Privacy Policy
Last updated: April 12, 2026 · Version 1.1
1. Introduction
Atlas CME is a continuing medical education (CME) tracking tool operated by a physician and is a registered DBA of Doehrman MD, LLC. We built Atlas CME to help physicians, physician assistants, nurse practitioners, and other healthcare providers organize and track their CME activities in one place.
This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have over your data. We've written it in plain English because we believe you deserve to understand how your information is handled — not just that you've agreed to a document you can't parse.
By using Atlas CME, you agree to the practices described in this policy. If you have questions, reach us through our contact page.
2. Information We Collect
Account Information
When you create an account or complete onboarding, we collect:
- Your name and email address
- Your professional role (physician, PA, NP, etc.) and specialty
- License states and renewal dates
- Board certification status
- Alternate email addresses you provide for certificate forwarding
CME Certificate Data
When you upload or forward CME certificates, we collect and store:
- The certificate file itself (PDF or image)
- Extracted data including activity title, completion date, issuing organization, and credit hours
- The raw text extracted from the document during AI processing
- Category assignments and credit breakdowns
- AI confidence scores for each extraction
Usage Data
We collect standard technical information about how you use the app, including pages visited, features used, and timestamps. This helps us understand what's working and what needs improvement. We do not build advertising profiles from your CME data or sell this data. However, anonymized browsing behavior — such as page visits, registration, and subscription events — may be shared with advertising partners when you grant cookie consent, as described in Section 6.
Payment Information
Payments are processed by Stripe. We do not store your credit card number, expiration date, or security code — those go directly to Stripe and never touch our servers. We retain only what Stripe returns to us: your subscription status, plan level, and a tokenized customer ID.
3. How We Use Your Information
We use the information we collect to:
- Provide and operate the Atlas CME tracking service
- Extract and organize CME data from certificates you submit
- Calculate your progress against state board and organization requirements
- Generate CME Activity Reports when you request them
- Send transactional emails (certificate confirmation, quarterly summaries, renewal reminders)
- Authenticate you securely when you sign in
- Respond to your support requests
- Improve the service based on how it's used
We do not sell your personal data or build advertising profiles from your CME certificate content. With your cookie consent, anonymized usage data may be shared with advertising partners for ad measurement and optimization, as described in Section 6.
4. AI Processing
Atlas CME uses Anthropic's Claude AI to automatically extract information from CME certificates you upload or forward via email. When you submit a certificate, its content — including the text and images in the document — is transmitted to Anthropic's API for processing.
A few important things to know about this:
- We do not use your certificate data to train AI models.Data submitted to Anthropic's API for processing is not used to train their models, per Anthropic's API usage policy.
- Data is transmitted securely over encrypted connections and is not retained by Anthropic beyond the processing session.
- AI extraction results may contain errors. You are responsible for reviewing extracted data before confirming it in your record.
Anthropic's privacy practices are governed by their own privacy policy, available at anthropic.com/privacy.
5. Data Sharing
We do not sell your data
Your personal information, CME records, and certificates are never sold to third parties, data brokers, or advertisers.
Service providers
We share data with a small number of trusted service providers who help us operate Atlas CME:
- Clerk — handles authentication and account management
- Supabase — stores your data and files in a PostgreSQL database hosted on AWS
- Anthropic — processes certificate content for AI extraction (see Section 4)
- Resend — sends transactional emails on our behalf
- Stripe — processes payments (they never share your card data with us)
- Vercel — hosts the Atlas CME application
- Meta Platforms, Inc. — advertising measurement and optimization, only after you accept our cookie consent banner (see Section 6)
Each provider is bound by their own privacy practices and applicable data processing agreements. We choose providers that take data security seriously.
Organization administrators
If you join an organization on Atlas CME (such as a hospital group or employer), that organization's administrators can see your compliance status — specifically, how many verified hours you've completed versus what's required. They cannot view your individual certificate files, activity titles, or detailed record unless you choose to share them directly.
Legal requirements
We may disclose information if required to do so by law or in response to a valid legal process, or to protect the rights, property, or safety of Atlas CME, our users, or the public.
6. Cookies and Tracking Technologies
Atlas CME uses a cookie consent banner when you first visit the site. No tracking or advertising cookies are set until you accept.
When you accept, we load the Meta Pixel — a tracking technology provided by Meta Platforms, Inc. — to measure the effectiveness of our advertising and optimize ad delivery. The Meta Pixel collects:
- Pages you visit on Atlas CME
- Actions you take, such as completing registration or subscribing to a plan
- Browser and device information
- Your IP address
This information is transmitted to Meta and governed by Meta's Data Policy, available at facebook.com/privacy/policy.
Specifically, when you complete certain conversion events — registration and subscription — we share those events with Meta so it can measure and optimize ad performance. These events are only shared after you have granted cookie consent.
Meta is currently our only advertising partner. We may add additional advertising and analytics partners in the future; if we do, we will update this policy and the cookie consent banner accordingly.
You can withdraw your consent at any time by clearing your browser cookies for Atlas CME or by adjusting your browser settings to block cookies. Most browsers also offer controls for blocking third-party cookies and a “Do Not Track” setting.
7. Data Storage and Security
Your data is stored in Supabase, a managed PostgreSQL database platform that runs on AWS infrastructure in the United States. Data at rest is encrypted using AES-256. Data in transit is encrypted using TLS.
Certificate files (PDFs and images) are stored in Supabase Storage with access controls that prevent other users from accessing your files. Authentication is handled by Clerk, which provides secure session management, multi-factor authentication, and OAuth integrations.
No security system is perfect. We take reasonable precautions but cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately.
8. Your Rights
You have the following rights with respect to your data:
- Access — You can view all of your CME records, certificates, and account information from within the Atlas CME dashboard at any time.
- Export — You can generate a CME Activity Report from the Reports page, which includes your full activity history.
- Correction — You can edit certificate data, update your profile, and correct any inaccuracies directly in the app.
- Deletion — You can delete individual certificates from your record. To delete your entire account and all associated data, contact us and we will process your request within 30 days.
If you are a resident of California or the European Union, you may have additional rights under applicable law. Contact us and we will respond to any such request.
9. HIPAA Notice
Atlas CME is not a HIPAA covered entity and is not a business associate of any covered entity. CME certificates are professional credentials documenting your own continuing education — they are not protected health information (PHI) under HIPAA.
That said, we treat your data with the same care and confidentiality we'd want for our own. Certificate data and personal information are accessible only to you, our technical infrastructure team, and (in limited form) any organization administrators you're connected to as described in Section 5.
10. Children's Privacy
Atlas CME is intended exclusively for licensed medical professionals and is not directed at anyone under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has created an account, please contact us and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes — meaning changes that meaningfully affect how we collect or use your data — we will notify you by email at least 14 days before the changes take effect. The updated policy will also be posted at atlascme.com/privacywith a new “Last updated” date.
Continued use of Atlas CME after the effective date of any changes constitutes your acceptance of the updated policy.
12. Contact
If you have questions about this Privacy Policy, want to exercise your data rights, or need to report a privacy concern, please contact us:
- Contact form
- Website: atlascme.com
Also see our Terms of Service for additional information about your responsibilities and our limitations.