Information Security and Compliance
Atomic is purpose built for organizations with the strictest data security and privacy requirements. Many of our customers are in the heavily regulated financial services and healthcare sectors and we maintain independent attestation in SOC2 and HIPAA to provide you assurance of our reliable, robust processes and systems.
Our Security Promise
We take data integrity and security very seriously. Due to the nature of the product and service we provide, it is important that we acknowledge our responsibilities both as data controller as well as a data processor. We store and process your data and that of your customers with care and help you be compliant so that you can continue to build trust while enhancing customer experiences.
SOC 2 Compliant
Systems and Organization Controls 2 (SOC 2) is a reporting system put forth by the American Institute of Certified Public Accountants (AICPA). Auditing is independently undertaken by a CPA against a number of trusted service criteria (TSC). Atomic has been attested for security, availability and confidentiality. Please contact us to request a copy of our latest SOC 2 report.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement the requirements of HIPAA. Atomic has been attested for the Security Rule. Please contact us to request a copy of our latest HIPAA report.
Atomic is purpose built for organisations with the strictest data security and privacy requirements.
Single tenant data and storage isolation
Modern APIs for managing and deleting data
SSO, MFA, fine-grained User and API roles
Encryption in transit and at rest
Audit history of card data, customer and staff interactions
Externally code-reviewed, pen-tested and benchmarked
Support for data types that never get stored in our platform
You own and direct the handling of your customer data
Independently SOC 2 and HIPAA attested