Privacy Policy

2.1 Account Holders (Administrators and Property Managers)

Account holders are community associations, HOA board members, property managers, and other individuals or entities that subscribe to the Service, create an account, and manage the platform on behalf of a community. Account holders enter into a direct contractual relationship with Atrium via the Terms of Service. Atrium collects and processes personal information from account holders as described in this Policy.

2.2 Resident End Users

Residents are homeowners, tenants, and other community members who access the Service through a community portal provisioned by their association. Residents may create their own accounts directly or may have accounts created on their behalf by the association administrator. Residents are not direct contractual parties with Atrium — their relationship with the platform is mediated by the association. The association is responsible for ensuring residents are informed about the use of the Service and this Privacy Policy.

2.3 Website Visitors

Visitors to Atrium’s public website and marketing properties interact with Atrium outside of the platform itself. This Policy covers the limited information Atrium collects from website visitors, including through cookies and analytics tools.

3.1 Information You Provide Directly

When you create an account, subscribe to the Service, or use platform features, Atrium may collect:

• Identity information: full name, username, profile photo;
• Contact information: email address, phone number, mailing address;
• Community and property details: unit number, lot or building designation, community name, and role within the community;
• Account credentials: username and encrypted password (Atrium does not store plaintext passwords);
• Communications: messages, announcements, maintenance requests, documents, and other content submitted through the platform;
• Support correspondence: information provided when contacting Atrium for help or reporting an issue.

3.2 Information Collected Automatically

When you access or use the Service, Atrium and its service providers automatically collect:

• Device and browser information: IP address, browser type and version, operating system, device identifiers;
• Usage data: pages viewed, features used, time spent in the platform, clicks, session duration, and navigation paths;
• Log data: server logs, error reports, and access timestamps;
• Location data: general geographic location inferred from IP address (city and region level only — Atrium does not collect precise GPS location).

3.3 Information Provided by the Association on Your Behalf

When an association administrator provisions a resident account, Atrium receives personal information about that resident from the association, including name, contact information, unit assignment, and account role. Associations are responsible for ensuring they have appropriate authority to provide resident information to Atrium and for notifying residents that their information will be processed by the platform.

3.4 Payment Information

Atrium uses Stripe to process subscription payments. Atrium does not directly collect, store, or have access to full payment card numbers, bank account numbers, or other sensitive financial data. Payment information is collected and processed directly by Stripe under Stripe’s own privacy policy and PCI DSS compliance standards. Atrium retains limited billing records including subscription tier, billing cycle, and payment status.

3.5 AI-Interaction Data

When you use AI-powered features within the Service — such as intelligent assistants, document summarization, or automated drafting tools — the inputs you provide and the outputs generated may be processed by third-party AI service providers as described in Section 7. Atrium may retain records of AI interactions to support the feature, troubleshoot issues, and improve the platform.

4.1 Providing and Operating the Service

• Creating and managing user accounts;
• Enabling community management features including announcements, document storage, maintenance requests, voting, and financial tools;
• Processing subscription payments and managing billing;
• Powering AI-assisted features as described in Section 7;
• Sending transactional communications including account confirmations, billing notices, and renewal reminders.

4.2 Platform Improvement and Analytics

• Analyzing usage patterns to improve platform features and user experience;
• Diagnosing technical issues and monitoring platform performance;
• Conducting internal research and product development using aggregated and anonymized data.

4.3 Advertising and Monetization

Atrium may use non-personally-identifiable, aggregated, or contextual information to deliver advertising within the platform and to support Atrium’s advertising business, as described in detail in Section 5.

4.4 Legal and Safety

• Complying with applicable laws, regulations, and legal process;
• Enforcing Atrium’s Terms of Service and other agreements;
• Detecting, preventing, and responding to fraud, security threats, and abuse;
• Protecting the rights, property, and safety of Atrium, its users, and the public.

4.5 Communications

Atrium sends two distinct categories of communications:

• Transactional communications: billing confirmations, payment failure notices, subscription renewal reminders, account alerts, password resets, and association-level operational notifications. These are sent to all account holders regardless of marketing preferences and will never contain advertising or sponsored content.
• Marketing communications: product updates, feature announcements, platform news, sponsored promotions, partner offers, and excerpts or links from sponsored blog content. These are sent only to users who have opted in. Users may withdraw consent at any time by clicking the unsubscribe link in any marketing email, replying STOP to any marketing SMS, or updating communication preferences in account settings. Opting out of marketing communications does not affect transactional communications.

