Legal & Privacy Center
Privacy Policy
Last Updated: April 2026
1. Introduction
Atlas Church Solutions ("we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our church management software platform (the "Services"). Because we provide B2B software for churches, it is important to distinguish our two roles regarding data:
- As a Data Controller: We collect business information from church administrators (our direct customers) to manage billing, support, and communication.
- As a Data Processor: We process congregant and member data solely on behalf of the church. The church remains the Data Controller of this information.
2. Information We Collect
A. From Church Administrators (Our Customers): When you create an account, request a demo, or contact us, we collect personal information such as your name, email address, phone number, payment/billing information, and church name. We also automatically collect device and usage data (like IP addresses and browser types) through cookies (see our Cookie Policy for details).
B. On Behalf of Churches (Member Data): Churches use our platform to store data about their members. This may include:
- Contact information (names, emails, phone numbers, addresses).
- Special categories of data, such as religious affiliation, prayer requests, or pastoral care notes.
- Financial giving records.
- Volunteer schedules and background check statuses.
- Children's check-in data and youth group rosters.
Atlas Church Solutions does not own this member data. We only process it according to the church's instructions to provide the Services.
3. Children's Privacy (COPPA Compliance)
We recognize that churches process data regarding minors, including children under the age of 13, for Sunday school check-ins, youth groups, and event registrations. Atlas Church Solutions does not directly solicit or collect information from children. All data regarding children is inputted by church staff or by parents/guardians acting through the church. The Church (the Data Controller) is strictly responsible for obtaining verifiable parental consent under the Children's Online Privacy Protection Act (COPPA) before collecting and entering a child's data into our Services. We treat all children's data with the highest security standards. Atlas will never use children's data for any purpose other than providing the requested Services to the church, nor will we condition participation on the collection of more information than is reasonably necessary.
4. How We Use the Data
We use the information we collect as a Data Controller to: Provide, operate, and maintain our Services. Process payments and manage subscriptions. Send transactional emails, security alerts, and support messages. Improve our platform through aggregated, anonymized analytics. This aggregated, anonymized data cannot be re-identified, is never attributed back to individual churches or members, and is not used to train public AI models.
We use the data we process on behalf of churches only to deliver the requested features (e.g., sending automated follow-ups, generating care journals, and processing donations) as instructed by the church.
5. Sharing Your Information
We do not sell personal data to third parties. We may share information with:
- Subprocessors: Trusted third-party service providers who assist us in operating our platform (e.g., AWS for hosting, Stripe for payments). View our full List of Subprocessors.
- Legal Compliance: Law enforcement or regulatory bodies if required by law or subpoena.
6. Data Retention
We retain Administrator data for as long as your account is active or as needed to provide you Services and comply with legal obligations. Member data uploaded by the church is retained until the church deletes it or terminates their account. Upon termination, churches have 30 days to export their data before it is permanently deleted from our servers.
7. Security
We implement industry-standard security measures, including TLS/SSL encryption for data in transit and at rest, strict access controls, and regular security assessments. While we strive to protect your data, no system is 100% secure, and we cannot guarantee absolute security. In the event of a security breach involving Church Administrator data, we will notify affected administrators promptly.
8. Your Privacy Rights
Depending on your location (e.g., California under CCPA/CPRA, or Europe under GDPR), you have the right to: (1) know and access your personal data, (2) correct inaccurate data, (3) delete your data, (4) request data portability (export), (5) opt-out of the sale or sharing of your data (though we do not sell your data), and (6) not be discriminated against for exercising these rights. We will respond to all verifiable privacy rights requests within 45 days.
- Church Administrators: Contact us directly at privacy@atlaschurchsolutions.com to exercise these rights.
- Church Members: Because your church is the Data Controller, please direct any requests regarding your personal data (such as deleting your profile or viewing your giving records) to your church administration. We will assist the church in fulfilling your request.
9. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at: Email: privacy@atlaschurchsolutions.com
Terms of Service
Last Updated: April 2026
1. Agreement to Terms & Incorporated Policies
By accessing and using the products and services provided by Atlas Church Solutions (collectively, the "Services"), you accept and agree to be bound by these terms. These Terms of Service explicitly incorporate our Privacy Policy, Cookie Policy, Acceptable Use Policy (AUP), and Data Processing Agreement (DPA). If you do not agree to these terms, please do not use the Services.
2. Data Roles & Responsibilities
In providing the Services, Atlas Church Solutions acts as the "Data Processor," while your church/organization acts as the "Data Controller." You are solely responsible for obtaining all necessary consents from your congregants, members, and staff to collect and upload their personal data into our Services, including explicit parental consent for any data pertaining to minors/children under the age of 13.
3. Service Access & License
Atlas Church Solutions grants you a non-exclusive, non-transferable, revocable right to access and use our SaaS platform solely for your organization's internal ministry operations. This license may be revoked if you materially breach these Terms or our Acceptable Use Policy. Under this access, you may not:
- Modify, copy, or create derivative works based on the Services.
