
Certifications & compliance
Atomis maintains the following certifications, audited annually by independent third parties:

Security reports |
|---|
Full SOC 2 Type II report and penetration test summaries are available to Enterprise customers and prospects under NDA. Contact security@synth.ai to request. |
Data protection
Encryption at rest - AES-256 for all stored data
Encryption in transit - TLS 1.3 enforced across all connections
Database encryption - field-level encryption for sensitive research parameters
Backups encrypted and stored in separate geographic regions
Data never leaves your chosen residency region without explicit consent
Access control
SSO / SAML 2.0 - integrate with Okta, Azure AD, Google Workspace
RBAC - role-based access control with custom permission sets
MFA - enforced for all accounts, required for Enterprise
Session management - configurable timeout and device management
Audit logs - full user action logging, exportable for compliance
Atomis employees follow strict least-privilege access policies. No employee can access customer research data without explicit authorisation and audit-logged justification.
Infrastructure
Hosted on AWS — us-east-1 (default), eu-west-1 (EU), ap-southeast-1 (APAC)
Private VPC with no public database access
DDoS protection via AWS Shield Advanced
WAF deployed on all public endpoints
Air-gapped and private cloud deployment available on Enterprise
Incident response
We maintain a 24/7 security monitoring operation. In the event of a confirmed breach affecting customer data, we commit to:
Notify affected customers within 72 hours of confirmation
Provide a full incident report within 14 days
Regulatory notification where required by GDPR or applicable law
To report a suspected security incident: security@atomis.ai - monitored 24/7.

