Atmatic.ai - Build Agentic Apps for your Back Office

Our Security Commitment

At MindGryd Software Private Limited, security is at the core of everything we build. We understand that you trust us with your business-critical data and AI agents, and we take that responsibility seriously. Our security program is designed to protect the confidentiality, integrity, and availability of your information.

As a growing startup, we are continuously investing in and enhancing our security posture. This page outlines our current security practices and our roadmap for achieving industry-recognized certifications.

Compliance Roadmap

Transparency Note: We believe in being upfront with our users. While we are actively working towards industry certifications, we have not yet achieved them. Below is our current status and roadmap.

SOC 2 Type II

In Progress

We are implementing controls aligned with AICPA Trust Services Criteria. Our target is to complete SOC 2 Type II certification within the next 6-12 months.

GDPR Compliance

In Progress

We are implementing privacy-by-design principles and data protection measures aligned with GDPR requirements for our EU users.

HIPAA Compliance

Planned

HIPAA compliance is on our roadmap for healthcare industry customers. We are evaluating requirements and planning implementation.

ISO 27001

Planned

ISO 27001 certification is part of our long-term security roadmap as we scale our information security management system.

Current Security Measures

While we work towards formal certifications, we have implemented robust security measures to protect your data:

Encryption

TLS 1.2/1.3 encryption for all data in transit
AES-256 encryption for sensitive data at rest
Secure key management practices

Access Control

Role-based access control (RBAC)
Multi-factor authentication support
Principle of least privilege
Regular access reviews

Infrastructure Security

Cloud-hosted on secure infrastructure
Regular security patches and updates
Network segmentation and firewalls
DDoS protection

Monitoring & Logging

Comprehensive audit logging
Real-time security monitoring
Automated alerting for anomalies
Log retention and analysis

Application Security

We follow secure software development practices to minimize vulnerabilities in our platform:

Secure Development Lifecycle (SDLC): Security considerations are integrated into every phase of development
Code Reviews: All code changes undergo peer review with security considerations
Dependency Management: Regular scanning and updating of third-party dependencies
Input Validation: Strict validation of all user inputs to prevent injection attacks
Security Testing: Regular vulnerability assessments and security testing
OWASP Guidelines: Development practices aligned with OWASP Top 10 recommendations

AI Agent Security

Given the nature of our AI agent platform, we implement specific security measures for AI-related operations:

Agent Isolation: AI agents operate in isolated environments to prevent cross-contamination
Permission Controls: Granular permissions for what actions AI agents can perform
Audit Trails: Complete logging of all AI agent actions for transparency and accountability
Rate Limiting: Controls to prevent abuse and ensure fair resource usage
Output Validation: Mechanisms to validate and sanitize AI-generated outputs
Human-in-the-Loop: Options for human review and approval of critical agent actions

Data Protection

Data Handling

Data classification and handling procedures based on sensitivity
Minimization of data collection to only what is necessary
Secure data deletion upon request or account termination
Regular backups with encryption

Data Residency

We utilize cloud infrastructure that allows us to store data in specific geographic regions. Contact us if you have specific data residency requirements.

Third-Party Security

We carefully evaluate the security practices of our third-party service providers. Our key providers include AWS, MongoDB, and Google Cloud, all of which maintain industry-recognized security certifications.

Incident Response

We have established procedures for responding to security incidents:

Detection: Continuous monitoring to detect potential security incidents
Response: Defined procedures for containing and investigating incidents
Notification: Commitment to notify affected users promptly in case of a data breach, in accordance with applicable laws
Recovery: Procedures for restoring normal operations and preventing recurrence
Post-Incident Review: Analysis of incidents to improve our security posture

Employee Security

Background checks for employees with access to sensitive systems
Security awareness training for all team members
Confidentiality agreements and security policies
Secure onboarding and offboarding procedures
Limited access to production systems on a need-to-know basis

Vulnerability Disclosure

We appreciate the security research community and welcome responsible disclosure of security vulnerabilities. If you discover a potential security issue, please report it to us:

Security Contact: [email protected]

Response Time: We aim to acknowledge reports within 48 hours

Responsible Disclosure Guidelines

Provide detailed information about the vulnerability
Give us reasonable time to investigate and address the issue
Do not access, modify, or delete data belonging to others
Do not perform actions that could harm our users or systems
Do not publicly disclose the vulnerability until we have addressed it

We are committed to working with security researchers and will not take legal action against those who report vulnerabilities in good faith and follow responsible disclosure practices.

