Atom
Install
Get started with Atom
Documentation
Learn how to use Atom

Security Overview

Last updated: April 29, 2026

This page summarizes how Atom is built, what data flows through the product, and the security practices used to protect customer information.

1. Product Architecture

Atom is a desktop plugin for Adobe After Effects. Most product activity happens on the customer's computer, inside After Effects, and through the customer's selected AI provider setup.

Atom does not proxy AI traffic, store AI provider credentials on Atom servers, or add usage fees on top of the AI provider. AI usage is handled through the customer's OpenAI, Anthropic, or other configured provider account.

2. Data Sent to AI Providers

When a customer uses Atom's AI features, the customer-selected AI provider may receive prompts, chat messages, project structure, layer names, properties, expressions, rendered composition preview frames, and files the customer explicitly attaches.

Full-resolution source footage, final renders, and unattached local files are not uploaded by Atom's normal AI workflow.

3. Data Stored by Atom

Atom stores only the data needed to operate the product, including purchase email, license/entitlement records, seat count, device seat identifiers, support messages, and optional feedback reports.

Feedback reports are customer-initiated. When submitted, Atom uploads the customer's written description plus encrypted chat logs and tool activity for that chat. Project files are not uploaded by the feedback flow.

4. Local Storage and Encryption

  • Customer AI provider keys are stored locally and encrypted on the customer's device.
  • Local diagnostic logs are written encrypted at rest.
  • Optional feedback logs are encrypted before upload.
  • Website and service connections use HTTPS where applicable.

5. MCP and Local Integrations

Atom's MCP Mode starts a local server on 127.0.0.1 so compatible local tools can control After Effects through Atom. It is designed for local-machine integrations, not public network access.

The local MCP server checks local host/origin information and is stopped when MCP Mode is turned off.

6. Access Controls

Access to Atom-operated customer systems is limited to the product operator and only used for product operation, support, security, billing, and legal obligations.

7. Incident Response

If we confirm a security incident that affects customer personal data processed by Atom, we will notify affected customers without undue delay and, where feasible, within 72 hours.

8. Certifications

Atom does not currently maintain SOC 2, ISO 27001, HIPAA, or FedRAMP certification. If a customer requires a formal security questionnaire, contact us and we will respond based on the current product architecture.

9. Contact

To report a security issue or request a security review, email hey@davey.design.