Skip to content

Legal

The binding policies that govern AtomDigit services. For our Responsible AI commitments, security program, and responsible disclosure policy, see Responsible AI.

Terms of Service

1. Terms of Service

Atom Digit LLC. Effective date: June 15, 2026. Last updated: June 15, 2026.

Welcome to AtomDigit. These Terms of Service ("Terms") govern your access to and use of our website, products, services, software, AI systems, digital platforms, consulting services, digital marketing services, talent solutions, and related offerings provided by Atom Digit LLC ("AtomDigit", "Company", "we", "our", or "us").

By accessing our website, requesting services, signing a proposal, statement of work, master services agreement, purchase order, or otherwise using our services, you agree to be bound by these Terms. If you do not agree to these Terms, you must not access or use our website or services.

Acceptance of Terms

You accept these Terms when you visit or use our website; submit a contact form or request information; sign a proposal, Statement of Work ("SOW"), Master Services Agreement ("MSA"), or similar commercial document; purchase or use any AtomDigit service; or access software, AI systems, applications, platforms, portals, dashboards, or deliverables provided by AtomDigit. If you are accepting these Terms on behalf of a company, you represent that you have authority to bind that organization.

Definitions

  • Affiliate means any entity controlling, controlled by, or under common control with a party.
  • Client means any individual or organization purchasing or using AtomDigit services.
  • Deliverables means any software, AI models, code, applications, documentation, reports, designs, content, marketing assets, workflows, or other outputs created under a client engagement.
  • AI System means any machine learning, generative AI, LLM-based, agentic, predictive, automation, computer vision, voice AI, or related technology developed, configured, integrated, or deployed by AtomDigit.
  • Client Data means all information, datasets, files, documents, records, credentials, and materials supplied by the Client.
  • Services means all consulting, engineering, development, implementation, marketing, talent, AI, software, and digital transformation services offered by AtomDigit.

Scope of Services

AtomDigit provides enterprise technology and AI services, including but not limited to:

AI Services. Custom AI development; AI agents and autonomous systems; generative AI solutions; AI workflow automation; AI research and analytics solutions; AI Centers of Excellence (CoE); AI governance and implementation consulting.

Software and Digital Engineering. Custom software development; SaaS product development; website development; mobile application development; system integrations; cloud engineering; data engineering; product modernization.

Digital Experience and Marketing. Digital transformation consulting; website optimization; search engine optimization; paid advertising management; marketing analytics; conversion optimization; customer experience initiatives.

Talent Solutions. Dedicated engineering teams; staff augmentation; talent sourcing and placement; technical recruitment services.

The exact scope, timelines, deliverables, pricing, and responsibilities will be defined in the applicable proposal, SOW, MSA, or order form. Where these Terms conflict with a signed agreement, the signed agreement controls.

Client Responsibilities

The Client agrees to provide accurate information; supply necessary data, access credentials, and approvals; maintain ownership rights to materials supplied to AtomDigit; obtain all required permissions and consents for any personal data shared with AtomDigit; cooperate in a timely manner to avoid project delays; and use deliverables in compliance with applicable laws and regulations. The Client is solely responsible for the legality, accuracy, and integrity of Client Data.

Intellectual Property Ownership

Pre-existing intellectual property. Each party retains ownership of all intellectual property it owned before the engagement. Nothing in these Terms transfers ownership of pre-existing intellectual property.

Client ownership of deliverables. Unless otherwise specified in a signed agreement and subject to full payment of all fees: custom software developed specifically for the Client becomes the Client's property; Client-specific AI workflows and implementations become the Client's property; Client-specific documentation and project deliverables become the Client's property.

AtomDigit retained rights. AtomDigit retains ownership of proprietary methodologies, development frameworks, accelerators, libraries, templates, reusable code components, internal tools, generic AI architectures, and know-how developed during engagements. AtomDigit may reuse general knowledge, skills, techniques, concepts, and experience acquired during an engagement, provided no Client confidential information is disclosed.

AI deliverables and models. Unless otherwise agreed: Client-owned data remains Client property; Client-trained or client-specific AI systems belong to the Client upon payment; underlying third-party foundation models remain the property of their respective providers; AtomDigit retains ownership of generalized frameworks, orchestration layers, and reusable AI infrastructure. AtomDigit does not claim ownership over Client Data used to build client-specific solutions.

AI Output Disclaimer

AI systems can generate inaccurate, incomplete, biased, misleading, or unexpected outputs. The Client acknowledges that AI-generated content should be reviewed by qualified humans; AI outputs are probabilistic rather than guaranteed; AI systems may occasionally produce incorrect recommendations; and business, legal, financial, medical, hiring, compliance, and operational decisions should not rely solely on AI outputs. AtomDigit does not guarantee the accuracy, completeness, legality, suitability, or fitness of AI-generated results. The Client remains responsible for validating outputs before use. Our full approach to responsible AI is set out at /responsible-ai.

Confidentiality

Each party agrees to protect confidential information received from the other party using reasonable care. Confidential information includes business plans, technical information, source code, trade secrets, pricing, security information, Client Data, and proprietary processes. Confidentiality obligations survive termination for five (5) years, except trade secrets, which remain protected as long as permitted by law.

Fees and Payment Terms

Unless otherwise agreed: invoices are payable within thirty (30) days of issuance; all fees are stated exclusive of applicable taxes; late payments may incur interest at 1.5% per month or the maximum amount permitted by law; AtomDigit may suspend services for overdue accounts; and the Client is responsible for all taxes, duties, levies, and governmental charges except taxes based on AtomDigit's income. Payments are non-refundable except where required by law or expressly stated in a signed agreement.

