— Legal

Privacy policy.
What we keep, what we don't.

Draft — pending counsel review before launch. Atrium is operated from Vienna, so GDPR applies and the wording below reflects that.

Last updated 27 May 2026

This policy explains what personal data we collect when you visit atrium.work or use the member services, why we collect it, and the rights you have under the EU General Data Protection Regulation (GDPR).

If anything below is unclear, write to privacy@atrium.work — a human will answer.

1. Data we collect

Account data — your name, email, password hash, and the plan you signed up for.

Booking data — the desks and rooms you book, the dates, and any notes you attach.

Billing data — the last four digits of your card, the billing address, and Stripe customer ID. We never see or store your full card number.

Usage data — pages you visit on atrium.work, with timestamps and a coarse-grained IP region. Used for capacity planning and abuse prevention, not advertising.

2. Why we use it

Account, booking, and billing data are used to operate the workspace and deliver the service you signed up for (GDPR Art. 6 (1) b — contract).

Usage data is used to keep the service reliable and free of abuse (GDPR Art. 6 (1) f — legitimate interest).

We never sell your data, run third-party ad pixels, or use behavioural profiling.

3. Cookies

We set one essential cookie for your member session. No analytics, no marketing trackers, no third-party cookies.

If you've signed in with Google, Google's own cookies apply on the OAuth screen — not on our pages.

4. Who we share with

Stripe — to process payments. Stripe is GDPR-compliant and processes data on our behalf under a Data Processing Agreement.

Hetzner Cloud (Germany) — our infrastructure provider. All data is stored in EU data centres.

Postal — our transactional email provider (booking confirmations, password resets). Self-hosted on the same EU infrastructure.

We never share your data for marketing or analytics purposes.

5. How long we keep it

Account data — for as long as the account is active, plus 30 days after closure.

Billing data — 7 years, the retention period required by Austrian tax law.

Usage logs — 90 days, rolling window.

6. Your rights

Under GDPR you can request a copy of the data we hold about you, ask us to correct it, or ask us to delete it. Write to privacy@atrium.work.

If you're not happy with how we handle a request, you can file a complaint with the Austrian Data Protection Authority (datenschutzbehoerde.gv.at).

7. Contact

Privacy questions: privacy@atrium.work

Postal address: Atrium Workspace, Praterstraße 14, 1020 Vienna, Austria.