5.1 Permitted Advertising Approaches

• Sponsored content placed directly by Atrium, where advertisers pay for visibility without receiving any user data;
• Display advertising delivered through third-party ad networks, informed only by contextual signals such as community type, geographic region, and community size — never by individually identifiable user information;
• Atrium-curated advertising targeted by community characteristics (e.g., association type, county, approximate unit count tier) without sharing any personally identifiable information with advertisers.

5.2 Use of Aggregated Data

Atrium may use aggregated, anonymized, or de-identified data derived from platform usage — such as regional engagement patterns, community type distribution, or general feature usage trends — to develop advertising audience segments, improve ad targeting, and support Atrium’s advertising business. This aggregated data cannot be used to identify any specific individual, community, or association.

5.3 What Atrium Will Not Do

5.4 Third-Party Ad Networks

When Atrium uses third-party ad networks to deliver display advertising, those networks may use cookies or similar tracking technologies to serve ads. These technologies are subject to each network’s own privacy policy. Atrium requires that any ad network used in the platform comply with applicable privacy law and not use Atrium user data for their own independent commercial purposes beyond ad delivery.

5.5 Marketing Email and SMS Communications

With your opt-in consent, Atrium may send marketing emails and SMS messages that include sponsored promotions, partner offers, and commercial messaging. Key commitments:

• You will only receive sponsored marketing communications if you have opted in. Opt-in is separate from the consent required for transactional communications.
• Every marketing email will include a clear and functioning unsubscribe mechanism. Every marketing SMS will support STOP opt-out. You may also update preferences in account settings.
• Atrium complies with the CAN-SPAM Act for commercial email and obtains express written consent for commercial SMS messages as required by the Telephone Consumer Protection Act (TCPA).
• Atrium does not share your email address or phone number with sponsors or advertisers. Sponsored content is delivered by Atrium directly — sponsors do not receive your contact information.

5.6 Sponsored Blog Content

Atrium may publish sponsored articles, advertorials, and paid promotions on its blog and owned media properties. Any content that involves material compensation from a third party will be clearly identified as sponsored in accordance with FTC disclosure guidelines. Atrium may include links to, summaries of, or excerpts from sponsored blog content within marketing emails and SMS messages sent to opted-in users. These communications will clearly identify the sponsored nature of the content. Atrium does not endorse the products or services of any third-party sponsor, and sponsor relationships do not influence editorial control over non-sponsored Atrium content.

6.1 Service Providers and Subprocessors

Atrium engages third-party service providers to help operate the platform. These providers process personal information only on Atrium’s behalf, under contractual obligations to maintain confidentiality and use data only to perform services for Atrium. Current categories of subprocessors include:

• Payment processing: Stripe;
• Cloud infrastructure and hosting providers;
• AI service providers (as described in Section 7);
• Analytics providers (as described in Section 8);
• Email and communication delivery services;
• Security and fraud detection services.

6.2 Within Your Community

Information you submit through the platform — such as your name, unit number, profile information, posts, and communications — may be visible to other authorized users within your community portal, including association administrators, board members, and other residents, consistent with the platform’s community features and your account settings.

6.3 Legal Requirements

Atrium may disclose personal information if required to do so by law, court order, or governmental authority, or if Atrium believes in good faith that disclosure is necessary to: (a) comply with applicable legal obligations; (b) protect the rights or property of Atrium; (c) prevent or investigate potential fraud or security threats; or (d) protect the personal safety of users or the public. Where legally permitted, Atrium will notify affected customers of such disclosure.

6.4 Business Transfers

If Atrium is involved in a merger, acquisition, asset sale, or other business transaction, personal information may be transferred as part of that transaction. Atrium will notify account holders via email prior to such a transfer and before personal information becomes subject to a materially different privacy policy.

6.5 With Your Consent

Atrium may share personal information for other purposes with your explicit consent at the time of collection.

7.1 AI-Powered Features

Certain features within the Service use AI to process and respond to user inputs. When you use these features, relevant data — which may include personal information — is transmitted to third-party AI service providers to generate a response. By using AI-powered features, you consent to this processing.

