Security and Data
Public discovery and account-owned research stay separated.
Atlas has a public crawlable layer and a signed-in research layer. The docs must make that distinction clear before the user trusts saved reports, receipts, and exports.
PublicHome, docs, notes, market hubs, and symbol pages are designed to be readable by crawlers.
PrivateSaved files, watchlist items, receipts, and usage state belong to the authenticated account.
ReceiptsEmail confirms a completed artifact and should not expose private state outside the recipient context.
No brokerAtlas does not require broker credentials because it does not execute trades.
Data Boundary Matrix
| Surface | Public or account-owned | Rule |
|---|---|---|
| Docs, home, notes, public market pages | Public | Readable without login and stable for SEO. |
| Saved reports and review state | Account-owned | Scoped by signed-in account. |
| Watchlists | Account-owned | Only the current account's watchlist should drive Today state. |
| Email receipts | Recipient-owned | Receipt links should identify the completed artifact without exposing another user's history. |
| PDF/CSV exports | Artifact-owned | Reflect the completed file and source trail. |
Security Limits
- Atlas does not connect to brokerage accounts.
- Atlas does not ask for exchange keys to run research.
- Atlas public pages should not leak signed-in account state.
- Support should resolve account issues without changing research boundaries.