Introduction
Rehab-Atlas ("we," "us," or "our") operates the website www.rehab-atlas.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our platform or use our services.
We understand that seeking rehabilitation services is deeply personal. Protecting your privacy is not merely a legal obligation — it is central to our mission.
Effective Date: March 2026 Last Updated: March 2026
Information We Collect
Information You Provide Directly
- Inquiry Forms: Name, email address, phone number (optional), description of treatment needs, urgency level, and preferred contact method.
- Assessment Tool: Responses to our treatment-matching questionnaire, including substance use history, treatment preferences, budget range, and location preferences. No diagnosis is made.
- Account Registration: Email address, password (hashed and salted — never stored in plain text), and display name.
- Partner Applications: Center name, contact person, business email, website URL, and a brief description of services.
- Contact Forms: Name, email, and message content.
Information Collected Automatically
- Analytics Data: When you consent to cookies, we may collect page views, session duration, and referral source via Google Analytics 4 and Meta Pixel. These tools use anonymised identifiers — we do not track you across other websites.
- Device Information: Browser type, operating system, screen resolution, and language preference — used solely to optimise the user experience.
- IP Address: Used for approximate geolocation (country-level only) to suggest relevant rehabilitation centers. We do not store your precise location.
Information We Do NOT Collect
- Medical records, diagnoses, or clinical data.
- Government-issued identification numbers.
- Financial information (payment card details, bank accounts).
- Biometric data.
How We Use Your Information
| Purpose | Legal Basis |
|---|---|
| Match you with rehabilitation centers | Legitimate interest / Consent |
| Forward your inquiry to selected centers (admin-reviewed) | Consent |
| Send email confirmations and status updates | Contract performance |
| Improve our platform and user experience | Legitimate interest |
| Prevent fraud and ensure security | Legitimate interest |
| Comply with legal obligations | Legal obligation |
We never sell your personal data. We do not share your information with third parties for their marketing purposes.
How We Share Your Information
Your information is shared only when necessary and always under strict controls:
- Rehabilitation Centers: When you submit an inquiry, our admin team reviews it before forwarding relevant details (name, email, phone, and concern) to the selected center. Centers receive only the information needed to contact you.
- Service Providers: We use Supabase (database hosting), Vercel (website hosting), and Resend (transactional email). These providers process data on our behalf under contractual obligations.
- Legal Requirements: We may disclose information if required by law, regulation, or valid legal process.
Data Security
We implement industry-standard security measures:
- Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3 (HTTPS).
- Encryption at Rest: Database records are encrypted using AES-256.
- Access Control: Administrative access requires multi-factor authentication. Service role credentials are stored as environment variables — never in source code.
- Input Validation: All user inputs are validated and sanitised to prevent injection attacks.
- Rate Limiting: API endpoints are rate-limited to prevent abuse.
- Regular Audits: We conduct periodic security reviews of our codebase and infrastructure.
Data Retention
- Inquiries and Leads: Retained for 24 months, then anonymised or deleted.
- Assessment Responses: Retained for 12 months. Session data is cleared after 30 days.
- Account Data: Retained until you request deletion.
- Analytics Data: Anonymised and aggregated after 14 months (Google Analytics default).
- Server Logs: Retained for 30 days for security and debugging purposes.
You may request deletion of your data at any time by contacting us at info@rehab-atlas.com.
Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Delete your personal data ("right to be forgotten").
- Restrict or object to certain processing activities.
- Data Portability — receive your data in a structured, machine-readable format.
- Withdraw Consent at any time, without affecting the lawfulness of prior processing.
To exercise any of these rights, email us at info@rehab-atlas.com. We will respond within 30 days.
Cookies
We use cookies only when you provide explicit consent via our cookie banner:
- Essential Cookies: Authentication session management. These are necessary for the platform to function.
- Analytics Cookies: Google Analytics 4 and Meta Pixel — activated only after consent.
- No Third-Party Advertising Cookies.
You can withdraw cookie consent at any time by clearing your browser cookies.
International Data Transfers
Our servers are located in the United States (Vercel) and Singapore (Supabase). If you access our platform from outside these regions, your data may be transferred internationally. We ensure adequate safeguards are in place through standard contractual clauses and provider certifications.
Children's Privacy
Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal data, please contact us immediately at info@rehab-atlas.com.
Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via a notice on our website. Your continued use of the platform after changes are posted constitutes acceptance of the revised policy.
Contact Us
If you have questions or concerns about this Privacy Policy or our data practices:
Email: info@rehab-atlas.com Website: www.rehab-atlas.com/contact
Rehab-Atlas is committed to transparency. If anything in this policy is unclear, please do not hesitate to reach out.