Warranties

AtomDigit warrants that services will be performed in a professional and workmanlike manner; personnel assigned to engagements possess appropriate qualifications and experience; and deliverables will substantially conform to agreed specifications for thirty (30) days after delivery unless otherwise agreed. Except as expressly stated, all services and deliverables are provided "AS IS" and "AS AVAILABLE." To the maximum extent permitted by law, AtomDigit disclaims all implied warranties, including merchantability, fitness for a particular purpose, non-infringement, availability, accuracy, and uninterrupted operation.

Limitation of Liability

To the maximum extent permitted by law, AtomDigit shall not be liable for indirect, consequential, special, or incidental damages, or for loss of profits, revenue, goodwill, business opportunity, or data. AtomDigit's total aggregate liability arising from any claim shall not exceed the total fees paid by the Client to AtomDigit during the twelve (12) months immediately preceding the event giving rise to the claim. These limitations apply regardless of the legal theory asserted.

Indemnification

The Client agrees to defend, indemnify, and hold harmless AtomDigit and its officers, employees, contractors, and affiliates from claims arising out of Client misuse of services, Client Data, Client violations of law, Client infringement of third-party rights, unauthorized use of deliverables, or decisions made based on AI-generated outputs. AtomDigit will promptly notify the Client of any indemnified claim and provide reasonable cooperation.

Term and Termination

These Terms remain in effect while the Client uses our services. Either party may terminate an engagement for convenience with thirty (30) days written notice unless otherwise agreed; immediately for material breach not cured within fifteen (15) days of notice; or immediately for unlawful activity, fraud, or security risks. Upon termination, outstanding fees become immediately payable, Client access may be revoked, confidential information must be returned or deleted where applicable, and rights and obligations intended to survive termination will remain in effect.

Suspension of services. AtomDigit may suspend access to services if payment obligations are not met, security risks are identified, Client activity violates law, or continued service could expose AtomDigit or others to liability.

Compliance With Laws

Each party agrees to comply with applicable laws and regulations, including data protection, privacy, export controls, anti-corruption laws, and intellectual property laws.

Governing Law

These Terms are governed by and construed under the laws of the State of Maryland, United States, without regard to its conflict-of-laws principles. Subject to the arbitration provision below, the state and federal courts located in Montgomery County, Maryland shall have exclusive jurisdiction over any dispute not subject to arbitration.

Arbitration

Any dispute, claim, or controversy arising out of or relating to these Terms shall first be addressed through good-faith negotiations. If unresolved within thirty (30) days, the dispute shall be finally resolved by binding arbitration administered by the American Arbitration Association under its Commercial Arbitration Rules. The arbitration shall be conducted in English, seated in Montgomery County, Maryland, United States, and conducted by a single arbitrator unless the parties agree otherwise. The arbitration award shall be final and binding. Nothing in this section prevents either party from seeking urgent injunctive relief from a court of competent jurisdiction.

Severability

If any provision of these Terms is determined to be invalid, illegal, or unenforceable, the remaining provisions shall remain fully effective. The invalid provision shall be modified to the minimum extent necessary to make it enforceable while preserving its intended purpose.

Force Majeure

Neither party shall be liable for delays or failures caused by events beyond reasonable control, including natural disasters, war, terrorism, labor disputes, internet failures, government actions, cyberattacks, and utility interruptions. Affected obligations will be suspended during the force majeure event.

Entire Agreement

These Terms, together with any executed MSA, SOW, proposal, order form, Privacy Policy, DPA, and related documents, constitute the entire agreement between the parties regarding the subject matter.

Contact Information

For legal notices and contractual inquiries: Atom Digit LLC, 18310 Montgomery Village Avenue, Suite 300 #1148, Gaithersburg, MD 20879, United States. Email: legal@atomdigit.com. Privacy: privacy@atomdigit.com. Security: security@atomdigit.com.

Privacy Policy

2. Privacy Policy

Atom Digit LLC ("AtomDigit", "we", "us", or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains what personal data we collect, how we use it, with whom we share it, how long we keep it, and what rights you have in relation to it.

This policy applies to all individuals who interact with AtomDigit, including visitors to our website (atomdigit.com), prospective clients who submit enquiries, existing clients whose data we process in the course of delivering services, candidates who apply for roles, employees and contractors, and any other person whose personal data we hold.

As a digital transformation and AI services company that operates in the United States and serves clients globally, AtomDigit is subject to multiple privacy frameworks, including the General Data Protection Regulation (GDPR) where applicable to persons in the European Economic Area (EEA), the UK GDPR, and applicable US state privacy laws including the California Consumer Privacy Act (CCPA).

If you have any questions about this policy or wish to exercise any of your data rights, please contact our Privacy Lead at privacy@atomdigit.com.

1. Who We Are

Atom Digit LLC is a technology and AI services company operating in the United States. We provide B2B technology and AI services including digital transformation consulting, custom AI agent development, software and SaaS product development, digital experience design, digital marketing, AI Center of Excellence setup and management, and talent solutions.

Our dual role under data protection law: depending on the context, AtomDigit acts in different capacities.

  • As a Data Controller when we determine the purposes and means of processing personal data, such as data collected from website visitors, leads, marketing contacts, job applicants, and our own employees.
  • As a Data Processor when we process personal data on behalf of our clients under their instruction, such as when we access client systems, manage cloud infrastructure, build AI models trained on client datasets, or run digital marketing campaigns using client ad accounts and analytics platforms.

