Security & Trust
Atlas runs inside your operation. We take that responsibility seriously. Here's what that means in practice.
Every Atlas engagement is built on the same foundation: human oversight over every action, strict data boundaries between clients, encryption in transit and at rest, and a commitment to handling your operational data with the care it deserves. These aren't features. They're the baseline.
Principle 01
Atlas observes continuously. It acts only with your explicit approval. Every action that touches your operation — every record updated, every message sent, every task triggered — passes through a human review step before it executes.
This isn't a setting you can turn off. It's structural. The boundary between read-only intelligence and write-access action is hard-coded into how Atlas is built, not configurable at the client level.
As trust builds, you can expand the categories of actions Atlas handles autonomously. But that expansion happens at your pace, on your terms, with a complete audit record of every decision along the way.
Principle 02
All data moving between Atlas and your connected systems is encrypted. All data stored by Atlas is encrypted. This applies to operational data, workflow logs, and the learned preferences Atlas accumulates about your business over time.
We don't share client data across engagements. What Atlas learns about your operation stays within your engagement boundary. Period.
Principle 03
Each Atlas engagement runs in a dedicated environment. Your data, your workflows, your operational memory, and your approvals are completely isolated from every other Atlas client. There is no shared infrastructure where your operational intelligence could be accessed or inferred by another engagement.
The intelligence Atlas builds about your business belongs to you. You can request an export of everything Atlas has learned at any time. If you ever end your engagement, we provide a clean handoff of your data and wind down your environment.
Principle 04
Atlas is designed to support clients operating under regulatory requirements. We maintain complete audit logs of every action Atlas takes, every approval granted, and every decision made — with timestamps and context. This record is available to you at any time.
For clients in regulated industries — healthcare, finance, legal — we assess compliance requirements during discovery and structure the engagement accordingly. If your operation has specific requirements, we want to know about them early.
We are actively working toward SOC 2 Type II certification. If compliance posture is a decision factor for your organization, tell us during discovery and we'll walk you through our current controls.
At a Glance
Every action requires your explicit sign-off before it executes
Data protected in transit and at rest, always
Your environment is completely separate from every other client
Actively pursuing SOC 2 Type II certification
Common Questions
Your data is accessible only within your isolated environment. Atlas team members may access it for maintenance and support purposes under strict internal access controls. It is never shared with or accessible to other clients.
We provide a complete export of everything Atlas has learned and logged about your operation, and we wind down your environment within an agreed timeframe. You leave with everything Atlas built for you.
No. Read-only monitoring runs continuously, but every write action — every change to your systems — requires your explicit approval first. The audit log shows you everything Atlas has done and everything it's proposed.
We assess data sensitivity during discovery and structure Atlas's access accordingly. Atlas only connects to what it needs to do its job, and we can configure it to avoid or anonymize categories of data you designate as sensitive.
Yes. For clients that require a formal DPA — particularly those in regulated industries — we provide one as part of the engagement agreement. Ask about this during your initial conversation.
In the event of a security incident affecting your environment, we notify you immediately, contain the issue, and provide a full incident report. We treat your operational data with the same urgency you would.
We'd rather hear about it during discovery than after a contract is signed. Tell us about your compliance requirements, your data sensitivity concerns, or your internal security standards and we'll address them directly.
Start the Conversation