Last updated: June 26, 2026

1. Who we are

Silkweave is operated by Atomic BI Pte. Ltd., a company incorporated in Singapore ("Atomic", "Silkweave", "we", "us", or "our"). We are the data controller responsible for the personal data described in this policy. You can reach us at any time at tobias.strebitzer@atomic.bi.

2. What this policy covers

This policy applies to the Silkweave website at silkweave.dev and to any hosted Silkweave accounts, dashboards, or services that link to it (together, the "Service"). It covers the data we process when you visit the site and when you sign in using a third-party identity provider such as Google or GitHub.

The Silkweave open-source packages you install from npm and run on your own machines do not send your data to us. This policy is about the hosted website and sign-in, not the libraries you self-host.

3. Information we collect

Information from sign-in providers

When you choose "Sign in with Google" or "Sign in with GitHub", we ask that provider only for a narrow, identity-level set of data. We request the minimum scopes needed to sign you in, and we receive:

  • your name (or display name) as held by the provider;
  • your email address (the verified primary address);
  • your profile picture / avatar URL, if available;
  • a stable account identifier from the provider (the Google account ID / OpenID sub, or the numeric GitHub user ID) that lets us recognise you on return.

We do not request access to your contacts, files, repositories, calendar, or any other content. From Google we request only the openid, email, and profile scopes; from GitHub only read:user and user:email.

Information you provide

If you contact us, fill in a form, or configure your account, we keep what you send us (for example your message, support requests, or account settings).

Information collected automatically

Like most websites, our servers and infrastructure providers record basic technical data when you use the Service: IP address, browser and device type, pages requested, timestamps, and similar log data. We use this for security, debugging, and to keep the Service running. We do not use third-party advertising or cross-site tracking cookies.

4. How we use your information

  • To sign you in and run your account - to authenticate you, create and maintain your user record, and keep you logged in across sessions.
  • To provide the Service - to deliver the features you ask for and remember your settings.
  • To communicate with you - to respond to support requests and send essential service notices (we do not send marketing email without your consent).
  • To keep things secure - to detect, prevent, and investigate abuse, fraud, and security incidents.
  • To meet legal obligations - where we are required to retain or disclose data by applicable law.

We process your personal data in line with Singapore's Personal Data Protection Act (PDPA). Where the EU/UK General Data Protection Regulation (GDPR) applies to you, our legal bases are:

  • Performance of a contract - to provide the Service you have signed in to use;
  • Consent - which you give by choosing to sign in with a provider, and which you can withdraw at any time;
  • Legitimate interests - to secure, maintain, and improve the Service, balanced against your rights;
  • Legal obligation - where the law requires us to process data.

If you are in California, you have rights under the CCPA/CPRA; see Your rights and choices below. We do not "sell" or "share" personal information as those terms are defined under California law.

6. Google user data and Limited Use

Silkweave's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We use the Google profile and email data we receive solely to authenticate you and operate your account. We do not transfer this data to others except as needed to provide the Service, comply with law, or as part of a merger or acquisition; we do not use it for advertising; and we do not allow humans to read it except with your consent, for security, or where required by law.

7. How we share information

We do not sell your personal data. We share it only in these limited cases:

  • Service providers - infrastructure, hosting, and database providers who process data on our behalf under contract and only on our instructions.
  • Identity providers - Google and GitHub, when you choose to sign in through them (governed by their own policies, linked below).
  • Legal and safety - where we believe in good faith that disclosure is required by law or necessary to protect rights, safety, or the integrity of the Service.
  • Business transfers - if Atomic is involved in a merger, acquisition, or sale of assets, your data may transfer as part of that transaction, subject to this policy.

8. Data retention

We keep your account data for as long as your account is active. If you delete your account or ask us to erase your data, we delete or anonymise it within a reasonable period, except where we must retain certain records to meet legal, accounting, or security obligations. Technical log data is kept only for a short period for operational and security purposes.

9. International data transfers

We are based in Singapore and our providers may process data in other countries. Where we transfer personal data across borders, we take steps to ensure it receives a comparable standard of protection, as required by the PDPA and, where applicable, the GDPR (for example through recognised transfer mechanisms or contractual safeguards).

10. How we protect your information

We use industry-standard safeguards - encryption in transit (HTTPS), access controls, and reputable infrastructure providers - to protect your data. We never receive or store your password for Google or GitHub; authentication happens entirely on their systems. No method of transmission or storage is perfectly secure, but we work to protect your data and to respond promptly to any incident.

11. Your rights and choices

Depending on where you live, you may have the right to:

  • access the personal data we hold about you;
  • correct inaccurate or incomplete data;
  • request deletion of your data;
  • withdraw consent or object to certain processing;
  • request a copy of your data in a portable format;
  • revoke Silkweave's access from your Google account or GitHub authorised applications at any time.

To exercise any of these rights, email us at tobias.strebitzer@atomic.bi. We will respond within the period required by applicable law. You also have the right to lodge a complaint with your local data protection authority (in Singapore, the Personal Data Protection Commission).

12. Cookies and similar technologies

We use only the cookies necessary to keep you signed in and to keep the Service secure (for example a session cookie). We do not use advertising or cross-site tracking cookies. You can clear or block cookies in your browser, but doing so may stop sign-in from working.

13. Children's privacy

The Service is not directed to children, and we do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

14. Third-party services

Sign-in relies on Google and GitHub, each of which handles your data under its own policy. We encourage you to read them:

15. Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you. Your continued use of the Service after a change takes effect means you accept the revised policy.

16. Contact us

If you have questions about this policy or how we handle your data, contact us at:

Atomic BI Pte. Ltd.
Email: tobias.strebitzer@atomic.bi