Back to home

Legal

Security

Last updated · January 2026

Program overview

Atlas Code runs a SOC 2-aligned security program covering people, code, and infrastructure. Every engineer completes security onboarding and annual refresher training.

Code & access

  • Mandatory SSO with hardware MFA on all internal systems.
  • Principle of least privilege; client repo access is time-boxed and audited.
  • Mandatory peer review and CI security scanning on every pull request.
  • Secrets stored exclusively in encrypted vaults — never in source.

Infrastructure

  • All managed infrastructure encrypted at rest (AES-256) and in transit (TLS 1.3).
  • Continuous vulnerability scanning and dependency monitoring.
  • Daily encrypted backups with quarterly restore tests.
  • 24/7 on-call with documented incident response runbooks.

Compliance

We support clients in regulated industries (fintech, health, public sector) with documentation for GDPR, CCPA, HIPAA, and PCI-DSS scope assessments. SOC 2 Type II report available under NDA.

Responsible disclosure

Found a vulnerability? Email security@atlasblue.com. We respond within one business day and credit researchers in our hall of fame.