Your Security Responsibilities

Security is a shared responsibility. We recommend that you:

Use strong, unique passwords for your account
Enable multi-factor authentication when available
Keep your account credentials confidential
Report any suspicious activity immediately
Keep your systems and software up to date
Review and understand the permissions granted to AI agents
Regularly review audit logs for your agents

Security Updates

We continuously improve our security practices. This page will be updated as we implement new measures and achieve certifications. For significant security updates, we will notify registered users via email.

Contact Us

For security-related inquiries or concerns, please contact our security team:

MindGryd Software Private Limited

Contact: [email protected]

Our Security Commitment

Compliance Roadmap

SOC 2 Type II

In Progress

We are implementing controls aligned with AICPA Trust Services Criteria. Our target is to complete SOC 2 Type II certification within the next 6-12 months.

GDPR Compliance

In Progress

We are implementing privacy-by-design principles and data protection measures aligned with GDPR requirements for our EU users.

HIPAA Compliance

Planned

HIPAA compliance is on our roadmap for healthcare industry customers. We are evaluating requirements and planning implementation.

ISO 27001

Planned

ISO 27001 certification is part of our long-term security roadmap as we scale our information security management system.

Current Security Measures

While we work towards formal certifications, we have implemented robust security measures to protect your data:

Encryption

TLS 1.2/1.3 encryption for all data in transit
AES-256 encryption for sensitive data at rest
Secure key management practices

Access Control

Role-based access control (RBAC)
Multi-factor authentication support
Principle of least privilege
Regular access reviews

Infrastructure Security

Cloud-hosted on secure infrastructure
Regular security patches and updates
Network segmentation and firewalls
DDoS protection

Monitoring & Logging

Comprehensive audit logging
Real-time security monitoring
Automated alerting for anomalies
Log retention and analysis

Application Security

We follow secure software development practices to minimize vulnerabilities in our platform:

Secure Development Lifecycle (SDLC): Security considerations are integrated into every phase of development
Code Reviews: All code changes undergo peer review with security considerations
Dependency Management: Regular scanning and updating of third-party dependencies
Input Validation: Strict validation of all user inputs to prevent injection attacks
Security Testing: Regular vulnerability assessments and security testing
OWASP Guidelines: Development practices aligned with OWASP Top 10 recommendations

AI Agent Security

Given the nature of our AI agent platform, we implement specific security measures for AI-related operations:

Agent Isolation: AI agents operate in isolated environments to prevent cross-contamination
Permission Controls: Granular permissions for what actions AI agents can perform
Audit Trails: Complete logging of all AI agent actions for transparency and accountability
Rate Limiting: Controls to prevent abuse and ensure fair resource usage
Output Validation: Mechanisms to validate and sanitize AI-generated outputs
Human-in-the-Loop: Options for human review and approval of critical agent actions

Data Protection

Data Handling

Data classification and handling procedures based on sensitivity
Minimization of data collection to only what is necessary
Secure data deletion upon request or account termination
Regular backups with encryption

Data Residency

We utilize cloud infrastructure that allows us to store data in specific geographic regions. Contact us if you have specific data residency requirements.

Third-Party Security

Incident Response

We have established procedures for responding to security incidents:

Detection: Continuous monitoring to detect potential security incidents
Response: Defined procedures for containing and investigating incidents
Notification: Commitment to notify affected users promptly in case of a data breach, in accordance with applicable laws
Recovery: Procedures for restoring normal operations and preventing recurrence
Post-Incident Review: Analysis of incidents to improve our security posture

Employee Security

Background checks for employees with access to sensitive systems
Security awareness training for all team members
Confidentiality agreements and security policies
Secure onboarding and offboarding procedures
Limited access to production systems on a need-to-know basis

Vulnerability Disclosure

We appreciate the security research community and welcome responsible disclosure of security vulnerabilities. If you discover a potential security issue, please report it to us:

Security Contact: [email protected]

Response Time: We aim to acknowledge reports within 48 hours

Responsible Disclosure Guidelines

Provide detailed information about the vulnerability
Give us reasonable time to investigate and address the issue
Do not access, modify, or delete data belonging to others
Do not perform actions that could harm our users or systems
Do not publicly disclose the vulnerability until we have addressed it

We are committed to working with security researchers and will not take legal action against those who report vulnerabilities in good faith and follow responsible disclosure practices.

Your Security Responsibilities

Security is a shared responsibility. We recommend that you:

Use strong, unique passwords for your account
Enable multi-factor authentication when available
Keep your account credentials confidential
Report any suspicious activity immediately
Keep your systems and software up to date
Review and understand the permissions granted to AI agents
Regularly review audit logs for your agents

Security Updates

Contact Us

For security-related inquiries or concerns, please contact our security team:

MindGryd Software Private Limited

Contact: [email protected]