Legal
Privacy Policy
Last updated: March 23, 2026
This Privacy Policy explains how Atlas CRR ("Atlas," "we," "us") collects, uses, and shares information when you use the Atlas CRR platform (the "Service"). By using the Service, you consent to this Privacy Policy.
1. Scope
This policy covers information we process as a data processor (service provider) on behalf of organizations ("Customers") using Atlas, as well as information collected on our marketing site. Customers are the data controllers of Customer Data submitted through the Service and determine the purposes and means of processing that data.
If you are a resident or client whose information is included in the Service, please contact the organization that collected your information to exercise your privacy rights.
2. Information we collect
Account and organization data. Name, email, phone, job title, organization details, program details, and profile information provided during signup or onboarding.
Case and referral data. Case information, referrals, service delivery records, outcomes, and logs, including resident contact information, addresses, and optional demographic data.
Sensitive and demographic information. Depending on how your organization configures the Service, Customer Data may include sensitive categories such as date of birth, race, ethnicity, gender, insurance status (including Medicare and Medicaid enrollment), veteran status, disability indicators, housing and employment status, and information associated with referrals originating from emergency medical services, fire, or law enforcement sources. These categories are collected and processed solely at the direction of the Customer organization.
Assessment data. Responses, resident context, and referral intents submitted through internal or public assessment forms, including template configurations and submission metadata.
Communications. Messages and content sent through the Service, support requests, and marketing contact form submissions (name, company, phone, email, message, and related metadata such as user agent and referring page).
Usage and device data. Log data, IP address, device and browser information, and activity metrics used for security, rate limiting, and product analytics.
Approximate location data. On marketing pages we may infer county-level location from IP-based headers to personalize content. Within the Service, we may geocode addresses to display maps and service areas.
Cookies and local storage. We use session cookies to keep you signed in and may use local storage to support magic-link authentication.
Uploads. Organization logos and related media may be stored in cloud storage and displayed in the network directory.
3. How we use information
Provide, maintain, and improve the Service, including collaboration features.
Authenticate users, enforce permissions, and protect against abuse.
Communicate with you about the Service, updates, and support.
Analyze usage and engagement to improve product performance and marketing.
Comply with legal obligations and enforce our Terms.
4. How we share information
We do not sell personal information. We may share information:
With your organization and its authorized users to provide the Service.
With network partners according to trust tiers, assignments, and referrals you authorize in the Service.
With service providers that process data on our behalf, such as cloud hosting, email delivery, analytics, authentication, and mapping providers.
To comply with law, protect rights and safety, or in connection with a merger, acquisition, or asset sale.
In aggregated or de-identified form for analytics, reporting, or benchmarking.
Organization profiles and program details are visible to authenticated users in the network directory. Contact details are visible based on trust tier permissions.
Our current sub-processors include providers of cloud infrastructure and database services, serverless hosting, transactional email delivery, analytics and product improvement tools, content management, rate limiting and caching infrastructure, mapping and geocoding services, and bot-detection services. A current list of sub-processors is available upon request. We will use reasonable efforts to notify Customers before engaging a new sub-processor that processes Customer Data.
5. Analytics and session replay
We use analytics and session replay tools on marketing pages to understand engagement and improve our website. These tools may collect clickstream data, page interactions, and technical identifiers. Analytics are not loaded on authenticated application pages or public assessment forms unless you have affirmatively consented. Do not enter sensitive information on marketing pages unless you intend for it to be processed in this way.
6. Data retention
We retain information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Customer Data is retained in accordance with the Customer's instructions and applicable law. Upon termination of a Customer's account, Customer Data will be available for export upon written request as described in our Terms of Service, after which Atlas may delete Customer Data in accordance with its standard data management practices.
7. Security
We use administrative, technical, and physical safeguards to protect information, including encryption of data in transit and at rest, role-based access controls, audit logging of system activity, and secure session management. Atlas may update its security measures from time to time to address evolving threats and industry practices. No security measures are perfect, and we cannot guarantee absolute security.
8. Incident notification
If Atlas becomes aware of a security incident that results in unauthorized access to, or disclosure of, Customer Data, Atlas will notify the affected Customer organization without unreasonable delay and will provide sufficient information for the Customer to meet its own notification obligations under applicable law. Atlas will cooperate with the Customer's reasonable incident response efforts.
9. Your choices
You may access, correct, or delete your account information through the Service. Requests to delete organization data should be directed to your organization administrator or to Atlas. You can control cookies through your browser settings, but disabling cookies may affect Service functionality.
10. International transfers
The Service is hosted and operated in the United States. By using the Service, you consent to the processing and storage of information in the United States as permitted by law.
11. Children's privacy
The Service is not directed to children under 13, and we do not knowingly collect personal information from children.
12. Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will provide notice through the Service or by other reasonable means.
13. Contact
Questions about this Privacy Policy? Contact us at info@atlascrr.com.