Where we act as a data processor, our processing is governed by a Data Processing Agreement (DPA) with the relevant client, and this Privacy Policy does not govern that processing. The client's own privacy policy applies to their end users.

2. What Personal Data We Collect

Personal data means any information from which a living individual can be identified, directly or indirectly. We collect the following categories of personal data, depending on your relationship with us.

2.1 Website Visitors. When you visit atomdigit.com, we automatically collect:

  • Technical identifiers: IP address, approximate geolocation derived from IP, browser type and version, operating system, device type, and screen resolution.
  • Behavioural data: pages visited, links clicked, time spent on each page, scroll depth, entry and exit pages, and referrer URLs.
  • Session data: session identifiers, date and time of your visit, and duration.
  • Cookie data: cookie identifiers and consent records. See Section 3 (Cookie Policy) below.
  • UTM and campaign parameters: if you arrive via a paid advertisement or marketing campaign, we record the campaign source, medium, and keyword.

2.2 Prospective Clients and Enquiries. When you contact us through our website contact form, by email, or by phone, we collect:

  • Identity information: your first name and last name.
  • Contact details: your business email address, phone number, and company name.
  • Role information: your job title or seniority level.
  • Enquiry content: the content of your message, including your project description, requirements, budget range, and any other information you choose to share.
  • Communication records: records of correspondence with you, including emails, call notes, and meeting summaries.

2.3 Clients and Client Contacts. When your organisation engages AtomDigit for services, we collect and hold:

  • Identity and contact information: names, job titles, business email addresses, and phone numbers of your designated contacts, project managers, and authorised users.
  • Contract and commercial information: signed agreements, statements of work, proposals, invoices, and payment records.
  • Access credentials provisioned by you: where required for service delivery, you may grant us access to your systems, including cloud platform credentials, code repositories, analytics accounts, ad accounts, content management systems, or databases. We treat all such credentials as strictly confidential, limit access to authorised team members only, and revoke all access at project conclusion.
  • Client business information: strategic plans, technical architecture documents, product roadmaps, and other confidential business information shared during an engagement.
  • Meeting and communication records: notes and summaries from discovery calls, project meetings, and status reviews. Where meetings are recorded, we will notify you in advance and obtain consent before recording.

2.4 Client AI and Software Projects. Where AtomDigit develops AI solutions, builds software, or manages data pipelines on your behalf, we may access or process:

  • Client datasets: proprietary datasets used to train, fine-tune, or evaluate AI models. These datasets may contain personal data belonging to your customers or employees.
  • Source code and intellectual property: client application code, algorithms, and technical documentation held in version control systems.
  • End-user behavioural data: analytics data from your website or application processed during digital experience design or marketing engagements.

In all such cases, AtomDigit acts as a data processor on your instructions, and the data remains yours. We do not use client data for any purpose other than delivery of the contracted services.

2.5 Digital Marketing Clients. Where AtomDigit manages SEO, paid media, or performance marketing campaigns on your behalf, we may access and process your Google Ads, Meta Ads Manager, and LinkedIn Campaign Manager account data; your Google Analytics or equivalent analytics data; conversion tracking data; and marketing audience and retargeting lists. This data is processed solely to deliver and optimise your marketing campaigns and is never used for AtomDigit's own marketing purposes.

2.6 Job Applicants and Candidates. When you apply for a position at AtomDigit or are referred to us as a candidate for a client's talent requirement, we collect:

  • Identity information: full name, date of birth (where required), photograph (where provided).
  • Contact details: personal email address, phone number, and residential address.
  • Professional history: CV or resume, employment history, educational qualifications, certifications, and professional references.
  • Right-to-work information: proof of identity, nationality, and work authorisation documents (e.g. passport, visa).
  • Background verification data: employment verification, education verification, and criminal background check results, where required by the role and conducted with your explicit consent.
  • Interview records: notes taken during interviews, assessment scores, and panel feedback.
  • Compensation information: current and expected compensation, where shared.

We collect only what is necessary for the specific role and jurisdiction. Sensitive personal data is collected only where strictly required and with your explicit consent.

2.7 Employees and Contractors. For individuals engaged by AtomDigit as employees or contractors, we collect and maintain all information listed under Section 2.6, plus:

  • Payroll and financial data: bank account details, tax identification numbers, salary details, and expense records.
  • HR and performance records: attendance records, leave applications, appraisal records, and disciplinary records where applicable.
  • IT access records: records of system access, login events, and devices issued.
  • Training completion records: records of mandatory security awareness and compliance training completion.

3. How We Collect Personal Data

We collect personal data through direct interactions (you provide data when you fill in our contact form, email us, call us, attend a meeting, enter into a service contract, apply for a job, or correspond with us); automated collection on our website (cookies, web server logs, and analytics tools, see the Cookie Policy below); from your organisation (your employer or client organisation may share your contact details as a designated project contact); from third-party sources (professional contact information from third-party data providers, LinkedIn, or publicly available professional directories for B2B outreach, where we have a legitimate interest); and in the course of service delivery (where you grant us access to your systems, we may encounter personal data within those systems, which we process only as instructed).

4. How We Use Your Personal Data

We process personal data only where we have a valid lawful basis: (a) your consent, (b) performance of a contract with you or your organisation, (c) our legitimate interests (where not overridden by your rights), and (d) compliance with a legal obligation.

