Download: Branded PDF version.
Policy summary
| Stage | Default treatment |
|---|---|
| Active | Customer access and approved assessment collection are enabled. |
| Suspended | Login, active sessions, new scans, and scheduled collection are disabled. Configuration and assessment data remain intact for reactivation. |
| Offboarding | A cancelled workspace remains suspended for 30 days by default. No new customer data is collected. |
| Immediate purge | An authorized operator may bypass the offboarding window after reauthentication and explicit permanent-deletion confirmation. |
| Permanent purge | Workspace data is removed from the control plane, assessment engine, and object storage, followed by scoped absence verification. |
| Backups | Daily and monthly encrypted recovery sets normally expire within 30 days and are not copied to a separate NAS archive. |
Suspension and reactivation
- Suspension is reversible and reserves the customer slug.
- Client login and existing sessions are disabled.
- Manual, operator, API-triggered, and scheduled collection are disabled.
- Configuration, connected-org references, assessment history, findings, and reports remain available for reactivation.
- Reactivation requires a new login and does not silently restore a prior browser session.
Cancellation and permanent deletion
The default offboarding period is 30 days in suspended status. An authorized immediate-deletion request may bypass that period. Permanent deletion requires a suspended workspace, operator reauthentication, and explicit confirmation naming the workspace.
Atomation deletes workspace-scoped control records, credentials and keys, SSO and SCIM configuration, users, invitations, assessment runs, snapshots, findings, reports, branding, and stored objects. It does not delete the customer's Okta API Services app; the customer remains responsible for removing that application in Okta. The slug becomes reusable only after purge verification.
A minimal content-free receipt may retain the purge time, non-content workspace reference, receipt digest, operation identifier, and verification outcome. It contains no assessment content, credentials, raw payloads, or findings.
Backups and recovery
Atomation does not create a separate customer-data archive on a local NAS. Daily and monthly encrypted recovery sets normally expire within 30 days. If a backup incident would otherwise leave no validated recovery point for active customers, the sole older encrypted set may be retained temporarily until a replacement validates. Any restore must reapply the deletion ledger before routes reopen.
Product improvement
Atomation does not retain customer content for model or product training. Sanitized, de-identified technical schema observations may be retained to improve collectors and deterministic rules only after removing customer values, identities, URLs, identifiers, secrets, findings, raw payloads, and revealing labels. Identifiable customer content requires explicit written opt-in.
Exceptions and contact
A documented legal hold or binding legal obligation may delay deletion of specifically required records. Contracts, invoices, tax records, and security-incident records follow separate legal and accounting schedules. Reports already downloaded by a customer or partner are outside Atomation's storage control. Questions or deletion requests may be sent to [email protected].