Privacy Policy

Atlas Care Software, operated by Atlas Labs LLC ("Atlas Care," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our home care agency management platform, website, and related services (collectively, the "Service"). By accessing or using our Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect several types of information to provide and improve our Service:

Atlas Core Mobile Application & Location Data

The Atlas Core mobile app for iOS and Android is the caregiver-facing companion to our home care platform. Caregivers employed by agencies that use Atlas Care Software sign in with credentials issued by their agency to view shifts, clock in and out of visits, complete care plan tasks, and document handoff notes.

What the mobile app collects

• Account information you provide at sign-in — name, email, agency association, and authentication token.
• Shift and visit details — schedules, clock-in and clock-out timestamps, completed care plan items, and free-form notes you enter at the end of a visit.
• Precise location — captured from your device's GPS the moment you tap "Clock In" and "Clock Out" to confirm you arrived at and departed from the correct client address. While a shift is active, the app may continue to read your location in the background to confirm you remained on-site for the duration of the visit.
• Crash and diagnostic data — anonymized error reports we use to improve app stability.

How we use location data

Location is used only to confirm visit attendance for your agency's records. It is collected solely while you are actively on shift — never before your scheduled start time and never after you clock out. The app does not track you outside of active shifts. Location data is stored alongside the corresponding visit record, encrypted in transit and at rest, and is accessible only to your agency's authorized administrators and to Atlas personnel as needed for support.

Permissions you control

You may grant, restrict, or revoke location and notification permissions at any time in your device's Settings. Restricting "Always" location may prevent the app from confirming you remained on-site during a shift; disabling location entirely will prevent clock-in.

Biometric authentication

If you enable Face ID or Touch ID, the biometric match is performed on-device by your operating system's Secure Enclave. Atlas does not receive, store, or have access to your biometric data.

Offline use

When your device has no network connection, the app stores clock-in and clock-out events, notes, and location data locally on the device using the operating system's secure storage. This data is uploaded to Atlas servers, encrypted in transit, the next time the device reconnects.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and maintain the Service, including scheduling, care documentation, billing, and compliance features.
• To create and manage your account, authenticate users, and provide customer support.
• To process transactions and send related billing information, including purchase confirmations and invoices.
• To send administrative communications, such as service updates, security alerts, and policy changes.
• To analyze usage trends and improve the performance, functionality, and user experience of our Service.
• To detect, prevent, and address fraud, abuse, security incidents, and technical issues.
• To comply with legal obligations, including healthcare regulations and reporting requirements.
• To enforce our Terms of Service and other agreements.

3. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers: We share information with trusted third-party vendors who assist us in operating the Service, such as cloud hosting providers, payment processors, analytics services, and customer support tools. These providers are contractually obligated to protect your data and use it only for the purposes we specify.
• Within Your Organization: Information you enter into the Service is accessible to authorized users within your organization based on role-based access controls configured by your agency administrator.
• Legal Requirements: We may disclose information when required by law, regulation, legal process, or governmental request, including to meet healthcare regulatory requirements.
• Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.
• With Your Consent: We may share your information for other purposes with your explicit consent.

4. Data Security

We implement industry-standard technical, administrative, and physical safeguards to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• AES-256 encryption for data at rest and TLS 1.2+ encryption for data in transit.
• Role-based access controls with the principle of least privilege.
• Multi-factor authentication for administrative access.
• Regular security assessments, vulnerability scanning, and penetration testing.
• Automated audit logging of data access and system events.
• Employee security training and background checks for personnel with access to sensitive data.
• On mobile devices, sign-in credentials are stored in hardware-backed secure storage (Apple Secure Enclave or the Android Keystore). Cached visit data, notes, and queued clock-in events are encrypted at rest on the device while the app is used offline, and uploaded over TLS the next time the device reconnects.
• Biometric authentication (Face ID, Touch ID, or Android biometrics) is performed entirely on-device by the operating system. Atlas does not receive, store, or have access to your biometric data.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents in accordance with applicable law.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Upon account termination, we will retain and may continue to use your information as necessary to comply with legal obligations (including healthcare record retention requirements), resolve disputes, and enforce our agreements. Care-related records may be subject to minimum retention periods under state and federal healthcare regulations. When retention is no longer required, data is securely deleted or anonymized.

6. HIPAA Compliance

Atlas Labs LLC operates as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA). We maintain compliance with the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule. We enter into Business Associate Agreements (BAAs) with our customers who are Covered Entities or Business Associates under HIPAA. For comprehensive details about our HIPAA compliance program, please review our HIPAA Notice.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: You may request a copy of the personal information we hold about you.
• Correction: You may request that we correct inaccurate or incomplete personal information.
• Deletion: You may request that we delete your personal information, subject to certain legal exceptions and retention requirements.
• Portability: You may request a copy of your data in a structured, machine-readable format.
• Opt-Out: You may opt out of non-essential marketing communications at any time by using the unsubscribe link in our emails or contacting us directly.

To exercise any of these rights, please contact us at privacy@atlascaresoftware.com. We will respond to your request within 30 days. Note that rights related to Protected Health Information under HIPAA are addressed separately in our HIPAA Notice.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect usage data and improve the Service. The types of cookies we use include:

• Essential Cookies: Required for the Service to function, including authentication, session management, and security.
• Analytics Cookies: Help us understand how users interact with the Service so we can improve functionality and performance.
• Preference Cookies: Remember your settings and preferences to personalize your experience.

You can control cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service. We do not use cookies to track users across third-party websites for advertising purposes.

9. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us at privacy@atlascaresoftware.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on our website with a revised "Last updated" date and, where required by law, by providing additional notice such as an email notification or in-app alert. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: