Security and Compliance

At Atrium, we understand that the data you entrust to us is at the heart of your business.

Last Updated on August, 25, 2025

The security, privacy, and compliance of this data are not just features; they are the foundation of our platform and our relationship with you. Our commitment is to provide you with a robust and reliable environment so you can focus on what matters most: your customers.

Regulatory Compliance

GDPR Commitment (General Data Protection Regulation)

As a French company, Atrium Technologies SAS is committed to fully complying with the GDPR, the world's most stringent data protection standard.


Your Role and Ours: When you use Atrium, you are the "Data Controller" of your customer data. Atrium acts as your "Processor," handling the data on your behalf and according to your instructions.


Hosting in Europe: All our clients' data and their application infrastructure are hosted exclusively within the European Union, with cloud providers recognized for their high level of security (Scaleway in France). This ensures that your data remains protected under European laws.


Rights of Data Subjects: Our platform provides you with the tools to respond to requests from your own customers (right of access, rectification, erasure, portability).


Data Processing Agreement (DPA): We provide all our clients with a Data Processing Agreement that formalizes our respective commitments and responsibilities regarding the GDPR.

GDPR Commitment (General Data Protection Regulation)

As a French company, Atrium Technologies SAS is committed to fully complying with the GDPR, the world's most stringent data protection standard.


Your Role and Ours: When you use Atrium, you are the "Data Controller" of your customer data. Atrium acts as your "Processor," handling the data on your behalf and according to your instructions.


Hosting in Europe: All our clients' data and their application infrastructure are hosted exclusively within the European Union, with cloud providers recognized for their high level of security (Scaleway in France). This ensures that your data remains protected under European laws.


Rights of Data Subjects: Our platform provides you with the tools to respond to requests from your own customers (right of access, rectification, erasure, portability).


Data Processing Agreement (DPA): We provide all our clients with a Data Processing Agreement that formalizes our respective commitments and responsibilities regarding the GDPR.

GDPR Commitment (General Data Protection Regulation)

As a French company, Atrium Technologies SAS is committed to fully complying with the GDPR, the world's most stringent data protection standard.


Your Role and Ours: When you use Atrium, you are the "Data Controller" of your customer data. Atrium acts as your "Processor," handling the data on your behalf and according to your instructions.


Hosting in Europe: All our clients' data and their application infrastructure are hosted exclusively within the European Union, with cloud providers recognized for their high level of security (Scaleway in France). This ensures that your data remains protected under European laws.


Rights of Data Subjects: Our platform provides you with the tools to respond to requests from your own customers (right of access, rectification, erasure, portability).


Data Processing Agreement (DPA): We provide all our clients with a Data Processing Agreement that formalizes our respective commitments and responsibilities regarding the GDPR.

Data Security

Protecting your data is our top priority. We have implemented a defense-in-depth strategy.

End-to-End Encryption


Data in Transit: All communications between your browser and our servers, as well as between our internal services, are encrypted using the TLS 1.2 protocol or higher.


Data at Rest: All your data, including databases and backups, is encrypted at rest using the AES-256 algorithm, a military-grade standard.


Strict Data Isolation


Each Atrium client benefits from a logically isolated data environment. Your data is never mixed with that of another client. Additionally, our AI Mitra is designed to ensure this isolation: the learnings and models generated from your data are private, unique, and dedicated solely to your workspace.

End-to-End Encryption


Data in Transit: All communications between your browser and our servers, as well as between our internal services, are encrypted using the TLS 1.2 protocol or higher.


Data at Rest: All your data, including databases and backups, is encrypted at rest using the AES-256 algorithm, a military-grade standard.


Strict Data Isolation


Each Atrium client benefits from a logically isolated data environment. Your data is never mixed with that of another client. Additionally, our AI Mitra is designed to ensure this isolation: the learnings and models generated from your data are private, unique, and dedicated solely to your workspace.

End-to-End Encryption


Data in Transit: All communications between your browser and our servers, as well as between our internal services, are encrypted using the TLS 1.2 protocol or higher.


Data at Rest: All your data, including databases and backups, is encrypted at rest using the AES-256 algorithm, a military-grade standard.


Strict Data Isolation


Each Atrium client benefits from a logically isolated data environment. Your data is never mixed with that of another client. Additionally, our AI Mitra is designed to ensure this isolation: the learnings and models generated from your data are private, unique, and dedicated solely to your workspace.

Platform and Infrastructure Security

Secure Development

Our software development cycle incorporates best security practices (Secure SDLC). We follow the OWASP Top 10 recommendations to prevent the most common vulnerabilities, conduct systematic code reviews, and analyze our dependencies to identify potential flaws.


Robust Cloud Infrastructure

We rely on leading cloud partners (Scaleway, Neon DB) that are certified according to recognized international security standards (ISO 27001, SOC 2, etc.). Their physical infrastructure is protected 24/7, and our servers are safeguarded by firewalls and intrusion prevention systems.


Availability and Resilience

We perform automatic and regular backups of your data. Our infrastructure is designed to be redundant, minimizing the risk of service interruption and ensuring high availability of the platform.

Secure Development

Our software development cycle incorporates best security practices (Secure SDLC). We follow the OWASP Top 10 recommendations to prevent the most common vulnerabilities, conduct systematic code reviews, and analyze our dependencies to identify potential flaws.


Robust Cloud Infrastructure

We rely on leading cloud partners (Scaleway, Neon DB) that are certified according to recognized international security standards (ISO 27001, SOC 2, etc.). Their physical infrastructure is protected 24/7, and our servers are safeguarded by firewalls and intrusion prevention systems.


Availability and Resilience

We perform automatic and regular backups of your data. Our infrastructure is designed to be redundant, minimizing the risk of service interruption and ensuring high availability of the platform.

Secure Development

Our software development cycle incorporates best security practices (Secure SDLC). We follow the OWASP Top 10 recommendations to prevent the most common vulnerabilities, conduct systematic code reviews, and analyze our dependencies to identify potential flaws.


Robust Cloud Infrastructure

We rely on leading cloud partners (Scaleway, Neon DB) that are certified according to recognized international security standards (ISO 27001, SOC 2, etc.). Their physical infrastructure is protected 24/7, and our servers are safeguarded by firewalls and intrusion prevention systems.


Availability and Resilience

We perform automatic and regular backups of your data. Our infrastructure is designed to be redundant, minimizing the risk of service interruption and ensuring high availability of the platform.

Payment Security

Atrium does not store, process, or transmit any credit card information. All payments are managed by our partner Stripe, which is certified PCI DSS Level 1. This is the strictest certification level available in the payment industry. Your financial information is therefore handled with the highest degree of security possible.

Your Role in Security

Security is a shared responsibility.

We encourage you to adopt the following best practices:

  • Use a strong, unique password and manage it securely.

  • Carefully manage user permissions within your workspace.

  • Be vigilant against phishing attempts.

Report a Vulnerability

Security is a process of continuous improvement. If you believe you have discovered a security flaw in our service, we encourage you to inform us responsibly.

Please contact us at the following email address: contact@atriumcrm.com

We are committed to addressing your report promptly and confidentially.

Contact Us

Any questions? Feel free to contact our team at contact@atriumcrm.com for any security and compliance needs.