7.2 AI Provider Standards

Atrium only engages AI service providers that are contractually bound to: (a) maintain the confidentiality of your data; (b) use your data only to provide the requested AI service; and (c) not use your data to train or improve their AI models without Atrium’s express written consent. AI providers are subprocessors subject to Section 6.1.

7.3 No Training on Identified Customer Data

Atrium will not intentionally use individually identifiable Customer Data to train proprietary AI models without first obtaining explicit written consent. Atrium may use aggregated, anonymized, or de-identified data for model improvement and platform research purposes.

7.4 AI in Development

Atrium uses AI-assisted developer tools in the building and maintenance of the platform. These tools do not process production Customer Data and operate under Atrium’s internal security and confidentiality policies.

8.1 Types of Tracking Technologies

• Essential cookies: Required for the platform to function. These include session cookies that keep you logged in and security cookies that protect against cross-site request forgery. These cannot be disabled without impairing Service functionality.
• Analytics cookies and tools: Atrium uses third-party analytics services such as Google Analytics or similar tools to understand how users interact with the platform. These tools collect usage data including pages viewed, session duration, and navigation paths. Analytics data is used in aggregate form to improve the platform.
• Advertising and tracking pixels: When advertising is served through third-party ad networks, those networks may deploy tracking pixels or cookies within the Service to measure ad delivery and performance. These technologies are subject to each network’s own privacy practices.

8.2 Managing Cookies

You can manage cookie preferences through your browser settings. Note that disabling essential cookies will impair your ability to use the Service. For analytics and advertising cookies, you may also opt out through:

• Google Analytics opt-out: tools.google.com/dlpage/gaoptout
• Network Advertising Initiative: optout.networkadvertising.org
• Digital Advertising Alliance: optout.aboutads.info

Atrium will honor Global Privacy Control (GPC) signals as a valid opt-out of the use of personal information for advertising purposes where required by applicable law.

10.1 Security Measures

Atrium implements and maintains commercially reasonable technical and organizational security measures designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. These measures include encryption of data in transit and at rest, access controls, authentication requirements, and regular security assessments. No security system is impenetrable and Atrium cannot guarantee absolute security of information transmitted to or stored within the Service.

10.2 Your Responsibilities

You are responsible for maintaining the security of your account credentials and for all activity that occurs under your account. Use a strong, unique password, enable any available multi-factor authentication, and notify Atrium immediately at privacy@atriumcms.com if you suspect unauthorized access.

10.3 Breach Notification

In the event of a data breach that creates a material risk of harm to affected individuals, Atrium will:

• Notify affected account holders within thirty (30) days of Atrium’s determination that a qualifying breach has occurred, subject to any delay required by law enforcement;
• Include in the notification: a description of the breach, the categories of data affected, the steps Atrium has taken, and recommended steps for affected individuals;
• Notify applicable regulatory authorities as required by law, including the Florida Department of Legal Affairs where required under Florida Statute Section 501.171.

12.1 Categories of Personal Information Collected

In the preceding twelve (12) months, Atrium has collected:

• Identifiers (name, email address, IP address, account ID);
• Customer records (contact information, community and property details);
• Internet or other electronic network activity (usage data, log data);
• Geolocation data (city and region level, inferred from IP address);
• Professional or employment-related information (role within the community association).

12.2 Your California Rights

• Know: Request disclosure of personal information collected about you, its sources, and how it is used;
• Delete: Request deletion of personal information, subject to certain exceptions;
• Correct: Request correction of inaccurate personal information;
• Opt-Out of Sale or Sharing: Atrium does not sell personal information. To opt out of any sharing for advertising purposes, contact privacy@atriumcms.com or enable a Global Privacy Control (GPC) signal in your browser;
• Limit Sensitive PI: Request that Atrium limit use of sensitive personal information to purposes permitted by law;
• Non-Discrimination: Atrium will not discriminate against you for exercising your California privacy rights.

12.3 Do Not Sell or Share

Atrium does not sell personal information as defined under the CCPA. Atrium does not share personal information with third parties for cross-context behavioral advertising of individual users. The use of third-party ad networks with contextual or aggregated signals as described in Section 5 does not constitute a sale or sharing of personal information under Atrium’s interpretation of applicable law.