Trust & safety
Security at Atherlink
Enterprise-grade security controls, certifications, and responsible disclosure — built into every layer of our platform.
Certifications & standards
SOC 2 Type II
Annual third-party audit covering security, availability, and confidentiality.
ISO 27001
Certified information security management system across all production environments.
GDPR
Full compliance with EU and UK GDPR. DPAs available on request.
HIPAA Ready
BAA available for healthcare customers processing ePHI via Atherlink.
How we protect your data
Encryption
TLS 1.3 for all data in transit. AES-256-GCM for data at rest. Keys managed via HSM with quarterly rotation.
Zero-trust architecture
No implicit trust between services. Every request is authenticated, authorised, and logged — regardless of network origin.
Access control
Role-based access control (RBAC) with least-privilege defaults. SSO via SAML 2.0 and OIDC. MFA enforced for all staff.
Continuous monitoring
24/7 SIEM with automated alerting. Vulnerability scans run on every deployment. Penetration tests conducted annually by independent firms.
Data isolation
Enterprise tenants run in dedicated namespaces with strict network policies. No cross-tenant data access is architecturally possible.
Disaster recovery
Multi-region active-active deployments. RPO < 1 minute, RTO < 5 minutes. Automated failover tested quarterly.
Report a vulnerability
We welcome responsible security research. If you discover a vulnerability in any Atherlink product or infrastructure, please follow the process below. We do not pursue legal action against researchers who act in good faith.
Report
Email security@atherlink.com with a clear description of the vulnerability and reproduction steps.
Acknowledge
We acknowledge receipt within 24 hours and assign a severity rating using CVSS.
Remediate
Critical issues are patched within 48 hours. High severity within 7 days. We keep you informed throughout.
Disclose
Coordinated disclosure after the fix is deployed. We credit researchers who follow responsible disclosure.
Contact our security team
For vulnerability reports and security enquiries, email security@atherlink.com