- Attempt to decompile or reverse engineer any software contained within the Services.
- Use the Services to provide managed services to third-party organizations not affiliated with your church.
4. User Content & Ownership
You retain all ownership rights to the data, information, and materials you upload to the Services ("User Content"). By uploading User Content, you grant Atlas Church Solutions a limited, worldwide, royalty-free license to host, transmit, and display your data solely as necessary to provide the Services to you and your organization.
5. Uptime & Maintenance
We will make commercially reasonable efforts to make the Services available 24 hours a day, 7 days a week. Services may be temporarily unavailable for scheduled maintenance, for which we will provide reasonable prior notice.
6. User Accounts & Security
You are responsible for safeguarding the password used to access the Services and for any activities or actions under your password. You must notify us immediately at security@atlaschurchsolutions.com upon becoming aware of any breach of security or unauthorized use of your account.
7. Payment & Billing
- Fees & Billing: You agree to pay all fees associated with your selected subscription plan. Subscriptions are billed on a recurring basis (monthly or annually) as selected during sign-up.
- Refunds: Unless otherwise stated at the time of purchase, payments are non-refundable. You may cancel your subscription at any time, and you will continue to have access to the service through the end of your current billing period.
- Price Changes: We reserve the right to change our fees with 30 days' notice to you.
8. Warranty Disclaimer
THE SERVICES ARE PROVIDED ON AN "AS-IS" AND "AS AVAILABLE" BASIS. ATLAS CHURCH SOLUTIONS MAKES NO WARRANTIES, EXPRESSED OR IMPLIED, AND HEREBY DISCLAIMS ALL OTHER WARRANTIES INCLUDING, WITHOUT LIMITATION, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OF INTELLECTUAL PROPERTY.
9. Indemnification
You agree to indemnify and hold harmless Atlas Church Solutions against any claims, damages, or legal actions arising from your misuse of the platform, your violation of these Terms, or any claims related to the data you upload (including lack of consent). Atlas Church Solutions agrees to indemnify you against claims that our software directly infringes when used as authorized under these Terms on the intellectual property rights of a third party.
10. Limitation of Liability
To the maximum extent permitted by law, Atlas Church Solutions shall not be liable for any indirect, incidental, special, or consequential damages (including loss of profits or data) arising out of your use of the Services. Our total liability for any claim shall not exceed the amount paid by you to Atlas Church Solutions in the 12 months preceding the claim.
11. Suspension and Termination
We may suspend your access to the Services without liability if you violate our Acceptable Use Policy, pending an investigation. We may terminate your account entirely for material or repeated breaches of these Terms. Upon termination, your right to use the Services will cease. You will have a 30-day window to export your User Content before it is permanently deleted from our systems.
12. Force Majeure
Atlas Church Solutions shall not be liable for any failure or delay in performance due to causes beyond our reasonable control, including natural disasters, acts of God, cyberattacks, or infrastructure outages.
13. Modifications to Terms
We may modify these Terms of Service at any time. We will notify you of material changes via email at least 30 days in advance. Your continued use of the Services after the effective date constitutes your acceptance of the updated terms.
14. Governing Law & Dispute Resolution
These terms are governed by the laws of the State of Florida. Any dispute arising from these Terms or the Services shall be resolved through binding arbitration administered by the American Arbitration Association (AAA) in accordance with its Commercial Arbitration Rules. Arbitration may be conducted remotely or in Florida. Atlas Church Solutions will cover arbitration filing fees for claims under $10,000 unless the arbitrator determines the claim is frivolous. Prior to arbitration, parties must engage in a 30-day informal dispute resolution process. You agree to waive any right to participate in a class action lawsuit or class-wide arbitration.
15. Contact Information
If you have any questions about these Terms, please contact us at support@atlaschurchsolutions.com.
16. Survival
Sections 4 (User Content & Ownership), 8 (Warranty Disclaimer), 9 (Indemnification), 10 (Limitation of Liability), 14 (Governing Law & Dispute Resolution), and any confidentiality obligations shall survive the termination or expiration of these Terms.
Acceptable Use Policy
Last Updated: April 2026
1. Purpose & Incorporation
This Acceptable Use Policy ("AUP") applies to all users of Atlas Church Solutions services and is expressly incorporated into our Terms of Service. The purpose of this policy is to ensure that our Services are used in a responsible, legal, and ethical manner that does not harm Atlas Church Solutions, other users, or third parties.
2. Prohibited Activities & Content
You agree not to use the Services for:
- Any unlawful purpose or activity that violates local, state, national, or international law.
- Harassment, threats, intimidation, abusive behavior, or discriminatory practices directed at any individual or group.
- Transmission of spam, unsolicited commercial communications, or mass mailings; Phishing, social engineering, or fraudulent activities.
