Atlast Request a demo

Security Overview

Security and Data Protection at Atlast

Security isn’t a feature. It’s part of how we build.

Security and data protection are embedded in how Atlast designs, builds, and operates its platform. Atlast applies appropriate technical and organizational measures to protect personal data and continuously reviews its controls as the platform evolves, in line with applicable data protection laws, including the General Data Protection Regulation (GDPR).

This page provides a high-level overview of how Atlast protects customer and candidate data. Detailed information is available in our Privacy Policy, Data Processing Agreement, and Trust & Data documentation.

Roles and Responsibilities Under Data Protection Law

For most customers, Atlast acts as a data processor, processing personal data on behalf of its customers, who act as data controllers, in accordance with Article 28 GDPR.

Atlast processes personal data solely on documented instructions from its customers and only for the purposes of providing and improving the Atlast services.

Access Controls and Confidentiality

  • Access to the Atlast platform is role-based and granted strictly on a need-to-know basis
  • Internal access to production systems is restricted to authorized personnel
  • Authentication and access activity are logged and monitored
  • All personnel with access to personal data are subject to confidentiality obligations

Data Protection and Security Measures

Atlast implements appropriate technical and organizational measures designed to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit using industry-standard protocols
  • Secure cloud infrastructure with logical access controls
  • Limitation of access to customer and candidate data to what is necessary to provide the service

These measures are regularly reviewed and improved as part of Atlast’s security and risk management practices.

Infrastructure and Monitoring

  • Atlast operates on established cloud infrastructure providers
  • Systems are monitored for availability, performance, and errors
  • Logging and alerting mechanisms support early detection of incidents and operational issues

Incident Response and Personal Data Breaches

  • Security incidents are handled according to internal response procedures
  • In the event of a personal data breach, Atlast will notify affected customers without undue delay and in accordance with applicable data protection laws, enabling customers to meet their own regulatory obligations under Articles 33 and 34 GDPR where applicable
  • We continuously review incidents to improve our controls

Data Subject Rights

Atlast supports its customers in responding to data subject rights requests, including requests for access, rectification, erasure, restriction, objection, and portability, in accordance with applicable data protection laws and the terms of the Data Processing Agreement.

Working with Trusted Partners and Subprocessors

Atlast carefully selects third-party service providers and subprocessors and requires them to meet appropriate security and data protection standards.

Where Atlast engages subprocessors to process personal data, it does so in accordance with Article 28 GDPR.

An up-to-date list of authorized subprocessors is available on our Trust & Data page.

International Data Transfers

Where personal data is transferred outside the European Economic Area, Atlast ensures that appropriate safeguards are in place in accordance with GDPR requirements, such as standard contractual clauses or other approved transfer mechanisms.

Always Improving

Security and data protection are not static. As Atlast grows, our security and compliance practices evolve with it to meet customer expectations and regulatory requirements.

Additional security and data protection information can be shared with customers where reasonably required.

Questions?

If you’d like to learn more about security and data protection at Atlast, reach out to us at: privacyandsecurity [at] this domain