Atlas Legal Document
Data Practices and Retention Notice
Canonical public copy of the Atlas notice that explains document retention, deletion-request handling, and operational safeguards for patient data.
1. Retention posture
Atlas retains account, audit, signed-document, records, and billing artifacts for as long as reasonably necessary to support the active matter, legal compliance, security review, dispute resolution, and required archival duties.
Retention periods may differ by data class, customer configuration, legal hold, and jurisdiction. When a law firm or provider is entitled to a specific archive tier, Atlas applies that retention posture to the affected workflow data.
Atlas may retain immutable audit events, acceptance records, signing evidence, payment ledger entries, and security logs after ordinary account data is restricted or deleted when needed to prove workflow integrity or satisfy compliance duties.
2. Deletion requests
Users may request account and associated platform-data deletion from authenticated account settings. Atlas records the request, reviews whether any legal or operational retention duty still applies, and then either processes or declines the request with an audit trail.
Where Atlas cannot fully delete information immediately, Atlas may restrict use, retain only the minimum data necessary to satisfy the applicable obligation, and document the reason the request could not be completed in full.
Deleting a user account does not automatically delete records retained by a provider, law firm, payment processor, records custodian, or other recipient that received the information under a valid workflow.
3. Standard safeguards
Atlas applies role-based access control, tenant isolation, audit logging, secure transport, session expiration, and document-level signing evidence to protect sensitive case, records, and billing workflows.
Atlas uses administrative, technical, and operational controls designed to support HIPAA-sensitive workflows, including scoped organization permissions, tenant-aware queries, security monitoring, and controlled production access.
Atlas may preserve backup, disaster-recovery, and archival copies for limited periods before scheduled overwrite or destruction. These copies remain subject to access controls while retained.
4. Exports, wind-down, and versioning
Atlas may provide exports, signed artifacts, and records packets to authorized organizations during normal operations or account wind-down, subject to identity, authority, and payment verification.
Atlas may update this notice as retention rules, product features, or legal obligations change. Material changes are versioned so Atlas can record which notice a user acknowledged during onboarding.
5. Operational discretion and preservation
Atlas may preserve records, disable deletion, restrict exports, or retain additional evidence when Atlas reasonably believes it is necessary for security review, fraud prevention, payment disputes, abuse investigation, litigation hold, regulatory inquiry, patient safety, or contractual enforcement.
Atlas may decline, delay, or narrow a request that would expose another person's data, impair a legal duty, undermine audit integrity, remove payment or signing evidence, disrupt an active matter, or require Atlas to alter a record that must remain complete.
Atlas is not responsible for deleting, retrieving, correcting, or controlling copies that were already exported, downloaded, transmitted, or retained by providers, law firms, payment processors, records custodians, communications vendors, or other authorized recipients.
This page is the canonical Atlas web copy for the current onboarding document version. If your organization needs a countersigned copy or negotiated amendment, use your normal Atlas implementation channel.