PurposeData categories usedLawful basis
Responding to website enquiries and contact form submissionsIdentity, contact, enquiry contentLegitimate interests (pre-contractual engagement)
Providing proposals, statements of work, and entering into service contractsIdentity, contact, contract informationPerformance of contract
Delivering contracted services, including AI development, software development, digital marketing, and talent solutionsIdentity, contact, client business data, client datasets, access credentials, candidate dataPerformance of contract
Managing and tracking projects, communications, and client relationshipsIdentity, contact, communication recordsLegitimate interests (business administration)
Sending marketing communications, industry insights, and event invitationsIdentity, contact, marketing preferencesConsent (where required); legitimate interests (B2B marketing)
Administering our website (analytics, performance monitoring, troubleshooting)Technical, behavioural, cookie dataLegitimate interests; consent (non-essential cookies)
Recruiting employees and contractors for AtomDigitApplicant and candidate dataLegitimate interests (hiring); legal obligation (right-to-work)
Recruiting talent for client engagementsApplicant and candidate dataPerformance of contract; legitimate interests; consent (background checks)
Managing employee and contractor relationships, payroll, and HR administrationEmployee personal and financial dataPerformance of contract (employment); legal obligation
Security monitoring of our systems and networksIT access logs, technical dataLegitimate interests (information security); legal obligation
Complying with legal, regulatory, and tax obligationsAny relevant dataLegal obligation
Fraud prevention and protection of our rightsAny relevant dataLegitimate interests; legal obligation
Responding to data subject rights requestsIdentity and any relevant dataLegal obligation

Marketing and opting out. Where we send marketing communications, you have the right to opt out at any time. Every marketing email includes an unsubscribe link. You can also opt out by emailing privacy@atomdigit.com. Opting out of marketing will not affect our ability to contact you about services you have contracted with us, or to fulfil legal obligations.

AI model training, important notice. AtomDigit does not use client data, client datasets, or data relating to clients' end users to train, fine-tune, or improve AtomDigit's own AI systems or models. Any AI development work performed on client data is carried out exclusively for that client's benefit and is governed by the relevant service agreement and DPA. Our full responsible AI commitments are set out at /responsible-ai.

5. Disclosure of Your Personal Data

We do not sell your personal data to third parties. We do not share your personal data with third parties for their own marketing purposes. We share personal data only as described below.

5.1 Sub-processors and service providers. We engage carefully selected third-party service providers who process personal data on our behalf as sub-processors, subject to appropriate security measures and Data Processing Agreements. Our current sub-processors are listed in the Sub-Processors section below.

5.2 Client disclosures. Where we are engaged to recruit talent or provide talent solutions, candidate personal data is shared with the relevant client organisation as part of the placement process. Candidates are made aware of this at the point of data collection.

5.3 Professional advisors. We may share personal data with our legal counsel, auditors, accountants, and insurance providers on a strictly need-to-know basis and subject to confidentiality obligations.

5.4 Corporate transactions. If AtomDigit undergoes a merger, acquisition, restructuring, or sale of all or part of its business, personal data held by us may be transferred to the relevant successor entity. We will notify affected individuals as required by applicable law.

5.5 Legal and regulatory disclosures. We may disclose personal data to courts, regulators, law enforcement agencies, or government bodies where required by applicable law, or where we reasonably believe disclosure is necessary to protect the rights, property, or safety of AtomDigit, our clients, or the public.

6. International Transfers of Personal Data

AtomDigit operates in the United States and engages sub-processors in multiple jurisdictions, including the United States and the European Union. Personal data may therefore be transferred internationally in the course of our operations. Where personal data is transferred from the EEA, the UK, or other jurisdictions with transfer restrictions, we ensure that appropriate safeguards are in place. These may include the use of Standard Contractual Clauses (SCCs) approved by the European Commission or the UK Information Commissioner's Office, adequacy decisions, or other lawful transfer mechanisms. If you would like information about the specific safeguards in place, please contact us at privacy@atomdigit.com.

7. Data Security

Protecting personal data is a core part of AtomDigit's information security programme. We maintain technical and organisational security measures proportionate to the nature and sensitivity of the personal data we hold, including access control (need-to-know, least-privilege, role-based access controls, and multi-factor authentication enforced for all employee accounts); encryption (personal and client data encrypted in transit using TLS 1.2 or higher, sensitive data encrypted at rest); credential management (client-provided credentials stored securely, shared only with authorised team members, and revoked promptly on project completion); audit logging (retained for a minimum of twelve months and reviewed periodically); employee training (mandatory security awareness training on joining and annually); vendor security (sub-processors assessed before engagement and required to maintain appropriate security standards); and incident response (a documented Incident Response Plan; where a breach is likely to result in risk to individuals, we will notify the relevant supervisory authority within 72 hours of becoming aware, and affected individuals without undue delay). Our full security program is described at /responsible-ai. No security system is impenetrable. If you believe your personal data has been compromised, contact us at security@atomdigit.com.

8. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable law, regulation, or contractual obligation.

