Atana was created with data security and privacy in mind. As former medical researchers working with highly sensitive patient data, we know firsthand that your data rights are paramount.

The first question that everyone asks when evaluating whether to use a new product, is whether it guarantees that none of the information they share could be used without their permission.

We use Plaid to securely connect to more than 15,000 financial institutions, including banks and credit card companies. When you register to use Atana as your medical bill advocate, you will be asked to enter your online banking credentials. These credentials are never stored by our system. Your credentials are sent through Plaid to your bank or credit card provider. Plaid then sends back an encrypted token to us.

This token provides read-only access to your transaction data. We cannot move money or make any changes to your account. You can revoke our read-only access token at any time.

The rest of our data is stored securely on Amazon Web Services (AWS) which is trusted by Fortune 500 companies, banks, FINRA, and other highly regulated institutions.

We use bank level security for our website and all server-side databases. If you sign up to get notifications via SMS, we will require you to set up two-factor authentication when you register. We will require you to confirm your identity using 2FA for any sign-in using a new device, or if your security token has expired. For users who sign up using their Google account, we rely on Google's implementation of the OAuth protocol to ensure secure sign-in.

If you have any questions regarding the security of your data, please reach out to us at