> ## Documentation Index > Fetch the complete documentation index at: https://docs.atomscale.ai/llms.txt > Use this file to discover all available pages before exploring further. # Security > Data isolation, encryption, and organizational safeguards Atomscale secures, encrypts, and completely isolates your data from other organizations using industry best practices. All data encrypted at rest and in transit using organization-specific keys. Strictly partitioned by organization with no cross-org access. OAuth 2.0 + MFA authentication, hashed API keys, least privilege. ## Data Architecture Each organization's data is encrypted with a unique key. Data cannot be fetched without the matching organization key. Every data request is authenticated against the requesting organization's encryption key. Without a matching key, data is inaccessible — even to Atomscale engineers. Within each organization, data is organized into separate categories: * **Process data**: run records and streaming process information * **Tool state**: equipment and instrument status * **Metrology**: characterization and measurement data * **Context**: materials system labels, stored separately from raw data to protect combined IP ## Data Security ### Strict partitioning Data is strictly partitioned by organization. There is zero cross-organization access or comingling. ### Encryption everywhere All data is encrypted at rest and in transit using industry-standard protocols. ### Organization-specific keys Data cannot be fetched without a matching organization encryption key. Each organization has a unique key. ### Separated storage Raw data and labeled context (materials system) are stored in separate locations to protect combined IP. ### US data residency All data is stored in US data centers for US entities. ## Access Controls Industry-standard OAuth 2.0, multi-factor authentication (MFA), and hashed API keys with secure endpoints. CISO compliant. Passed multiple independent customer security audits. SOC 2 audit in process. Tight 3rd and 4th party exposure control. Security audits of all vendors used. Minimal external dependency surface. Security-in-depth principles. Regular patching and updating. Best practices for securing all infrastructure. ## Team Security All employees and the organization are bound by strict confidentiality agreements. Internal firewalls ensure your information stays protected. * **Least privilege access**: Information is only available to team members who need to know or access it. * **Confidentiality agreements**: All employees are bound by comprehensive confidentiality agreements. * **Security training**: All team members have completed security training and background checks. * **Internal firewalls**: Customer service teams operate with internal information barriers. ## Support Model Atomscale maintains a support account within each customer organization to assist with configuration, customer setup, and continuous improvement. This account operates securely as a member of your organization. * **Operates within the silo**: The Atomscale support account lives inside your organization's data boundary, subject to the same encryption and isolation as your team. * **No data leaves the silo**: System configuration and data setup are performed in-place. Data is never extracted, copied, or moved outside the organizational boundary. * **Same security guarantees**: The support account is governed by the same org-specific encryption key, access controls, and audit trail as all other users. * **Scoped access**: Support access is limited to configuration and setup tasks, following least-privilege principles.