- Hacking, cracking, or attempting to gain unauthorized access to the Services, other systems, or sharing access credentials with unauthorized personnel.
- Uploading third-party copyrighted content (such as sermon videos, licensed music, or curriculum materials) without the appropriate licenses or permissions.
- Uploading content that is illegal, obscene, profane, defamatory, libelous, or contains child sexual abuse material.
- Uploading content that contains malware, viruses, worms, or other malicious code; or violates anyone's privacy or confidentiality.
3. Church & Member Data Prohibitions
Given the highly sensitive nature of church management data, you strictly agree NOT to:
- Use member data for commercial purposes outside of the church's direct ministry operations (e.g., using a congregation list to market a personal business).
- Share, sell, or distribute member data or congregation lists to third parties without explicit member consent.
- Export or feed member data into external Artificial Intelligence (AI) tools, Large Language Models (LLMs), or third-party automated processing pipelines without explicit authorization.
4. Infrastructure Protection
You agree not to:
- Scrape, crawl, or systematically access our Services without prior written permission.
- Use automated tools or bots to access the Services in a manner that strains our infrastructure.
- Conduct denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks or reverse engineer any portion of the Services.
5. Enforcement & Consequences
Atlas Church Solutions reserves the right to monitor user activity and take legal action to protect its rights. If we detect a violation of this AUP, we will generally provide written notice and a reasonable cure period. However, we reserve the right to immediately suspend or terminate service without prior notice if the violation poses an immediate threat of harm to our platform, our users, or the public. If you encounter behavior that violates this AUP, please report it to security@atlaschurchsolutions.com.
Data Processing Agreement
Last Updated: April 2026
1. Scope and Purpose
This Data Processing Agreement ("DPA") is entered into between Atlas Church Solutions ("Service Provider") and the Customer. This DPA applies when Customer is a controller of personal data and Service Provider processes such personal data on behalf of the Customer in the course of providing the Services. By accepting the Terms of Service, the Customer is entering into a legally binding bilateral agreement that incorporates this DPA. "Personal Data" has the meaning given in applicable data protection laws, including the CCPA and GDPR.
2. Sub-processors
Service Provider shall not engage sub-processors without prior specific or general written authorization from Customer. Service Provider shall inform Customer of any new or replacement sub-processors at least 30 days prior to the sub-processor beginning to process Personal Data, giving Customer the opportunity to object to the engagement of new sub-processors. Customers may object in writing by emailing privacy@atlaschurchsolutions.com within 30 days of notification. If a Customer objects and Atlas Church Solutions cannot accommodate the objection, the Customer may terminate the affected Services and receive a pro-rated refund for any prepaid, unused fees. You can view our current list of active sub-processors at atlaschurchsolutions.com/subprocessors.
3. Data Processor Obligations & Confidentiality
Service Provider agrees to process Personal Data only on documented instructions from the Customer. Service Provider shall ensure that all personnel authorized to process Personal Data are bound by appropriate and strict confidentiality obligations.
4. Data Subject Rights Assistance
Service Provider shall, taking into account the nature of the processing, assist Customer by appropriate technical and organizational measures in fulfilling the Customer's obligation to respond to Data Subject rights requests (including rights of access, rectification, erasure/deletion, restriction, and portability). If a church member requests deletion of their data directly from Atlas Church Solutions, we will promptly redirect the request to the Customer and cooperate to execute the Customer's instructions.
5. Data Security
Service Provider implements and maintains encryption of Personal Data in transit (TLS/SSL) and at rest. We also maintain access controls limiting access to authorized personnel only, conduct regular security assessments, align our security practices with the NIST Cybersecurity Framework, and are actively working toward formal SOC 2 Type II compliance. We also maintain comprehensive incident response procedures.
6. Data Breach Notification
In case of a Personal Data breach, Service Provider shall notify Customer without undue delay and in no case later than 72 hours after becoming aware of the breach. Service Provider shall provide Customer with sufficient information to allow Customer to notify relevant authorities and affected Data Subjects.
7. Cross-Border Data Transfers
If any infrastructure, staff, or sub-processors are located outside the Customer's country (or process data of non-US church members), Service Provider shall ensure such transfers are legitimized through appropriate safeguards, such as Standard Contractual Clauses (SCCs) or other legally recognized transfer mechanisms.
8. Return or Deletion of Data at Termination
Upon termination or expiration of the Services, Customer will have a 30-day window to export their User Content. After this 30-day window, Service Provider shall, at Customer's choice, either return all Personal Data to the Customer or certifiably destroy it, unless applicable law requires continued storage. Service Provider will confirm in writing which option was taken upon request.
9. Audit Rights
Service Provider shall make available to Customer all information necessary to demonstrate compliance with this DPA. Service Provider shall allow for and contribute to audits and inspections by Customer or Customer's mandated independent auditor. In lieu of on-site audits, Service Provider may offer to provide recent SOC 2 reports or comprehensive security questionnaire responses to satisfy this requirement.