Data categoryRetention periodReason
Website visitor and cookie dataUp to 26 months from date of collectionAnalytics review cycles; statutory limitation periods
Lead and prospect contact data3 years from last contact, or until opt-outSales cycle and relationship management
Client contract and commercial records7 years from contract end dateLegal, tax, and accounting obligations
Client project data and deliverablesPer the service agreement; typically deleted or returned within 30 days of project closureContractual obligation; client IP protection
Client system access credentialsRevoked and deleted immediately upon project completionSecurity best practice
Candidate data (unsuccessful applications)6 months from end of recruitment processLimitation periods for employment claims
Employee and contractor HR recordsDuration of engagement plus 7 yearsEmployment law, tax, and statutory obligations
Security audit logs12 months minimumSecurity monitoring and incident investigation
Marketing communication recordsUntil opt-out, then deleted within 30 daysConsent and legitimate interest basis
Meeting recordings and transcripts (with consent)90 days, unless longer retention agreed in writingInternal reference; deleted thereafter

Where personal data is retained beyond these periods for legal or regulatory reasons, we will inform you of the extended retention and the reason for it.

9. Your Rights

Depending on your location and the applicable privacy law, you may have some or all of the following rights: the right to be informed, the right to access (a Data Subject Access Request, provided free of charge within 30 days of a valid request), the right to rectification, the right to erasure, the right to restriction of processing, the right to data portability, the right to object (including to direct marketing), the right to withdraw consent, and the right to non-discrimination for exercising your privacy rights.

Rights under US state privacy laws. If you are a resident of a US state with a comprehensive consumer privacy law, you may have rights to know what personal information we collect and how it is used, to access and delete your personal information, to correct inaccuracies, to opt out of the sale or sharing of personal information and of targeted advertising, and the right not to be discriminated against for exercising your rights. AtomDigit does not sell personal information. These laws currently include, among others, the California Consumer Privacy Act as amended (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), and the Utah Consumer Privacy Act (UCPA).

To exercise any of these rights, submit a request to privacy@atomdigit.com with the subject line "Data Rights Request" and sufficient information for us to verify your identity. We will respond within 30 days, or such shorter period as required by applicable law. There is no fee for standard requests. If a request is manifestly unfounded, repetitive, or excessive, we may charge a reasonable administrative fee or decline the request, with written reasons provided.

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority: in the EEA, your local Data Protection Authority; in the UK, the Information Commissioner's Office (ico.org.uk); in the USA, the Federal Trade Commission or your state Attorney General.

10. Cookies

Our website uses cookies and similar tracking technologies. We categorise cookies as strictly necessary (essential for the website to function, cannot be disabled), functional (remember preferences such as region or language), and targeting and marketing (placed by advertising networks including Google Ads, LinkedIn Insight Tag, and Meta Pixel, to build a profile of your interests). When you first visit our website, we present a cookie consent banner asking permission to set non-essential cookies. You may accept all, reject all non-essential cookies, or customise your preferences by category, and you can change your preferences at any time via the cookie settings link in our footer. See the Cookie Policy section below for full detail. If you block all cookies, some parts of the website may not function correctly.

11. Children's Privacy

AtomDigit's website and services are directed exclusively at business professionals and organisations. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have inadvertently collected personal data from a minor, we will delete it promptly. If you believe we may have collected data from a minor, contact us at privacy@atomdigit.com.

12. Third-Party Websites

Our website may contain links to third-party websites, tools, or integrations, which have their own privacy policies. We are not responsible for the content, privacy practices, or data processing activities of any third-party website. We encourage you to review the privacy policy of any third-party site you visit.

13. Changes to This Privacy Policy

We review this Privacy Policy periodically and will update it when our practices change or as required by law. The "Last Updated" date reflects the most recent revision. If we make material changes, we will provide prominent notice on our website and, where we have your contact details, notify you directly.

14. Contact Us

For privacy enquiries and data subject rights requests: privacy@atomdigit.com. For security concerns and vulnerability disclosures: security@atomdigit.com. Postal address: Atom Digit LLC, 18310 Montgomery Village Avenue, Suite 300 #1148, Gaithersburg, MD 20879, United States. We aim to respond to all privacy enquiries within 5 business days, and to resolve data subject rights requests within 30 days of receiving a valid, verified request.

Acceptable Use Policy

4. Acceptable Use Policy

Effective date: June 16, 2026. Last updated: June 16, 2026.

This Acceptable Use Policy ("AUP") governs the use of websites, software, AI systems, APIs, applications, platforms, products, services, and solutions provided by AtomDigit. It applies to all users, customers, contractors, partners, and any person accessing or using AtomDigit services. By using AtomDigit services, you agree to comply with this AUP, our Terms of Service, Privacy Policy, and any applicable customer agreements.

Purpose

AtomDigit provides AI engineering, software development, digital transformation, and related technology services. To protect customers, users, employees, and the broader community, certain activities are prohibited when using our services.

Permitted Uses

You may use AtomDigit services only for lawful and authorized business purposes, including software development and deployment, business process automation, AI-powered productivity workflows, research and analysis, customer support solutions, enterprise operations, internal business applications, educational and professional use, digital transformation initiatives, and data analysis and reporting. Use must comply with applicable laws, regulations, contractual obligations, and industry standards.

Prohibited Activities

Users may not use AtomDigit services to engage in, facilitate, support, or promote any activity that is unlawful, harmful, deceptive, abusive, fraudulent, or unethical, including:

Illegal activities. Violating any law; facilitating criminal activity; fraud or financial crime; identity theft; circumventing sanctions or export controls; promoting illegal goods or services; money laundering.

Child safety violations. AtomDigit maintains a zero-tolerance policy regarding child exploitation. You may not create, distribute, store, access, promote, or facilitate child sexual abuse material, sexual exploitation of minors, grooming, child trafficking content, or any content involving abuse or exploitation of children. Any such activity may result in immediate suspension, termination, reporting to law enforcement, and preservation of evidence where legally required.

