Security
How Atlas protects your data, manages access, and keeps your team's content secure.
Authentication
Atlas uses Supabase Auth for secure authentication. All sessions are managed with HTTP-only cookies and automatic token refresh. Password hashing, rate limiting, and brute-force protection are handled at the infrastructure level.
Row-Level Security (RLS)
Every database table is protected by Supabase Row-Level Security policies. Users can only access data they are authorized to see. RLS policies are enforced at the database level, not the application level — even direct API access respects these boundaries.
Role-Based Access
Atlas has two roles: admin and user. Admins can approve or reject contributed content, manage categories, and access the moderation queue. Regular users can browse, install, and contribute skills and MCP configs. Role enforcement happens at both the API and database layer.
No External Data Exposure
Atlas is an internal tool — it is not publicly accessible and does not expose any data externally. All content is shared within the organization only. There are no public APIs, no third-party analytics, and no external data pipelines.
Secure MCP Handling
MCP server configurations stored in Atlas are JSON definitions only — Atlas does not execute MCP servers or handle API keys. Environment variables referenced in configs are documented but never stored. Users manage their own secrets locally.
Admin Moderation
All community-contributed content goes through an admin review queue before being published to the library. This ensures quality standards are maintained and prevents malicious or low-quality content from reaching the team.
Security summary
Questions about security?
Reach out to the team if you have questions about how Atlas handles data and access.