ATLAS Security
Menu

Security and Data

Public discovery and account-owned research stay separated.

Atlas has a public crawlable layer and a signed-in research layer. The docs must make that distinction clear before the user trusts saved reports, receipts, and exports.

PublicHome, docs, notes, market hubs, and symbol pages are designed to be readable by crawlers.
PrivateSaved files, watchlist items, receipts, and usage state belong to the authenticated account.
ReceiptsEmail confirms a completed artifact and should not expose private state outside the recipient context.
No brokerAtlas does not require broker credentials because it does not execute trades.

Data Boundary Matrix

SurfacePublic or account-ownedRule
Docs, home, notes, public market pagesPublicReadable without login and stable for SEO.
Saved reports and review stateAccount-ownedScoped by signed-in account.
WatchlistsAccount-ownedOnly the current account's watchlist should drive Today state.
Email receiptsRecipient-ownedReceipt links should identify the completed artifact without exposing another user's history.
PDF/CSV exportsArtifact-ownedReflect the completed file and source trail.

Security Limits