This public page is an overview of Atlariem's data-processing terms and operating posture. If your organization needs a signed DPA, custom procurement language, or jurisdiction-specific clauses, contact hello@atlariem.info.
The customer decides what personal data is entered into Atlariem and why it is used.
Atlariem stores and handles customer workspace data to provide the service.
Names, work emails, roles, ownership records, activity, and verification history.
Customers can export core workspace data and request deletion or DPA support.
Parties and roles
For most Atlariem workspaces, the customer is the data controller because the customer decides what information is entered into Atlariem and why that information is used.
Atlariem is usually the data processor because Atlariem stores, hosts, and handles that information on the customer's behalf to provide the service.
Under GDPR and UK GDPR, a controller generally needs a binding processor agreement when another company processes personal data for it. This page describes the baseline processing terms Atlariem expects to support for customer workspaces.
Customer instructions
Atlariem processes customer personal data only to provide, secure, maintain, support, and improve the Atlariem service, and according to the customer's lawful instructions. The customer remains responsible for deciding what information it adds to Atlariem and for ensuring it has a lawful basis to use that information.
Categories of personal data
Atlariem is mostly used for business and operational records, but some of that information can identify people. Customers may enter:
Processing purposes
Atlariem processes customer data to provide the digital-operations registry and related workflows.
| Purpose | Examples |
|---|---|
| Registry operations | Assets, vendors, people, departments, owners, admins, and criticality fields. |
| Operational workflows | Renewals, cancellation windows, warnings, verification dates, offboarding, and handoffs. |
| Dependency mapping | Relationships between systems, vendors, owners, credentials, and business functions. |
| Workspace administration | Authentication, permissions, invitations, account roles, support, and security monitoring. |
Retention
Customer data is generally retained while the customer workspace remains active. After termination, deletion, or account closure, Atlariem will delete or return customer personal data according to the customer's instructions and any agreed retention period, unless Atlariem must retain limited information for legal, security, billing, or dispute-resolution purposes.
Security responsibilities
Atlariem uses technical and organizational measures designed to protect customer personal data. The current public security posture is maintained on the Security & Trust page.
- Access controls and workspace isolation
- Encryption in transit
- Backups and incident-response procedures
- Least-privilege access practices
- Employee or contractor confidentiality expectations
- Logging and security monitoring appropriate to the service stage
The customer is responsible for managing its users, permissions, authentication choices, exports, and the accuracy of data entered into the workspace.
Subprocessors
Atlariem may use subprocessors to host, deliver, monitor, support, or bill for the service. These may include cloud hosting, database, email-delivery, monitoring, analytics, payment, support, and infrastructure providers.
Atlariem will use commercially reasonable efforts to choose subprocessors that can protect customer data appropriately and will remain responsible for subprocessors' processing of customer personal data where required by applicable data-protection law.
The current subprocessor list is published on the Security & Trust page.
Security incidents
If Atlariem becomes aware of a security incident that affects customer personal data, Atlariem will notify affected customers without undue delay after confirming the incident, consistent with applicable law and operational needs.
Atlariem will provide available information to help the customer meet its own legal obligations, including the nature of the incident, affected data categories where known, mitigation steps, and recommended customer actions.
Data-subject requests
If a person requests access to, correction of, deletion of, or restriction of their personal data, the customer is usually responsible for responding as controller. Atlariem will provide reasonable assistance when the request relates to personal data processed in Atlariem and the customer cannot reasonably complete the request through the product or exports.
Return and deletion
At the end of the customer relationship, the customer may request return or deletion of customer personal data, subject to technical feasibility, legal obligations, backup cycles, and any agreed retention period. Atlariem may retain limited records where required for security, legal, billing, or compliance purposes.
International transfers
Customer data may be processed in countries where Atlariem or its subprocessors operate. Where GDPR, UK GDPR, or similar laws require transfer safeguards, Atlariem will use appropriate legal mechanisms such as adequacy decisions, standard contractual clauses, or equivalent safeguards where applicable.
Audits and compliance evidence
Atlariem will provide reasonable documentation about its security, privacy, subprocessors, and data-handling practices on request. Audits must be reasonable in scope, protect Atlariem's systems and other customers' information, and avoid disrupting the service.
Atlariem may satisfy audit requests through written responses, security documentation, subprocessor lists, architecture summaries, or other appropriate evidence.
Need a signed DPA?
Send security, privacy, or procurement requirements to hello@atlariem.info. We will respond with what Atlariem can support today and what requires custom review.