Goliath ATLASGoliath ATLAS

Privacy Policy

Last updated: March 17, 2026

🔒

Your data is private by design.

Goliath ATLAS handles sensitive information about individuals with disabilities, including minors. We take that responsibility seriously. We do not sell your data, we do not advertise, and we only process data to provide the services you have signed up for.

1. Who We Are

Goliath ATLAS ("we", "our", "us") is a professional platform for disability advocates, peer support specialists, special education teams, and vocational rehabilitation professionals, operated by Goliath Advocacy, LLC, a Nebraska limited liability company based in Omaha, Nebraska. This Privacy Policy explains how we collect, use, store, and protect information when you use our platform at goliathatlas.app ("the Platform").

2. Information We Collect

Account and Organization Information

  • Name, email address, and password (hashed — never stored in plain text)
  • Organization name, type, subscription plan, and billing information
  • User roles and permissions within your organization
  • Profile photo (optional)

Participant Data You Enter

  • Participant names, dates of birth, diagnoses, and contact information
  • IEP goals, accommodations, services, and review dates
  • Contact notes, group notes, and session documentation
  • Wellness Recovery Service Plans (WRSP) and Wellness and Safety Plans
  • Vocational Rehabilitation plans (IPE), employment goals, and milestones
  • Legal records, complaints, and deadline information
  • Transition plans and agency referrals
  • Coordination Network posts and cross-organization communications
  • Uploaded documents and files

AI-Generated Content

  • When you use the Communications Builder, your prompts and contextual information are sent to Anthropic's API to generate draft communications. We do not use your data to train AI models. Anthropic's data processing is governed by their privacy policy.

Usage and Technical Data

  • Browser type, device type, and IP address
  • Pages visited and features used within the Platform
  • Error logs and performance data used to improve the service

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Platform and its features
  • Send automated email notifications for IEP reviews, legal deadlines, and meetings
  • Process subscription payments and manage billing
  • Respond to support requests and communicate service updates
  • Monitor for security incidents and prevent fraud or abuse
  • Improve platform performance, reliability, and features
  • Comply with legal obligations

We do not use your participant data to train AI models, sell to third parties, or advertise.

4. Coordination Network and Data Sharing

The Platform includes a Coordination Network feature that allows multiple organizations supporting the same participant to share updates and coordinate care. When you post to a Coordination Network, that information is visible to all organizations that have been granted access to that participant's network.

You are responsible for ensuring that cross-organization data sharing complies with applicable laws and any consent requirements. Posts marked as internal are only visible to your own organization. Posts marked as visible to participant may be seen by the participant through the participant portal.

5. Data Storage and Security

All data is stored securely using Supabase, hosted on AWS infrastructure with encryption at rest and in transit (TLS 1.2+). Access to your organization's data is enforced through Row Level Security (RLS), meaning users can only access data belonging to their own organization unless explicitly granted access through a Coordination Network.

We implement the following security measures:

  • All passwords are hashed — we never store plain text passwords
  • All data transmissions are encrypted via HTTPS/TLS
  • File uploads are stored in private, access-controlled storage buckets
  • Role-based access controls limit what each user can see and do
  • Signed URLs with expiration for all document and file access

6. FERPA, HIPAA, and Applicable Privacy Laws

The Platform is used by professionals who may be subject to FERPA (Family Educational Rights and Privacy Act), HIPAA (Health Insurance Portability and Accountability Act), 42 CFR Part 2 (substance use records), or other federal and state privacy laws governing student, health, and behavioral health records.

Goliath Advocacy, LLC acts as a data processor on behalf of your organization. Your organization is the data controller responsible for ensuring that participant data is handled in accordance with applicable laws, including obtaining any required consents before entering participant information into the Platform.

If your organization requires a Business Associate Agreement (BAA) for HIPAA compliance or a Data Processing Agreement (DPA), please contact us at legal@goliathadvocacy.com.

7. Third-Party Services

We use the following trusted third-party services to operate the Platform:

Supabase

Database, authentication, and file storage

Privacy Policy →

Stripe

Payment processing and subscription billing

Privacy Policy →

Vercel

Platform hosting and deployment

Privacy Policy →

Anthropic

AI-assisted Communications Builder (Practice plan and above)

Privacy Policy →

We do not sell, rent, or share your data with any third parties beyond those listed above and only to the extent necessary to provide the Platform's services.

8. Data Retention

We retain your data for as long as your organization's account is active. If you cancel your subscription or request account deletion:

  • You may request a full data export within 30 days of cancellation
  • Account data is permanently deleted within 60 days of account closure
  • Uploaded files and documents are deleted from storage within 30 days
  • Anonymized usage analytics may be retained for up to 2 years

9. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your personal data
  • Export your data in a portable format
  • Object to or restrict certain types of processing

To exercise any of these rights, contact us at legal@goliathadvocacy.com. We will respond within 30 days.

10. Cookies

The Platform uses essential cookies and browser storage to maintain your session and authentication state. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. You can disable cookies in your browser settings, but doing so may prevent you from logging in or using the Platform.

11. Children's Privacy

The Platform is intended for use by licensed professionals and organizations, not directly by minors. While the Platform may store records related to minor participants (such as students with IEPs), access is restricted to authorized professionals within your organization. We do not knowingly collect personal information directly from children under 13. All data about minors is entered and controlled by the authorized professional organization using the Platform.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notification at least 14 days before the changes take effect. Your continued use of the Platform after that date constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:

Goliath Advocacy, LLC

Omaha, Nebraska

legal@goliathadvocacy.com
Back to login·Terms of Service·EULA