Your security, our priority


At Atolia, the security of your data and company is our priority. That’s why we’ve created more than 50 security processes: data hosting, specific developments, audits, business continuity plan or physical security of our offices.


Your data is saved and replicated on 3 different locations in France. In case of emergency, this allows us to automatically switch to one of them in a few seconds to guarantee the maximum availability of our services.


Access to your account is secure thanks to several protection mechanisms including encryption of all your data, both in transit and when it is stored on our infrastructure.


In order to guarantee the strict integrity of your data, we protect access to documents online and internally. In addition, we backup them every day and regularly perform data recovery exercises.

Human ressources

We do detailed verifications of the history and background of each collaborator.

Safety training is often conducted with employees and security policies are reviewed quarterly.

Upon arrival at Atolia, each person signs a security policy and a non-disclosure agreement.

Before each internal project or custom development, a RACI matrix is created to define the roles and responsibilities of each collaborator.

The devices used by our teams are also protected: auto-lock, password complexity, access control, updates, firewalls, anti-virus and disk encryption.

Physical security

Entrance to Atolia’s offices is made through 3 doors protected by individual access cards.

Office access history is kept for 30 days.

Offices are monitored 24 hours a day by an alarm system.

All visitors entering Atolia’s offices are recorded.

Paper-based administrative documents are stored in secure lockers.


All the infrastructure is hosted in France on Outscale (Dassault Systèmes), certified ISO 27001, ISO 27017 and ISO 27018.

Atolia’s virtual network is isolated from the Internet. Only a public access point is exposed with a firewall containing the access rules.

The development, test and production infrastructures are strictly separated.

Our Private Cloud offer includes a dedicated environment and optional IP filtering foreach customer.


As a French company, Atolia isn’t under the American Cloud Act so your data remains confidential and private.

Data access for authorized staff only happens through a VPN and a two-factor authentication (2FA).

All data is encrypted in AES-256 during transmission and storage.

Daily backups of all data are performed as well as restore exercises.

All data is sent only through the TLS / SSL protocol. Atolia’s certificates have all been rated “A +” by SSL Labs.

Activity logs

Access to the system, as well as access or updates to the data are archived in activity logs.

Access to activity logs for duly authorized staff only happens through a VPN and a two-factor authentication (2FA).

Activity logs are kept for one year.

All technical events of the systems are identified and archived separately. Errors are notified in real time to our technical teams.

Secured development

Each development results to a code review by several engineers.

All software dependencies used by our developers are analyzed upstream.

SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) tools are used to scan our source code and applications.

Keys and development access tokens are separated from production ones.


Many proceedings have been deployed to comply with the GDPR. Check out our dedicated page.

Secure payments on Atolia are provided by a PCI DSS certified subcontractor.

Our webhost Outscale (Dassault Systèmes) with whom we collaborate is ISO 27001, ISO 27017, ISO 27018 certified.

For more transparency on our processes, we are working on becoming ISO 27001 certified.

What are you waiting for to deploy
your new secure workspace?

Meet our sales team to get a free tour of our
platform and to answer all your questions.

Book a demo