How does Atlas Inspections handle authentication?

Atlas has no password database. Sign-in is handled exclusively via Google OAuth 2.0, so credentials are managed by Google's security infrastructure.

How do I report a security vulnerability?

Email info.atlaslogic@gmail.com with a description of the vulnerability and steps to reproduce it before any public disclosure.

Security

Built with security at the foundation

Inspection data is sensitive. Here's how Atlas Inspections protects your buildings, images, and client information.

Core practices

How we protect your data

Encryption in transit

All communication between your browser, mobile app, and our servers uses TLS 1.2+. Data is never transmitted unencrypted.

Encryption at rest

Inspection images, thermal data, field notes, and database records are encrypted at rest using AES-256 on our hosting infrastructure.

OAuth-only authentication

Atlas has no password database. Sign-in is handled exclusively via Google OAuth 2.0, which means your credentials are managed by Google's security infrastructure, not ours.

Scoped Gmail access

When you connect Gmail, we request only the gmail.send scope. We cannot read your inbox, calendar, or any other Google service. Tokens are stored encrypted and never exposed in API responses.

Access controls

Role-based access control (RBAC) governs which users can see which buildings, images, and data. Clients access only their own portal view; inspectors access their assigned data; administrators control their company's settings.

Audit logging

Sensitive actions — account changes, data deletions, admin operations — are logged with a timestamp and actor identity for accountability and incident investigation.

Infrastructure

Where your data lives

Atlas Inspections runs on Replit's managed cloud infrastructure, hosted in the United States.

US-based hosting

All application servers and databases are hosted within the United States. No data is intentionally routed to or replicated in foreign jurisdictions.

Managed infrastructure

We rely on Replit's platform for hosting, networking, and physical security controls, including isolated runtimes and TLS termination.

Database access controls

Direct production database access is restricted to authorized Atlas Logic engineers and is not exposed to the public internet. Access requires authenticated VPN-equivalent channels.

Secrets management

API keys, OAuth client secrets, and database credentials are stored as encrypted environment secrets — never in source code or client-accessible config.

Vulnerability disclosure

Found a security issue?

We take security reports seriously and will work to address confirmed vulnerabilities promptly.

If you've discovered a potential security vulnerability in Atlas Inspections, please report it to us via email before disclosing it publicly. We ask that you:

Describe the vulnerability and the steps needed to reproduce it.
Include any proof-of-concept if available.
Give us reasonable time to investigate and remediate before disclosure.
Do not access, modify, or exfiltrate user data beyond what is needed to demonstrate the issue.

Report a vulnerability

Questions about security?

We're happy to discuss our practices in more detail for enterprise evaluations or compliance reviews.

Get in touch Read our Privacy Policy