Atlas Legal Document
Privacy Policy
Canonical public copy of the Atlas privacy policy describing what account, care-coordination, and records workflow data Atlas collects and how it is used.
1. Information Atlas collects
Atlas collects account details, contact information, matter and workflow metadata, care coordination activity, signed documents, and records or billing files that users or authorized organizations choose to place in the platform.
Atlas may collect patient intake details, injury or treatment workflow details, provider location and credentialing information, law-firm matter metadata, records request history, invoice and payment metadata, communications preferences, and signed authorization evidence.
Atlas also collects standard security and operational telemetry, including login events, device or browser metadata, IP-derived security signals, audit history, support metadata, and first-party product-improvement telemetry needed to protect accounts, troubleshoot reliability, and improve Atlas workflows.
Atlas uses essential cookies plus first-party security, reliability, and product-improvement telemetry. Atlas does not use advertising cookies, cross-site tracking cookies, third-party tracking pixels, session replay, or third-party analytics scripts in authenticated healthcare or legal workflows.
2. How Atlas uses information
Atlas uses information to provide patient onboarding, provider discovery, treatment coordination, records retrieval, billing workflow, account security, customer support, legal compliance, and platform operations.
Atlas may use information to route patients to participating providers, prepare signature packets, coordinate records and invoices, support law-firm matter workflows, enforce tenant permissions, prevent fraud, troubleshoot errors, and maintain audit trails.
Atlas may share information with law firms, providers, records processors, payment processors, cloud vendors, email or communications providers, support vendors, and other service providers only as reasonably necessary to deliver the requested workflow or comply with law.
3. Protected health information and consent-driven sharing
Some Atlas workflows involve protected health information or other sensitive health information. Atlas handles that information under the applicable authorization, Business Associate Agreement, provider agreement, law-firm instruction, patient direction, or legal requirement.
Atlas does not sell protected health information, matter data, or patient records. Atlas may disclose this information only for the requested workflow, service operation, security, legal compliance, or another permitted purpose described in the governing agreement.
Where a patient directs Atlas or an Atlas-connected provider to share information with a law firm, provider, or other recipient, that recipient is responsible for its own use, storage, and legal duties after receipt.
4. Aggregated and de-identified information
Atlas may create aggregated, statistical, or de-identified information from platform operations to understand provider availability, workflow performance, product reliability, billing trends, and market coverage.
Atlas does not attempt to re-identify de-identified information and does not use aggregated information to disclose a patient's identity, a law firm's confidential matter strategy, or a provider's non-public patient records.
5. Security practices and service providers
Atlas uses reasonable administrative, technical, and operational safeguards designed for the sensitivity of the information handled in Atlas, including access controls, secure transmission, audit logging, security monitoring, and vendor oversight.
No platform, transmission method, storage system, or security control can be guaranteed to be completely secure. Users and organizations remain responsible for protecting their own devices, email accounts, credentials, workforce access, exports, and downstream copies.
Atlas may share information with service providers, subprocessors, professional advisers, payment processors, infrastructure vendors, and security vendors that help Atlas operate the platform, subject to contractual, legal, or operational restrictions appropriate to the service.
6. Choices and requests
Signed-in users can review account details, manage reminder preferences, strengthen security settings, and submit account-data deletion requests through Atlas account settings.
Atlas may deny or defer deletion where records must be retained to satisfy legal holds, medical-record obligations, billing disputes, fraud prevention, or other documented retention duties.
Users may contact Atlas support through the product workflow for access, correction, deletion, security, or privacy questions. Atlas may require identity, authority, and organization verification before acting on a request.
This page is the canonical Atlas web copy for the current onboarding document version. If your organization needs a countersigned copy or negotiated amendment, use your normal Atlas implementation channel.