Website Privacy Policy

Last modified: February 15, 2024

Introduction

ATLAS MD ("Company" or "We") respect your privacy and are committed to protecting it through our compliance with this policy.

This policy describes the types of information we may collect from you or that you may provide when you visit the website https://atlas.md/ (our "Website") and our practices for collecting, using, maintaining, protecting, and disclosing that information.

This policy applies to information we collect:

• On this Website.
• In email, text, and other electronic messages between you and this Website.
• Through mobile and desktop applications you download from this Website, which provide dedicated non-browser-based interaction between you and this Website.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Website. By accessing or using this Website, you agree to this privacy policy.

Children Under the Age of 13

Our Website is not intended for children under 13 years of age. No one under age 13 may provide any information to the Website without verification of parental consent. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this Website. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from a child under 13, please contact our Chief Privacy Officer.

California residents under 16 years of age may have additional rights regarding the collection and sale of their personal information. Please see “Your State Privacy Rights” below for more information.

Information We Collect About You and How We Collect It

We collect several types of information from and about users of our Website, including information:

• By which you may be personally identified, such as name, postal address, email address, telephone number, signature, social security number or any other identifier by which you may be contacted online or offline ("personal information");
• That is about you but individually does not identify you; and/or
• About your internet connection, the equipment you use to access our Website, and usage details.

We collect this information:

• Directly from you when you provide it to us.

• Automatically as you navigate through the site. Information collected automatically may include usage details, IP addresses, and information collected through cookies.

Information You Provide to Us

The information we collect on or through our Website may include:

• Information that you provide by filling in forms on our Website. This includes information provided at the time of registering to use our Website, subscribing to our service, or requesting further services. We may also ask you for information when you report a problem with our Website.
• Records and copies of your correspondence (including phone numbers or email addresses) with us and your doctor.
• Your search queries on the Website.

Information We Collect Through Automatic Data Collection Technologies

As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including details of your visits to our Website (including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website) and information about your computer and internet connection, including your IP address, operating system, and browser type.

The information we collect automatically may include personal information, or we may maintain it or associate it with personal information we collect in other ways or receive from third parties, such as our partners, Stripe and Google. It helps us to improve our Website and to deliver a better and more personalized service, including by enabling us to:

• Recognize you when you return to our Website.
• Speed up your login and site interaction.

The technologies we use for this automatic data collection may include:

Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website.
Web Beacons. Pages of our Website and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

How We Use Your Information

We use information that we collect about you or that you provide to us, including any personal information:

• To present our Website and its contents to you.
• To provide you with information, products, or services that you request from us.
• To provide you with notices about your account, including expiration and renewal notices.
• To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
• To notify you about changes to our Website or any products or services we offer or provide though it.
• In any other way we may describe when you provide the information.
• For any other purpose with your consent.

We will not sell the personal information, including any sensitive personal information, we collect or share it with third parties for cross-context behavioral advertising.

Disclosure of Your Information

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may disclose personal information that we collect or you provide as described in this privacy policy:

• To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes, described above, for which we disclose it to them.
• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our Website users is among the assets transferred.

We may also disclose your personal information:

• To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
• To enforce or apply our terms of use and other agreements, including for billing and collection purposes.
• If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Atlas MD, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

Accessing and Correcting Your Information

You can review and change your personal information by logging into the Website and visiting your account profile page.

You may also send an email to our Chief Privacy Officer to request access to, correct or delete any personal information that you have provided to us. We cannot delete your personal information except by also deleting your user account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

Your State Privacy Rights

State consumer privacy laws may provide their residents with additional rights regarding our use of their personal information. To learn more about California residents' privacy rights, visit https://oag.ca.gov/privacy/ccpa.

Colorado, Connecticut, Virginia, and Utah each provide their state residents with rights to:

• Confirm whether we process their personal information.
• Access and delete certain personal information.
• Data portability.
• Opt-out of personal data processing for targeted advertising and sales.

Colorado, Connecticut, and Virginia also provide their state residents with rights to:

• Correct inaccuracies in their personal information, taking into account the information's nature processing purpose.
• Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects.

To exercise any of these rights please send an email to our Chief Privacy Officer.

Nevada provides its residents with a limited right to opt-out of certain personal information sales. However, please know we do not currently sell data triggering that statute's opt-out requirements.

Data Security

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. Any payment transactions will be encrypted.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website. Further, should you elect to communicate with your doctor through our system via app, texting, emailing, or calling, or other similar methods, you recognize and understand that such communication is less secure.

Changes to Our Privacy Policy

It is our policy to post any changes we make to our privacy policy on this page. If we make material changes to how we treat our users' personal information, we will notify you by email to the email address specified in your account and through a notice on the Website home page. The date the privacy policy was last revised is identified at the bottom of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this privacy policy to check for any changes.

Partner Interactions

Opt-In Google Integration

As part of our optional Google integration, we use your Google user data as follows:

• Fetch your emails from Google’s servers and display those emails within our platform as part of our services.
• View your Google email address so we can cross reference with what we have in our platform.
• Fetch your files from folder(s) you have granted us permission to access on Google’s servers and display those files within our platform as part of our services.

Atlas MD’s use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Stripe Identity

We use Stripe for identity document verification. Stripe collects identity document images, facial images, ID numbers and addresses as well as advanced fraud signals and information about the devices that connect to its services. Stripe shares this information with us and also uses this information to operate and improve the services it provides, including for fraud detection. You may also choose to allow Stripe to use your data to improve Stripe’s biometric verification technology. You can learn more about Stripe and read its privacy policy at https://stripe.com/privacy.

Stripe retains a copy of all the data provided as part of a verification. You may also have consented to allow Stripe to use your data to improve their technology. You can delete your information from Stripe’s servers or revoke your consent by visiting https://support.stripe.com.

HIPAA at Atlas

As a key provider of services and technology to the healthcare industry, Atlas has implemented programs to address the transaction standards, and the privacy and security implications of the rules promulgated pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). As required by HIPPA, a Notice of Privacy Policies is available upon request and will be provided to all covered participants and beneficiaries and to new enrollees in applicable Atlas plans. Further, copies of this policy will be physically furnished to all applicable individuals. If you have any questions about HIPAA at Atlas, or would like to request a copy of the Notice of Privacy Policies, please e-mail our Chief Privacy Officer. Atlas’s mailing address: 10500 E. Berkeley Square #200, Wichita, KS 67206, ATTN: Chief Privacy Officer.



Vulnerability Disclosure Policy