Privacy Policy

Last Updated: March 2026

The short version:We collect the information you give us to generate your ATLAS report and communicate your results. We don't sell your data. We don't spam you. That's it.

What We Collect

Information you provide:

  • Name, email address, and website URL (required for your ATLAS assessment)
  • Job title, organization size, phone number, and social media profiles (optional, if you choose to share them)
  • Any additional information you provide through our contact form or during conversations with us

Information collected automatically:

  • Basic website analytics (pages visited, time on site, referring source) via Google Analytics
  • Cookies necessary for site functionality
  • Server logs including IP address, browser type, and referring URLs (processed by Cloudflare)

How We Use It

  • To generate your ATLAS report and deliver it to your inbox
  • To communicate your results and any follow-up you've requested
  • To improve our assessment tools and website experience
  • To send you relevant information, but only if you've opted in

What We Don't Do

  • We don't sell your personal information. Ever.
  • We don't share your data with third parties for their marketing purposes.
  • We don't send unsolicited emails beyond delivering your requested report.
  • We don't use your assessment data in any publicly identifiable way without your explicit permission.

How ATLAS Uses Public Data

When you request an ATLAS assessment, our system analyzes publicly available information about your organization, including your website, social media profiles, Google Business Profile, and other public-facing data. This is information that is already accessible to anyone on the internet. By submitting the intake form, you consent to this analysis and confirm that you have the authority to request an assessment of the organization you represent.

Your ATLAS Report Data

We store your report data to provide portal access and track score changes over time. Anonymized, aggregated data may be used to improve our scoring methodology and produce industry benchmarks. No individually identifiable data is shared publicly without your explicit written consent.

Cookies

We use essential cookies for site functionality and analytics cookies (Google Analytics) to understand how visitors use our site. You can disable cookies in your browser settings, though some site features may not work properly.

Do Not Track: We respect Do Not Track browser signals. When detected, we disable non-essential analytics tracking.

Data Retention

We retain your information for as long as your account is active or as needed to provide services. Specifically:

  • ATLAS report data: retained for the duration of your portal access
  • Contact information: retained until you request removal
  • Website analytics: retained per Google Analytics default settings (14 months)

If you'd like your data deleted, email [email protected] and we'll process your request within 30 days.

Your Rights

If you're in California (CCPA): You have the right to know what personal information we collect, request its deletion, and opt out of its sale (though we never sell it). To exercise these rights, email [email protected].

If you're in the EU/UK (GDPR): You have the right to access, correct, delete, or port your personal data, and to object to or restrict its processing. Our legal basis for processing is legitimate interest (delivering the service you requested) and consent (for optional communications). To exercise these rights, email [email protected].

We respond to all rights requests within 30 days.

Third-Party Services

We use the following services to operate:

  • Cloudflare (DNS, CDN, and security)
  • Google Analytics (website analytics)
  • HubSpot (CRM and email communication)
  • Railway (application hosting)
  • Neon (database hosting)

Each operates under their own privacy policies. We select providers that maintain reasonable security practices.

Data Security

We use industry-standard security measures to protect your information, including encrypted connections (HTTPS), secure hosting infrastructure, and access controls. While no system is 100% secure, we take reasonable steps to protect your data.

Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will notify affected individuals via email within 72 hours of becoming aware of the breach, along with a description of what happened and what steps we're taking.

Children's Privacy

Our services are designed for organizations and their leaders. We do not knowingly collect information from anyone under the age of 16.

Changes

If we make significant changes to this policy, we'll update this page and the “last updated” date above. For material changes that affect how we use your data, we'll make reasonable efforts to notify you via email.

Contact

Questions about your data? Email [email protected].