but legitimate reports get acknowledged and credited (with permission) in the changelog.

Next: Changelog →