Harmful or dangerous content. Promoting violence, encouraging self-harm, facilitating terrorism, organizing criminal activity, threatening individuals or groups, harassment or intimidation, or distributing malicious instructions intended to cause harm.

Weapons and military misuse. Developing weapons systems, facilitating unlawful weapons acquisition, generating instructions for weapon construction, supporting military targeting activities that violate applicable law, or creating content intended to cause physical harm. Nothing in this section restricts lawful defense, compliance, educational, or research activities approved by applicable law.

Intellectual property violations. Infringing copyrights, violating trademarks, misappropriating trade secrets, circumventing IP protections, uploading content without authorization, or reproducing protected works unlawfully. Users are responsible for ensuring they possess all necessary rights to content they provide or process.

Privacy and data protection violations. Collecting personal data unlawfully, processing personal data without authorization, circumventing privacy protections, harvesting personal information at scale, tracking individuals without legal basis, or building unauthorized personal data repositories.

Market manipulation and financial misconduct. Manipulating securities markets, insider trading, creating misleading financial information, pump-and-dump schemes, financial fraud, or deceptive investment recommendations.

Malware and cybersecurity abuse. Creating malware, distributing malicious code, deploying ransomware, phishing, credential theft, facilitating unauthorized access, denial-of-service attacks, or exploiting systems without authorization.

AI-Specific Restrictions

Because AtomDigit develops and deploys AI-powered solutions, additional restrictions apply.

Prompt injection and system manipulation. Users may not circumvent system safeguards, manipulate AI security controls, override system instructions, extract hidden prompts, discover confidential model configurations, or bypass access restrictions.

Safety filter bypass. Users may not disable AI safety controls, circumvent moderation, generate prohibited content through indirect prompting, or exploit vulnerabilities in AI systems.

Model abuse. Users may not reverse engineer AI systems, replicate proprietary models without authorization, extract model weights, perform unauthorized benchmarking intended to compromise service integrity, or abuse rate limits.

Mass personal data extraction. Users may not collect personal information at scale, build unauthorized databases of individuals, scrape personal data, aggregate sensitive personal information, or profile individuals without lawful basis.

Automated decision-making risks. Users should not rely exclusively on AI-generated outputs for legal, medical, employment, credit, regulatory, or safety-critical decisions. Human review should be maintained for high-impact decisions.

Service Integrity

Users may not interfere with platform operation, circumvent usage limits, abuse APIs, overload systems, disrupt services, or access services using unauthorized methods.

Customer Responsibilities

Customers are responsible for user activity conducted under their accounts, security of account credentials, compliance with applicable laws, content submitted to AtomDigit systems, and appropriate review of AI-generated outputs.

Monitoring and Enforcement

To protect our customers and services, AtomDigit may investigate suspected violations, monitor service usage where legally permitted, restrict access, remove prohibited content, suspend accounts, terminate services, and report unlawful activity to authorities. We reserve the right to take action without prior notice where necessary to protect customers, systems, employees, or the public.

Suspension and Termination

AtomDigit may immediately suspend or terminate access where we reasonably believe this policy has been violated, customer activity creates security risks or legal exposure, threatens service availability, or endangers others. Suspension decisions may be temporary or permanent depending on severity.

Reporting Violations and Changes

If you believe this AUP has been violated, contact security@atomdigit.com with a description of the activity, relevant URLs or systems, supporting evidence, and contact information (optional). AtomDigit may update this AUP from time to time; material updates will be posted with a revised "Last Updated" date. Continued use after updates become effective constitutes acceptance.

Data Processing Agreement

5. Data Processing Agreement

Atom Digit LLC. Effective date: June 16, 2026. Version 1.0. Next scheduled review: June 2027.

This Data Processing Agreement ("DPA") forms part of the Master Service Agreement or Statement of Work ("Agreement") between Atom Digit LLC ("AtomDigit", "Processor") and the client entity ("Client", "Controller") and governs the processing of personal data by AtomDigit on behalf of the Client. By entering into a service agreement with AtomDigit, the Client agrees to the terms of this DPA.

1. Definitions

  • "Personal Data" means any information relating to an identified or identifiable natural person, as defined under applicable data protection law.
  • "Processing" means any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
  • "Controller" means the Client, who determines the purposes and means of processing personal data.
  • "Processor" means AtomDigit, who processes personal data on behalf of the Controller.
  • "Sub-processor" means any third party engaged by AtomDigit to process personal data in connection with the services.
  • "Applicable Law" means the GDPR, the UK GDPR, applicable US state privacy laws, and any other data protection law applicable to the processing.
  • "Security Incident" means any confirmed breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data.

2. Scope and Purpose

2.1 Scope. This DPA applies to all personal data processed by AtomDigit in connection with the services described in the Agreement, including software and AI development services, digital marketing campaign management, talent solutions and recruitment, and digital transformation consulting.

2.2 Nature of processing. AtomDigit processes personal data solely to deliver the services described in the Agreement. The nature, subject matter, duration, and categories of personal data processed are set out in Annex I.

2.3 Instructions. AtomDigit shall process personal data only on documented instructions from the Client. The Agreement and this DPA constitute the Client's complete instructions. AtomDigit shall immediately inform the Client if it believes any instruction violates applicable law.

3. AtomDigit's Obligations

3.1 Confidentiality. AtomDigit shall ensure that all personnel authorised to process personal data are bound by confidentiality obligations and have received appropriate data protection training.

3.2 Security. AtomDigit shall implement and maintain appropriate technical and organisational measures to protect personal data, as detailed in Annex II.

