Your Infrastructure.
Your Rules.

Both. AtlasAI is available as a managed cloud service (United States by default; EU, UK, and Canada available on enterprise plans) and as a self-hosted deployment inside your firm’s own Microsoft Azure tenant. The architecture, encryption profile, audit logging, and compliance roadmap are identical across both models — the difference is who operates the infrastructure. We do not offer multi-cloud or shared-compute deployments.

Customer data means everything you upload (documents, contracts, deal rooms, knowledge-graph inputs) and everything you generate using the platform (prompts, AI responses, chat history, workspace artifacts). All of it is treated as Restricted under our Data Classification Policy: encrypted at rest with AES-256, encrypted in transit with TLS 1.2+, accessible only to the authorized users you designate, and logged on every access.

No. Your inputs, outputs, uploaded documents, and interaction data are never used to train, fine-tune, or improve any model — AtlasAI’s, our LLM providers’, or any third party’s. This is contractual in our Master Subscription Agreement and enforced by Zero Data Retention terms in our agreements with every approved LLM provider. If your firm wants to fine-tune a private model on its own data for its own use, that capability exists in self-hosted deployments and the model + data stay entirely inside your tenant.

All data at rest is encrypted with AES-256 (service-managed by default on the managed cloud service; customer-managed keys on enterprise plans and on self-hosted deployments). All data in transit uses TLS 1.2 or higher. Application secrets are stored in a hardware-backed secrets vault with soft-delete and purge protection; the application accesses them via managed identity, never via embedded credentials. Customer-managed key support means you can hold and rotate the root encryption keys on your own HSM and revoke our access at any time.

For the managed cloud service, the categories of sub-processors are: enterprise cloud infrastructure, in-region LLM inference, authentication, billing, and source-control / CI. Every sub-processor is bound by a Data Processing Agreement. The complete current list of named vendors is maintained in our Trust Center and available to customers and prospects under NDA; we provide at least 30 days’ notice before any material change. For self-hosted deployments there are no AtlasAI sub-processors — everything runs inside your own tenant under your existing DPAs.

Managed cloud service: the default region is the United States. Dedicated European Union, United Kingdom, and Canada regions are available on enterprise plans. LLM inference happens in the same region as the data — no cross-region traffic. Self-hosted: wherever your firm places the resource group. We support any Microsoft Azure region your subscription has access to.

All access is authenticated and authorized server-side on every request. The managed cloud service supports SAML / OIDC single sign-on, password-complexity enforcement, and multi-factor authentication. Self-hosted integrates natively with your firm’s enterprise identity provider — your existing conditional-access policies, MFA, and identity governance apply unchanged. Inside the application, tenant-scoped roles (super-admin, admin, member, viewer) gate every action, and per-matter access is configurable down to the document level.

Every security-relevant action is logged at two layers: an application audit log (sign-ins, document opens, chat queries, admin changes) and the underlying infrastructure logs (database access, object-store activity, secret-vault operations, request traffic). The managed cloud service retains both for 365 days in our centralized logging platform with customer-accessible export. Self-hosted: all logs land in your firm’s own logging platform and stream directly into your SIEM — we never need a copy.

In the managed cloud service, inference goes through an enterprise LLM endpoint in the same region as your data under contractual Zero Data Retention — no model state persists between requests, and customer queries are not visible to other tenants. In self-hosted, you can use an enterprise LLM endpoint in your own tenant or a fully private model endpoint you operate. Knowledge-graph and vector embeddings are partitioned per-tenant in both modes; customers on enterprise plans may elect a fully dedicated logical database.

AtlasAI operates on HIPAA-eligible infrastructure and offers a Business Associate Agreement (BAA) for enterprise plans. The platform’s control set is mapped to the HITRUST CSF entry tier (e1) and the relevant SOC 2 Trust Services Criteria — 66 of 68 controls are currently assessed compliant; the remaining two are physical-security controls inherited from our underlying cloud provider. Customers in healthcare-adjacent practice should request the BAA during the contract phase and walk through the Risk Register with our Security Officer.

Managed cloud service: a managed relational database with 30-day point-in-time restore, soft-delete and versioning on object storage (14 days), and soft-delete + purge protection on the secret vault. Our most recent disaster-recovery restore drill was executed against production backups on 2026-05-28; the report is available in the Trust Center. Recovery objectives are RPO 1 hour, RTO 4 hours. Self-hosted: the same baseline templates ship with the deployment; your firm tunes retention to its own standards.

Our Incident Response Policy defines SEV-1/SEV-2/SEV-3 severities and binding response SLAs (SEV-1 24/7, SEV-2 within 2 hours, SEV-3 next business day). Customers affected by an incident touching their data are notified without undue delay and no later than 72 hours after confirmation. A written post-incident review is produced for every SEV-1 and SEV-2 within 5 business days. In self-hosted, your IR team owns the response and AtlasAI provides forensic support under contract; your SIEM has full visibility from the start.

Independent third-party penetration testing happens at least annually and after any material change to the platform architecture. We also welcome customer-led penetration testing under coordinated rules of engagement. Continuous vulnerability detection runs at three layers: cloud-posture monitoring across infrastructure, dependency scanning on every pull request, and runtime threat detection on the application tier — with findings triaged against the SLAs defined in our Vulnerability Management Policy.

The full Atlas AI Security & Compliance Posture Report (live SOC 2 + HITRUST control matrix, architecture, sub-processors, incident response, audit roadmap, founder signature), plus 12 corporate policies (Information Security, Access Control, Change Management, Incident Response, BCP/DR, Vendor Management, Data Classification, Encryption, Vulnerability Management, SDLC, AUP, HR Security) and dated artifacts (Risk Register, Quarterly Access Review, DR Restore Drill Report, Workforce Training Record, Annual Security Program Review). Request access at app.atlas-ai.io/trust/request-access.

Customer data is retained for the duration of your subscription. On termination or written request, your data is deleted within 30 days of contract end. Backups containing the deleted data expire on their normal cycle (≤30 days for the database, ≤14 days for object storage) and are protected by all ordinary security controls during that window. We provide written confirmation of deletion. In self-hosted deployments, the entire stack lives inside your subscription — if you choose to walk away, you simply delete the resource group; nothing exits your tenant.