Security Overview

At Atlacis, security is foundational to how we design, build, and operate the platform. This document provides an overview of the technical and organizational measures we implement to protect Customer Data and maintain the integrity of the Service.

1. Infrastructure Security

• Cloud hosting: the Atlacis platform is hosted on enterprise-grade cloud infrastructure with geographically distributed data centers.
• Network security: all network traffic is segmented and monitored. Firewalls, intrusion detection, and DDoS mitigation are in place.
• Isolation: customer environments are logically isolated. Customer Data is separated and not commingled.

2. Data Encryption

• In transit: all data transmitted between clients and the Atlacis platform is encrypted using TLS 1.2 or higher.
• At rest: Customer Data stored in databases and object storage is encrypted using AES-256 encryption.
• Key management: encryption keys are managed using dedicated key management services with strict access controls and automatic rotation.

3. Access Controls

• Least privilege: access to production systems is restricted to authorized personnel on a need-to-know basis.
• Multi-factor authentication: MFA is required for all internal access to production environments and administrative systems.
• Role-based access: the platform supports role-based access controls (RBAC) for customers, allowing granular permission management across teams.
• Audit logging: all access to Customer Data and administrative actions are logged and retained for audit purposes.

4. Application Security

• Secure development: Atlacis follows secure development practices, including code review, static analysis, and dependency scanning.
• Vulnerability management: we conduct regular vulnerability assessments and apply patches in a timely manner.
• Penetration testing: third-party penetration tests are conducted periodically. Findings are remediated based on severity.

5. Incident Response

Atlacis maintains an incident response plan that includes identification, containment, eradication, recovery, and post-incident analysis. In the event of a security incident affecting Customer Data, Atlacis will:

• Notify affected customers without undue delay.
• Provide information about the nature and scope of the incident.
• Describe the measures taken to address the incident.
• Share recommendations for customers to protect themselves.

6. Business Continuity

• Backups: Customer Data is backed up regularly with encryption. Backups are tested periodically to ensure recoverability.
• Disaster recovery: Atlacis maintains a disaster recovery plan with defined recovery time objectives (RTO) and recovery point objectives (RPO).

7. Personnel Security

• Background checks are conducted for personnel with access to Customer Data.
• Security awareness training is provided to all employees.
• Access is revoked immediately upon role change or termination.

8. Vendor Security

Third-party vendors and subprocessors are evaluated for their security posture before engagement. Vendors with access to Customer Data are contractually required to maintain appropriate security measures. See our Subprocessors list at /legal/subprocessors.

9. Responsible Disclosure

We welcome responsible security research. If you discover a vulnerability, please report it through our Responsible Disclosure program at /legal/responsible-disclosure.

Contact