3.3 Sub-processors. AtomDigit shall not engage a new sub-processor without providing the Client with at least 30 days' prior written notice. The current list of sub-processors is maintained in the Sub-Processors section below. If the Client objects to a new sub-processor within 14 days of notice, AtomDigit will work in good faith to resolve the objection. If unresolved, either party may terminate the relevant services with written notice. AtomDigit remains fully liable to the Client for the performance of any sub-processor's obligations under this DPA.

3.4 Data subject rights. AtomDigit shall, to the extent technically feasible, assist the Client in responding to data subject rights requests within the timelines required by applicable law, and shall forward any data subject requests received directly to the Client within 3 business days.

3.5 Security incident notification. AtomDigit shall notify the Client of a confirmed Security Incident without undue delay and in any event within 72 hours of becoming aware of it. Notification shall include the nature of the incident, the categories and approximate number of data subjects and records affected, the likely consequences, and the measures taken or proposed. AtomDigit shall cooperate fully in investigating, remediating, and reporting the incident to relevant supervisory authorities and affected data subjects.

3.6 Data protection impact assessments. AtomDigit shall provide reasonable assistance to the Client in conducting data protection impact assessments and prior consultations with supervisory authorities where required.

3.7 Audit rights. AtomDigit shall make available all information necessary to demonstrate compliance and shall permit the Client (or a mandated third-party auditor) to conduct audits, subject to: at least 14 days' written notice; audits during normal business hours; no unreasonable disruption; auditor confidentiality; and no more than one audit per 12-month period unless required by a supervisory authority. AtomDigit may provide a current SOC 2 Type II report or equivalent third-party audit in lieu of a direct audit, at the Client's discretion.

4. Data Retention and Deletion

4.1 Retention during the Agreement. AtomDigit retains personal data only for as long as necessary to deliver the services.

4.2 Deletion on termination. Upon expiry or termination, or upon the Client's written request, AtomDigit shall, at the Client's election, delete all personal data or return it in a commonly used, machine-readable format, within 30 days, and provide written confirmation of deletion.

4.3 Retention for legal compliance. AtomDigit may retain personal data beyond the above period only where required by applicable law, and only for the duration required, with notice to the Client.

5. International Data Transfers

5.1 Transfers from the EEA and UK. Where AtomDigit processes personal data transferred from the EEA or the UK to a country not recognised as providing adequate protection, such transfers are made subject to the EU Standard Contractual Clauses adopted by the European Commission (Decision 2021/914), incorporated by reference as Annex III, and the UK International Data Transfer Addendum issued by the UK Information Commissioner's Office, where applicable.

5.2 Other transfers. For any other international transfer, AtomDigit shall ensure an appropriate transfer mechanism is in place before transferring personal data outside its country of origin.

6. Client's Obligations

The Client represents and warrants that it has a valid legal basis for collecting and sharing the personal data with AtomDigit; has provided all required notices to data subjects and obtained all necessary consents; that its instructions comply with applicable data protection law; and that it will promptly notify AtomDigit of any changes that affect AtomDigit's processing obligations.

7. Liability

Each party's liability under this DPA is subject to the limitations and exclusions set out in the Agreement. Where both parties are responsible for damage caused by a breach of applicable data protection law, each party shall be liable for the portion of damage attributable to it.

8. Term and Termination

This DPA remains in effect for the duration of the Agreement and terminates automatically upon expiry or termination of the Agreement, subject to the data deletion obligations in Section 4.

9. Governing Law

This DPA is governed by the laws of the State of Maryland, United States. For clients in the EEA or UK, the applicable SCCs and UK Addendum are governed by the law specified in those instruments.

10. Order of Precedence

In the event of conflict between this DPA and the Agreement, this DPA prevails with respect to data protection matters. In the event of conflict between this DPA and the SCCs or UK Addendum, the SCCs or UK Addendum prevail.

11. Contact

For all data protection and DPA enquiries: legal@atomdigit.com (contract and DPA matters), privacy@atomdigit.com (data subject rights and privacy matters), security@atomdigit.com (security incidents). Atom Digit LLC, 18310 Montgomery Village Avenue, Suite 300 #1148, Gaithersburg, MD 20879, United States.

Annex I, Description of Processing

FieldDetail
Subject matterProcessing of personal data in connection with the delivery of technology, AI, and consulting services
DurationFor the term of the Agreement
Nature of processingCollection, storage, use, analysis, transmission, and deletion
Purpose of processingDelivery of contracted services including software development, AI model development, digital marketing, and talent solutions
Categories of data subjectsClient employees and contacts; end users of client applications; candidates for talent solutions roles; clients' customers (where applicable)
Categories of personal dataIdentity data (name, job title); contact data (email, phone); professional data (employment history, qualifications); behavioural data (analytics, usage data); financial data (where applicable to payroll services)
Special category dataBackground check data for talent solutions (processed with explicit consent only)
Frequency of transferContinuous during service delivery
Retention periodPer Section 4 of this DPA and the Agreement

Annex II, Technical and Organisational Security Measures

Access control. Role-based access controls with least-privilege principle. Multi-factor authentication enforced on all systems holding personal data. Access reviewed quarterly. Access revoked within 24 hours of personnel departure.

Encryption. All personal data encrypted in transit using TLS 1.2 or higher. Personal data encrypted at rest using AES-256. Encryption keys managed via cloud-native KMS (AWS KMS, Azure Key Vault, or GCP Cloud KMS).

