ATLACIS
LEGAL

Security Overview

Last updated: March 21, 2026

Atlacis processes client operational data through controlled, managed systems. We take data protection seriously and are transparent about our current security controls.

1. Infrastructure

  • Cloud hosting: the Atlacis portal is hosted on Vercel, which provides automatic TLS encryption for all connections and runs on AWS infrastructure.
  • Database: production data is stored in Neon Serverless Postgres with encrypted connections between the application and database.
  • Serverless architecture: the application runs as serverless functions with no persistent server access to compromise.

2. Data in Transit

  • All data transmitted between users and the Atlacis service is encrypted using TLS.
  • All connections between the application and the production database use encrypted channels.

3. Access Controls

  • Internal access only: the operations portal is restricted to authorized Atlacis team members. There is no client-facing login or self-service access at this time.
  • Audit logging: operational actions including case reviews, status changes, exports, and deliveries are logged with actor, action, and timestamp for accountability.
  • Artifact immutability: once client deliverables are marked as delivered, they are frozen and cannot be modified. Corrections create new artifact versions with a full audit trail.

4. Application Security

  • Payment enforcement: the system requires confirmed payment before any client data can be uploaded or processed.
  • Input validation: all uploaded data passes through a structured validation engine with blocking and warning checks before entering the review queue.
  • Data isolation: each client engagement maintains its own set of records, uploads, review batches, and delivery artifacts.

5. Incident Response

In the event of a security incident affecting client data, Atlacis will notify affected customers promptly, provide information about the nature and scope of the incident, describe the measures taken to address it, and share recommendations for customers to protect themselves.

7. Responsible Disclosure

We welcome responsible security research. If you discover a vulnerability, please report it through our Responsible Disclosure program.

Contact

  • Security: security@atlacis.com
  • General: info@atlacis.com
Book session