Privacy and data handling
Private by structure, clear by default.
Payout Atlas uses an app-owned account to identify each user and match that account to one or more approved organizations. Signing in alone never grants access to an upline workspace.
Manual estimates
Manual payout estimates are calculated on the server and returned to the signed-in workspace. This version does not save those estimates to a ledger or browser storage.
Browser inspection
Anything sent to a browser can be inspected by the person using it. Payout Atlas protects private information by not sending team names, compensation percentages, hierarchy, or results until the server verifies both the account and its organization membership.
Sign-in data
Accounts use an email or username and a password. Passwords are stored only as salted, one-way PBKDF2 hashes. Session secrets are held in secure, HTTP-only cookies, while the database stores only a hash of each session secret.
Application secrets
Runtime secrets are configured only on the server and are excluded from browser bundles and source control. Public project identifiers are not treated as credentials, and no password or API credential is embedded in the front end.
Private calculator configuration
Approved team, hierarchy, carrier, and compensation configuration is stored in organization-scoped server data. The browser receives only the authorized options and results needed for the current workspace.
Account activation
There is no public sign-up form. Authorized owners create one-time activation links. The link token is exchanged for a short-lived HTTP-only cookie and removed from the visible address before the password form appears.
Statement storage
Carrier statements, parsed policy rows, payout snapshots, and transaction history are stored inside the organization that uploaded them. The server re-parses the original file before saving, and organization membership is checked on every parse, calculation, save, and history request.