We Secure Others.
We Secure Ourselves.
Atumcell holds itself to the same standards we apply to our clients. This page documents our security posture, certifications, data handling practices, and disclosure policy.
Certifications & accreditations
Our team holds recognized certifications in penetration testing, ethical hacking, and information security management.
Cyber Essentials
CertifiedUK government-backed certification verifying our defenses against common cyber attack vectors. Independently assessed.
OSCP (Offensive Security Certified Professional)
Team CertifiedGold standard for penetration testers — requires demonstrating real attack chains in a live exam environment, not a multiple-choice test.
CEH (Certified Ethical Hacker)
Team CertifiedEC-Council certification held by Atumcell researchers, covering methodology, attack techniques, and ethical hacking standards.
ISO 27001
In ProgressWe are working toward ISO 27001 certification. Our information security management system is aligned to the standard.
We test ourselves
We don't just test our clients — we test our own infrastructure. Atumcell's public-facing systems and internal environment are subject to regular security assessments conducted by our own research team and, periodically, by independent third-party testers.
If you discover a vulnerability in any Atumcell system, please report it responsibly using the disclosure process below. We take all reports seriously and respond within 2 business days.
Internal testing
Our research team conducts quarterly internal security reviews of all production systems.
Third-party testing
Annual independent penetration tests are conducted by external testers with no prior relationship to Atumcell.
Responsible disclosure
Report vulnerabilities to security-report@atumcell.com. We acknowledge within 2 business days.
How we handle client data
During an engagement we may have access to sensitive systems, configurations, and data. Here is how we protect what you share with us.
Data minimisation
We collect only the data required to deliver each engagement. Client data is never used for any purpose other than the contracted scope.
Encryption in transit and at rest
All data transferred during engagements is encrypted using TLS. Findings and client data stored at rest are encrypted.
Access control
Client data is accessible only to the assigned engagement team. Access is revoked on engagement close. We use role-based access and MFA across all internal systems.
Data retention
We do not retain any engagement data beyond issuance of the final report.
No third-party sharing
We never sell, share, or transfer client data to third parties. Our subprocessors are limited to essential infrastructure services covered by appropriate DPAs.
GDPR compliance
Atumcell operates in accordance with GDPR (EU/UK). We act as data processor for client data handled during engagements. DPAs are available on request.
Need a Data Processing Agreement?
EU and UK clients require a DPA (GDPR Article 28) for any engagement involving personal data. Contact us to request our standard DPA or to discuss client-specific requirements.
Discover Your
Cyber Risk Level.
Find out in seconds if your domain can be spoofed. Free, no login required.
Instant results · Actionable insights · No commitment required
