Security & Compliance

Enterprise Security

ATOMiK is built for environments where security is non-negotiable. Local data processing, formally verified mathematics, and no cloud dependency.

Security by Architecture

ATOMiK does not bolt security onto an existing architecture. Security is a consequence of the design itself. Delta-state algebra uses dynamic reference states — there is no static secret to steal. Deterministic latency eliminates timing side channels. No speculative execution means no Spectre-class attacks. No cache coherency protocol means no Meltdown-class attacks.

The mathematical foundation is not assumed — it is proven in 92 Lean4 theorems, machine-verified to be correct by construction. This is a level of assurance that testing alone cannot provide.

Data Handling

  • ATOMiK processes data locally — no cloud dependency. Your data never leaves your infrastructure.
  • The kernel module operates at OS level on your machines. The SDK is a local library imported into your application.
  • No telemetry phones home. No data is transmitted to ATOMiK servers during normal operation.
  • You maintain full custody of your data at all times.

Open Source Transparency

  • The core SDK is licensed under Apache 2.0 — fully auditable by your security team.
  • 92 Lean4 formal proofs verify the mathematical correctness of delta-state algebra. These are machine-checked, not hand-reviewed.
  • All source code is available on GitHub for independent security review.
  • No obfuscated binaries. No proprietary black boxes in the critical path.

Encryption & Payment Security

  • All data in transit uses TLS 1.3.
  • Stripe handles all payment data processing. ATOMiK is PCI DSS compliant via Stripe — we never see, store, or process credit card numbers.
  • No user data is stored on ATOMiK servers beyond email addresses for licensing.
  • API keys are scoped, rotatable, and transmitted only over encrypted channels.

GDPR Compliance

  • Minimal data collection: only email addresses for licensing and communication.
  • Right to deletion is fully supported — request removal at any time.
  • Data Processing Agreement (DPA) available on request for enterprise customers.
  • No personal data is shared with third parties beyond payment processing (Stripe).
92

Formal Verification: A Security Differentiator

ATOMiK's delta-state algebra is not just tested — it is formally proven in Lean4, a theorem prover used by mathematicians and verified-software researchers. Every property of the Abelian group (commutativity, associativity, self-inverse, identity) is machine-checked. This means the core algorithm is correct by construction — not by convention, not by code review, not by test coverage.

View Lean4 Proofs on GitHub →Read the Whitepaper →

Certifications & Standards

Current compliance posture and certification roadmap.

A2
Available

Apache 2.0 License

Core SDK is fully open source and auditable

L4
92 Theorems Verified

Lean4 Formal Proofs

Mathematical correctness proven, not assumed

S2
In Progress

SOC 2 Type II

Pursuing SOC 2 Type II certification

EU
Yes

GDPR Compliant

Minimal data collection, right to deletion

PC
Via Stripe

PCI DSS

Payment data handled by Stripe, never touches our servers

IS
Planned

ISO 27001

Information security management certification

S2

SOC 2 Type II — In Progress

ATOMiK is actively pursuing SOC 2 Type II certification. This covers security, availability, processing integrity, confidentiality, and privacy controls. Contact us for current status and expected completion timeline.

Responsible Disclosure

Found a security issue? We take every report seriously. Reach out to our security team directly — we respond within 24 hours.

security@atomik.tech

For general inquiries, contact mrockwell@atomik.tech