01
Data isolation
- Tenant-scoped data access
- Row-level security enforced at the database
- No cross-tenant reads
- No model training on customer data without written opt-in
Security
Security for decision records and customer data.
Atlas handles CRM, billing, support, product telemetry, evidence claims, approvals, action records, and decision traces. The product is designed around tenant isolation, encrypted secrets, role-based access, audit logs, and conservative execution.
How we build for trust.
02
Secrets and connectors
- Encrypted connector secrets
- No plaintext display of credentials anywhere in the product
- Least-privilege credentials per integration
- Revocable connector installs at any time
03
Approval and authority
- No live customer-system mutation without provenance
- Role-based approval policies
- Two-person rule where required
- Dry-run before any external action
04
Audit and recovery
- Decision ledger records every important call
- Outcome watch audit trail
- Source coverage attached to every recommendation
- Exportable audit packet
Who touches your data.
We notify customers 30 days before adding or removing a subprocessor that processes customer data.
| Provider | Purpose | Region |
|---|---|---|
VVercel | Hosting | United States · Frankfurt |
AAWS | Storage, KMS, Postgres | us-east-1 |
WWorkOS | Identity, SSO, audit logs | United States |
AAnthropic | LLM inference | United States |
SSentry | Error tracking · PII redacted | United States |
RResend | Transactional email | United States |
What we are not claiming
Honest about the limits.
01No SOC 2 Type II claim without a current certificate in hand.
02No ISO 27001 claim without a current certificate in hand.
03No penetration-test claim without a reviewed report.
04No autonomous customer-facing execution during pilots.
Found something?
Email security@nooterra.ai with a clear reproduction. We acknowledge within one business day, triage within three, and disclose on a 90-day window unless the bug is critical.
No public bounty program yet. Material findings paid case by case.