Legal
Trust & Compliance
The living index of Atlas's security posture, subprocessors, incident history, and audit artifacts. For the full security controls overview, see /security.
What we can tell you today
- SOC 2 Type II attestation: in progress — not yet attested. We will not claim the report until it is in hand. Readiness evidence available under NDA on request.
- Subprocessors (live list): Neon (Postgres, US-East), Cloudflare R2 (object storage, US), Resend (email), Anthropic (LLM), OpenAI (LLM, limited surfaces), Deepgram (transcription, when used), Twilio (SMS / dialer, when used). All US-region, all with executed BAA or DPA where PHI touches. Retell (voice agents) is on the integration roadmap and will be added to this list when wired up.
- Status page: on the roadmap. In the interim, operational incidents are communicated directly to customers via email and our designated security contact channel.
- Incident history: customers receive direct Sev-1 / Sev-2 notifications per their BAA terms. A public summary feed will accompany the status-page rollout.
- SIG-Lite, CAIQ, and custom-vendor questionnaires: returned within two business days for active deals.
This page is updated as posture changes. Contact security@velora.com for advisories, report requests, or questionnaire submissions.
For the current draft or to start a review
security@velora.com