Data Breach Policy
Last updated June 2026
ThinkRoman Ventures LLC (“ThinkRoman”) takes the security of the ATLAS service seriously. This policy summarizes how we prepare for and respond to a personal-data breach.
Prevention
We design ATLAS to minimize the personal data it touches: the Service does not require an account in this version and asks users not to submit patient-identifiable information. Data in transit is encrypted, and access to systems is limited to those who need it.
Detection and assessment
Should we become aware of a suspected security incident, we will investigate promptly, assess its scope and the categories of data and individuals potentially affected, and take steps to contain it.
Notification
Where a breach is likely to result in a risk to affected individuals, we will notify the relevant parties and any applicable supervisory authorities without undue delay, consistent with applicable law (including, where relevant, the FTC Health Breach Notification Rule and state breach-notification statutes).
Remediation
Following an incident we will take corrective action to reduce the likelihood of recurrence, and document what occurred and how it was resolved.
Reporting a concern
If you believe you have found a security vulnerability or a data-handling concern in ATLAS, please contact us via thinkroman.com.