Security & Compliance

We hold the data that catches the threat.

A detection and response platform only works if you trust it with sensitive signal. Here's exactly how Atomburst handles, protects, and retains your data — and where we are on formal compliance.

NoteThis page outlines how we handle and protect your data. Items marked Coming soon are being finalised and will be confirmed here shortly — we'd rather say "coming soon" than imply something we haven't earned.
Data handling

How your data is protected.

The defaults below reflect how a cloud-native, multi-tenant platform should treat customer signal. Confirm each against production before relying on it.

01 · In transit

Encrypted on the wire

All traffic between your endpoints, browsers, identity sources, and Atomburst is encrypted in transit using TLS. Version & cipher details coming soon

02 · At rest

Encrypted in storage

Stored data is encrypted at rest. Key-management details coming soon

03 · Tenancy

Logical isolation per tenant

Multi-tenant by design, with each client's data logically separated so one tenant can never read another's. Isolation model details coming soon

04 · Access control

Least privilege, audited

Role-based access, MFA for internal access, and audit logging on administrative actions. Full details coming soon

05 · Residency

Where your data lives

Hosting region and EU/UK data-residency options. Coming soon

06 · Retention

Kept only as long as useful

Telemetry and event data is retained for a configurable window, then deleted. Exact window coming soon

Compliance status

Where we are — stated plainly.

We publish status, not aspiration dressed as fact. "In progress" means underway and not yet certified.

SOC 2 Type II
Independent audit of security, availability, and confidentiality controls.
Coming soon
ISO/IEC 27001
Information security management system certification.
Coming soon
GDPR
EU data protection — DPA available, data subject request process.
Coming soon
Subprocessors
Current list of third parties that may process customer data.
List coming soon
Responsible disclosure

Found something? Tell us.

If you believe you've found a security vulnerability in any Atomburst or NSCA product, we want to hear from you. Report it privately and give us reasonable time to remediate before any public disclosure. We won't pursue legal action against good-faith research that respects user privacy and avoids service disruption.

Report to [email protected]. PGP key coming soon