Skip to content
Atomation
Platform
OverviewDashboard, finding queue, evidence, and reports.Product modelConnection, snapshot, finding, and report output.Evidence & reportsSource trails, screenshots, exports, and report views.
Trust & coverage
What we checkRepresentative checks plus assessment trust model.Feature postureWhich Okta features are on, off, and worth enabling.Security modelRead-only scans, exact connector grants, no remediation.DeploymentHosted Atomation workspace model, partner portals, and assessment boundaries.
See it liveOkta Assessment demoWalk a real finding queue, evidence drawers, and reports — no signup, open demo.Explore the live demo
SolutionsDocsPartnersPricingLive demoDemoContact usContact
Product
Product overview
PlatformOverviewProduct modelEvidence & reports
Trust & coverageWhat we checkFeature postureSecurity modelDeployment
SolutionsDocsPartnersPricingLive demoContact usCall 727-999-1813
Data lifecycle

Data Retention and Deletion Policy

Atomation's lifecycle for active, suspended, offboarding, and permanently deleted customer workspaces.

Effective and last updated: July 11, 2026

Download: Branded PDF version.

Policy summary

StageDefault treatment
ActiveCustomer access and approved assessment collection are enabled.
SuspendedLogin, active sessions, new scans, and scheduled collection are disabled. Configuration and assessment data remain intact for reactivation.
OffboardingA cancelled workspace remains suspended for 30 days by default. No new customer data is collected.
Immediate purgeAn authorized operator may bypass the offboarding window after reauthentication and explicit permanent-deletion confirmation.
Permanent purgeWorkspace data is removed from the control plane, assessment engine, and object storage, followed by scoped absence verification.
BackupsDaily and monthly encrypted recovery sets normally expire within 30 days and are not copied to a separate NAS archive.

Suspension and reactivation

  • Suspension is reversible and reserves the customer slug.
  • Client login and existing sessions are disabled.
  • Manual, operator, API-triggered, and scheduled collection are disabled.
  • Configuration, connected-org references, assessment history, findings, and reports remain available for reactivation.
  • Reactivation requires a new login and does not silently restore a prior browser session.

Cancellation and permanent deletion

The default offboarding period is 30 days in suspended status. An authorized immediate-deletion request may bypass that period. Permanent deletion requires a suspended workspace, operator reauthentication, and explicit confirmation naming the workspace.

Atomation deletes workspace-scoped control records, credentials and keys, SSO and SCIM configuration, users, invitations, assessment runs, snapshots, findings, reports, branding, and stored objects. It does not delete the customer's Okta API Services app; the customer remains responsible for removing that application in Okta. The slug becomes reusable only after purge verification.

A minimal content-free receipt may retain the purge time, non-content workspace reference, receipt digest, operation identifier, and verification outcome. It contains no assessment content, credentials, raw payloads, or findings.

Backups and recovery

Atomation does not create a separate customer-data archive on a local NAS. Daily and monthly encrypted recovery sets normally expire within 30 days. If a backup incident would otherwise leave no validated recovery point for active customers, the sole older encrypted set may be retained temporarily until a replacement validates. Any restore must reapply the deletion ledger before routes reopen.

Product improvement

Atomation does not retain customer content for model or product training. Sanitized, de-identified technical schema observations may be retained to improve collectors and deterministic rules only after removing customer values, identities, URLs, identifiers, secrets, findings, raw payloads, and revealing labels. Identifiable customer content requires explicit written opt-in.

Exceptions and contact

A documented legal hold or binding legal obligation may delay deletion of specifically required records. Contracts, invoices, tax records, and security-incident records follow separate legal and accounting schedules. Reports already downloaded by a customer or partner are outside Atomation's storage control. Questions or deletion requests may be sent to [email protected].

Atomation

Okta posture and evidence without changing your tenant. Find access risk and evidence gaps before audit week.

Veteran owned — securing Okta orgsBuilt for Okta Identity Engine
[email protected]727-999-1813
ProductOverviewHow it worksPricingLive demo
ResourcesDocumentationFrameworksSecurity & privacyBlogOkta setupFAQ
CompanySolutionsPartnersAboutContact
LegalPrivacyTermsData retentionSubprocessorsAccessibility
© 2026 Atomation LLC · atomation.io
LinkedInInstagramFacebook