Encryption
All data encrypted at rest and in transit using organization-specific keys.
Data Isolation
Strictly partitioned by organization with no cross-org access.
Access Control
OAuth 2.0 + MFA authentication, hashed API keys, least privilege.
Data Architecture
Each organization’s data is encrypted with a unique key. Data cannot be fetched without the matching organization key. Every data request is authenticated against the requesting organization’s encryption key. Without a matching key, data is inaccessible — even to Atomscale engineers. Within each organization, data is organized into separate categories:- Process data: run records and streaming process information
- Tool state: equipment and instrument status
- Metrology: characterization and measurement data
- Context: materials system labels, stored separately from raw data to protect combined IP
Data Security
Strict partitioning
Data is strictly partitioned by organization. There is zero cross-organization access or comingling.Encryption everywhere
All data is encrypted at rest and in transit using industry-standard protocols.Organization-specific keys
Data cannot be fetched without a matching organization encryption key. Each organization has a unique key.Separated storage
Raw data and labeled context (materials system) are stored in separate locations to protect combined IP.US data residency
All data is stored in US data centers for US entities.Access Controls
Authentication
Industry-standard OAuth 2.0, multi-factor authentication (MFA), and hashed API keys with secure
endpoints.
Compliance
CISO compliant. Passed multiple independent customer security audits. SOC 2 audit in process.
Vendor Management
Tight 3rd and 4th party exposure control. Security audits of all vendors used. Minimal external
dependency surface.
Infrastructure
Security-in-depth principles. Regular patching and updating. Best practices for securing all
infrastructure.
Team Security
All employees and the organization are bound by strict confidentiality agreements. Internal firewalls ensure your information stays protected.- Least privilege access: Information is only available to team members who need to know or access it.
- Confidentiality agreements: All employees are bound by comprehensive confidentiality agreements.
- Security training: All team members have completed security training and background checks.
- Internal firewalls: Customer service teams operate with internal information barriers.
Support Model
Atomscale maintains a support account within each customer organization to assist with configuration, customer setup, and continuous improvement. This account operates securely as a member of your organization.- Operates within the silo: The Atomscale support account lives inside your organization’s data boundary, subject to the same encryption and isolation as your team.
- No data leaves the silo: System configuration and data setup are performed in-place. Data is never extracted, copied, or moved outside the organizational boundary.
- Same security guarantees: The support account is governed by the same org-specific encryption key, access controls, and audit trail as all other users.
- Scoped access: Support access is limited to configuration and setup tasks, following least-privilege principles.