Atlas / Security
Security & TrustEnterprise data, handled like it.
Your shipment data maps your whole supply chain. We treat it that way, with the controls your security team expects before they sign.
✓ SOC 2 Type II
✓ GDPR ready
✓ SSO & SCIM
✓ Encryption in transit & at rest
✓ Regional hosting
The basics, done right
Controls your team can verify.
Independently audited
SOC 2 Type II, with the report available under NDA. Annual third-party penetration tests, tracked to close.
Access you govern
SAML SSO, SCIM provisioning, role-based access, and a full audit log of who saw what and when.
Data residency
Choose US or EU hosting. Set retention to your policy, and export or delete on request.
Practices
The everyday discipline.
✓
Encryption everywhereTLS 1.2+ in transit, AES-256 at rest.
✓
Least-privilege accessScoped roles, short-lived credentials, full audit trail.
✓
Isolated environmentsPer-tenant separation, dedicated option on Enterprise.
✓
ResilienceMulti-AZ, automated backups, tested disaster recovery.
✓
Vulnerability managementContinuous dependency scanning and patch SLAs.
✓
Incident responseOn-call rotation, runbooks, clear notification commitments.
Sub-processors
Who touches what.
| Sub-processor | Purpose | Region |
|---|---|---|
| Amazon Web Services | Primary hosting and storage | US / EU |
| Cloudflare | CDN, DDoS protection, WAF | Global edge |
| Snowflake | Analytics warehouse | US / EU |
| Stripe | Billing and payments | US |
The complete, current list is provided in the DPA on request.