Atriumatrium← Back to home

Atrium Privacy Policy

Effective Date: June 11, 2026

This Privacy Policy explains how Parthenon Life, LLC, a Texas limited liability company doing business as Atrium Impact ("Atrium," "we," "us," or "our"), collects, uses, shares, and protects information in connection with the Atrium platform, including the web application at app.atriumimpact.org and the website at atriumimpact.org (together, the "Service").

By using the Service, you agree to this Privacy Policy. This Policy is incorporated into and subject to our Terms of Service.


1. Our Two Roles: Controller and Processor

Atrium handles personal information in two distinct capacities:

  • As a controller, we determine how and why we process information about our direct users and customers — for example, the account information of the administrators and users who log in, and billing information for subscriptions. This Policy describes that processing.

  • As a processor (or service provider), we handle personal information that a customer organization (a "Tenant" — such as a foundation or church) uploads about its own donors, grant applicants, and recipient or partner-organization contacts. For that information, the Tenant is the controller: the Tenant decides what to collect and why, and Atrium handles it only on the Tenant's behalf and under the Tenant's instructions. If you are a donor, applicant, or recipient contact and you have questions about how a particular foundation handles your information, please contact that foundation directly. We will assist Tenants in responding to such requests.


2. Information We Collect

2.1 Account and user information. When a User registers or is invited, we collect the User's name, email address, assigned role (administrator or basic user), and authentication credentials (passwords are stored in hashed form).

2.2 Tenant-entered records (processed on the Tenant's behalf). Tenants and their Users enter records into the Service, which may include:

  • donor names, contact information, and giving history;
  • grant applicant and recipient organization details, including contact information;
  • grant records and related notes; and
  • manually entered account balances.

We do not collect or store bank account numbers, routing numbers, or ACH credentials, and we do not access any bank accounts. Account balances are manual recordkeeping entries.

2.3 Application submissions. When an Applicant submits a grant application through the Service without an account, we collect the information they provide in the application, which they submit for routing to the relevant Tenant.

2.4 Payment information. Subscription payments are handled by our payment processor, Stripe. Stripe collects and processes payment card and billing information directly. We do not store full payment card numbers. We may receive limited billing details and transaction status from Stripe.

2.5 Communications. When we send transactional or notification emails, we use Resend, and we may retain records of the messages sent.

2.6 Limited technical information; no tracking. We do not use tracking cookies or third-party advertising or analytics trackers on the Service. We may process limited technical information that is necessary to operate and secure the Service (such as information needed to maintain a logged-in session and to protect against abuse).


3. How We Use Information

We use information to:

  • provide, operate, maintain, and secure the Service;
  • create and manage accounts and authenticate users;
  • store and display Tenant records and process grant applications;
  • generate Legacy Score advisory scores and recommendations (see Section 5);
  • process subscription billing through Stripe;
  • send transactional and notification emails through Resend, consistent with notification preferences;
  • provide customer support and respond to requests;
  • detect, prevent, and address security incidents, fraud, and abuse; and
  • comply with legal obligations and enforce our Terms.

4. How We Share Information

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising. We share information only as follows:

  • With the relevant Tenant. Application submissions and related records are made available to the Tenant foundation to which they pertain.
  • With service providers (sub-processors). We share information with the providers listed in Section 6, who process it on our behalf to deliver the Service.
  • For legal and safety reasons. We may disclose information if required by law, subpoena, or legal process, or where we believe in good faith that disclosure is necessary to protect rights, safety, or property, or to investigate fraud or abuse.
  • In a business transfer. If we are involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to this Policy.

5. AI Processing and Legacy Score

To generate Legacy Score outputs, application information is processed by the AI processing services available through Lovable Cloud. Legacy Score summarizes and scores that information against predetermined logic to produce an advisory recommendation only. It does not make grant decisions; all grant decisions are made by the Tenant. Automated outputs may contain errors and should be independently verified.


6. Sub-Processors

We rely on the following service providers, each of which processes information only as needed to provide its part of the Service:

ProviderPurpose
StripeSubscription payment processing and billing
ResendTransactional and notification email delivery
Lovable CloudHosting, database, application infrastructure, and AI processing (Legacy Score)

7. Data Retention and Deletion

We retain information for as long as a Tenant maintains an active account, and otherwise until directed to delete it. Following cancellation or termination of an account, we retain Customer Data for twelve (12) months, after which we delete it, except where we are legally required to retain it longer or where retention is necessary to resolve disputes or enforce our Terms. You may request earlier deletion as described in Section 9; for records a Tenant controls, the Tenant may direct deletion at any time.


8. Security

We use reasonable administrative, technical, and organizational measures designed to protect information, including access controls and row-level data isolation between Tenants. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security. You are responsible for keeping your credentials confidential.


9. Your Privacy Rights

Depending on where you live, you may have rights regarding your personal information. We honor the rights described below for residents of states whose laws provide them.

9.1 California residents (CCPA/CPRA). You may have the right to: know and access the categories and specific pieces of personal information we have collected; request correction of inaccurate personal information; request deletion; and opt out of the sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising. We will not discriminate against you for exercising these rights.

9.2 Texas residents (Texas Data Privacy and Security Act). You may have the right to: confirm whether we process your personal information and access it; correct inaccuracies; delete personal information; obtain a portable copy; and opt out of targeted advertising, the sale of personal information, and certain profiling. We do not engage in targeted advertising, the sale of personal information, or profiling that produces legal or similarly significant effects. If we decline a request, you may appeal by contacting legal@atriumimpact.org; if your appeal is denied, you may contact the Texas Attorney General.

9.3 Exercising your rights. To exercise your rights with respect to information for which we are the controller (such as account and billing information), contact us at legal@atriumimpact.org. We may need to verify your identity before responding. For information that a Tenant controls (such as donor, applicant, or recipient records), please contact the relevant foundation; as a processor, we will assist the Tenant in fulfilling your request.


10. Children's Privacy

The Service is intended for use by adults (18+) and is not directed to children. We do not knowingly collect personal information from children under 13. If you believe a child has provided us information, contact us at legal@atriumimpact.org and we will take appropriate steps to delete it.


11. U.S.-Based Service; International Information

The Service is operated from the United States and is intended for use by U.S.-based organizations and individuals. We do not engage directly in dealings or currency exchange with organizations outside the United States; foreign organizations may appear in the Service only as database records (for example, as potential grant recipients selectable by a Tenant). If you access the Service from outside the United States, you understand that your information will be processed in the United States.


12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide reasonable notice (for example, by email or within the Service) and update the "Effective Date" above. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.


13. Contact Us

Questions, requests, or concerns about this Privacy Policy may be directed to:

Parthenon Life, LLC (d/b/a Atrium Impact) PO Box 1110, Argyle, TX 76226 legal@atriumimpact.org

© 2026 Parthenon Life, LLC (d/b/a Atrium Impact)
Terms·Privacy·Statement of Faith