Privacy Policy

AtlasLogic.IO

1. What This Is

This explains what data we collect when you use Atlas Logic, why we collect it, and how we protect it. Short version: We collect only what's necessary, never sell your data, and encrypt everything.

2. Use of Artificial Intelligence (AI) and Large Language Models

Atlas Logic incorporates Artificial Intelligence ("AI") capabilities to support compliance automation, control evaluation, and recommendation generation within the platform.

Model Deployment and Processing

Atlas Logic deploys its AI models on Microsoft Azure AI Foundry. Our models are hosted within our controlled Azure environment. We do not route customer data through third-party AI aggregators or external model providers.

All AI processing occurs within Azure infrastructure under Microsoft's enterprise data protection and privacy commitments. Microsoft does not use customer data submitted to Azure AI services to train or improve underlying foundation models. For more information, please refer to Microsoft's official documentation: https://learn.microsoft.com/en-us/azure/foundry/responsible-ai/openai/data-privacy

Data Usage and Isolation

Atlas Logic enforces strict data isolation at the application layer:

  • AI prompts and context are limited to the currently active organization
  • No cross-organization data access occurs (including parent organization, child organization, and subsidiary, or unrelated organizations within the platform)
  • In-context learning (ICL) mechanisms only retrieve scoped, organization-specific data necessary to generate relevant outputs

Data Minimization Principles

We apply data minimization controls aligned with GDPR and ISO 27001:2022:

  • Only the minimum data required to generate compliance insights is processed
  • Sensitive organizational identifiers are excluded from AI training datasets

Fine-Tuning and Model Improvement Data

To improve system performance, Atlas Logic may collect limited structured data points, including:

  • control id
  • AI-generated recommendations
  • auditor notes
  • decisions
  • action text

This dataset:

  • Does not include organization names, tenant identifiers, or customer-identifiable information
  • Is used solely for internal model refinement and quality improvement
  • Is processed in accordance with strict access controls and security safeguards

Security and Confidentiality Safeguards

All AI-related data processing follows Atlas Logic's security controls, including:

  • Encryption in transit and at rest
  • Role-based access controls
  • Audit logging of AI interactions
  • Segregation of customer environments

Customer Control and Responsibility

Customers remain responsible for ensuring that data submitted into the platform complies with their internal policies and applicable regulations. Atlas Logic provides configuration controls to limit data exposure and enforce least-privilege principles.

Atlas Logic's AI architecture is designed to ensure that customer data remains isolated, confidential, and used strictly for its intended compliance purposes.

3. Information We Collect

Account Data

  • Name, email, company name (when you sign up)
  • IP address and device info (for security and login logs)

Customer Data

  • The data you input into the Service (e.g., policies, controls, audit logs)
  • This is your data — we process it only to deliver the Service

Usage Data

  • Pages visited, features used, error reports (via anonymized telemetry)
  • Helps us improve performance and fix bugs

4. How We Use It

  • To run, secure, and improve Atlas Logic
  • To respond to your support requests
  • To detect abuse or security threats
  • Never for advertising, profiling, or selling

5. Who We Share With

No third party gets your Customer Data — except as required to operate the Service (e.g., cloud hosting on AWS or Azure).

  • Subprocessors are contractually bound to our security standards.
  • We may disclose data if required by law — but we'll notify you first, unless prohibited.

6. Data Security

  • All data encrypted in transit (TLS 1.3+) and at rest (AES-256)
  • Regular penetration testing and automated vulnerability scanning
  • Access strictly limited to engineers with MFA and just-in-time privileges

7. Data Retention

  • We keep your data as long as you're an active customer
  • After cancellation, we delete it within 30 days (unless legal hold applies)
  • You can request export or deletion anytime via legal@atlaslogic.io

8. Your Rights

Depending on your location (e.g., under GDPR or CCPA), you have the right to:

  • Access, correct, or delete your personal data
  • Export your data in machine-readable format (JSON/CSV)
  • Opt out of non-essential communications

To exercise these rights, email us. We will respond within 7 days.

9. International Transfers

Our infrastructure is in the U.S. If you're outside the U.S., you consent to cross-border transfer under EU Standard Contractual Clauses (SCCs) or equivalent safeguards.

10. Children

Atlas Logic is not for anyone under 18. We don't knowingly collect their data.

11. Changes

We'll post updates here. Material changes will be notified via email or in-app banner.

12. Contact

Questions? Requests? Email our DPO: privacy@atlaslogic.io