SOC 2 Type II — Audit in Progress

SOC 2 Compliance

Atomic Work is currently undergoing a SOC 2 Type II audit. While formal certification is in progress, we have strong operational controls in place today.

Audit status: In progress

We are working with an accredited third-party auditor. SOC 2 Type II certification is expected in 2026. Enterprise customers can request our current security documentation, control evidence, and a Data Processing Agreement (DPA) while the audit is underway.

Controls in place today

Access Control

  • Role-based access control — Admin, Manager, Operator
  • Firebase Authentication with industry-standard token rotation
  • Automatic session expiry and secure session handling
  • Principle of least privilege enforced across all roles

Data Protection

  • AES-256 encryption at rest via Google Cloud Firestore
  • TLS 1.3 in transit on all connections
  • Integration credentials encrypted, never exposed in exports
  • Data backups with point-in-time recovery

Audit & Monitoring

  • Audit logging on all critical operations
  • Per-user activity trail
  • Real-time run monitoring with full step history
  • Webhook delivery logs and retry tracking

Infrastructure

  • Hosted on Vercel global edge network
  • Google Cloud Firestore — enterprise-grade managed database
  • Content Security Policy + HSTS on every response
  • X-Frame-Options, X-Content-Type-Options, Referrer-Policy enforced

SOC 2 Trust Service Criteria

Security
Access controls, encryption, monitoring all implemented
In audit
Availability
Hosted on Vercel global edge with 99.9%+ uptime target
In audit
Confidentiality
AES-256 at rest, TLS 1.3 in transit, no third-party data sales
In audit
Processing Integrity
Atomic step execution with auto-retry and audit trail
In audit
Privacy
Data export and deletion available to all users today
GDPR compliant

Request security documentation

Enterprise customers can request our current security questionnaire, control evidence package, or a Data Processing Agreement (DPA).

security@theatomicwork.com

Vulnerability reporting

Found a security issue? We take all reports seriously and respond within 48 hours. Please do not publish before we have a chance to address it.

security@theatomicwork.com
Security OverviewGDPRPrivacy PolicyContact Us