Network security. Production environments isolated from development and staging. No unrestricted inbound internet access to production systems. Firewall and network segmentation applied. Cloud security posture managed against CIS benchmarks.

Endpoint security. All employee devices enrolled in Mobile Device Management. Full-disk encryption enforced. Endpoint Detection and Response deployed. Automatic security patching within 14 days.

Audit logging. Access to systems processing personal data is logged. Logs retained for a minimum of 12 months. Centralised log management with anomaly alerting.

Vulnerability management. Annual penetration testing by an independent firm. Quarterly vulnerability scanning of public-facing systems. Critical vulnerabilities remediated within 7 days, high within 30 days.

Incident response. Documented Incident Response Plan with defined severity levels and escalation procedures. 72-hour breach notification commitment. Post-incident review conducted within 5 business days of resolution.

Personnel. All personnel with access to personal data are bound by confidentiality obligations. Annual security awareness training. Background checks for personnel with access to sensitive personal data.

Sub-processor management. All sub-processors assessed for security posture before engagement. DPA executed with each. SOC 2 report or equivalent obtained and reviewed annually.

Business continuity. Automated backups with off-region replication. Recovery procedures tested quarterly. Recovery Time Objective and Recovery Point Objective defined per service.

Annex III, EU Standard Contractual Clauses

The EU Standard Contractual Clauses (Module Two: Controller to Processor) adopted by the European Commission under Decision 2021/914 of 4 June 2021 are incorporated into this DPA by reference and apply to transfers of personal data from the EEA to Atom Digit LLC in the United States.

  • Clause 7, docking clause: included. Additional controllers or processors may accede with the agreement of both parties.
  • Clause 9, use of sub-processors: Option 2 (general written authorisation) applies. AtomDigit provides 30 days' advance notice of any sub-processor changes. The current sub-processor list is published in the Sub-Processors section below.
  • Clause 11, redress: the optional independent dispute resolution body language is not included unless agreed separately in writing.
  • Clause 13, supervision: the supervisory authority is the data protection authority of the EEA member state in which the Client is established.
  • Clause 17, governing law: these SCCs are governed by the law of the Republic of Ireland, unless the Client specifies the law of another EEA member state that allows for third-party beneficiary rights.
  • Clause 18, choice of forum: disputes arising from these SCCs shall be resolved by the courts of the Republic of Ireland, unless the Client specifies courts of another EEA member state.

UK International Data Transfer Addendum. Where personal data is transferred from the United Kingdom to Atom Digit LLC in the United States, the UK International Data Transfer Addendum to the EU SCCs (issued by the UK Information Commissioner's Office and in force from 21 March 2022) applies, amending the EU SCCs as described in the Addendum.

How to Execute This DPA

This DPA may be executed as part of your service agreement (by signing AtomDigit's MSA or SOW, which incorporates this DPA by reference); as a standalone document (by contacting legal@atomdigit.com for a countersigned copy); or using your own DPA (share it with legal@atomdigit.com for review). For enterprise clients requiring a customised DPA, jurisdiction-specific addenda, or negotiated terms, contact legal@atomdigit.com.

Sub-Processors

6. Sub-Processors

Effective date: June 15, 2026. Last updated: June 15, 2026.

AtomDigit engages a limited number of carefully selected third-party service providers ("Sub-Processors") to support the delivery, operation, security, and administration of our services. We evaluate each Sub-Processor for security, privacy, reliability, and compliance standards before engagement, and where personal data is processed on our behalf, we execute appropriate contractual safeguards, including Data Processing Agreements, confidentiality obligations, and security commitments.

What Is a Sub-Processor?

A Sub-Processor is a third-party organization that processes personal data or customer information on behalf of AtomDigit in connection with the services we provide. Sub-Processors may support cloud infrastructure and hosting, software development and collaboration, customer relationship management, document execution and storage, video conferencing and communication, project and issue management, and security monitoring and operational support. AtomDigit remains responsible for the management and oversight of all approved Sub-Processors.

Current Sub-Processors

VendorCountry / Region of ProcessingService PurposePrivacy / DPA
Amazon Web Services (AWS)United States, EU, Global RegionsCloud infrastructure, hosting, storage, networking, backupsaws.amazon.com/privacy
Google Cloud PlatformUnited States, EU, Global RegionsCloud services, analytics, infrastructure, productivity toolscloud.google.com/privacy
Microsoft 365United States, EU RegionsBusiness email, productivity tools, document collaborationprivacy.microsoft.com
Microsoft AzureUnited States, EU RegionsCloud hosting, infrastructure services, application deploymentprivacy.microsoft.com
GitHub (Microsoft)United StatesSource code repositories, CI/CD workflows, software collaborationdocs.github.com/en/site-policy/privacy-policies
Slack Technologies (Salesforce)United StatesInternal communication and collaborationslack.com/privacy-policy
Atlassian (Jira and Confluence)United States, Australia, EU RegionsProject management, ticketing, documentation, issue trackingatlassian.com/legal/privacy-policy
HubSpotUnited StatesCRM, marketing automation, lead management, customer communicationslegal.hubspot.com/privacy-policy
DocuSignUnited StatesElectronic signatures, contract execution, agreement managementdocusign.com/privacy
Zoom Video CommunicationsUnited StatesVideo conferencing, client meetings, webinars, collaborationexplore.zoom.us/privacy
AnthropicUnited StatesAI model processing and AI-assisted workflowsanthropic.com/legal/privacy
FathomUnited StatesMeeting recording, transcription, and meeting intelligencefathom.video/privacy
Apollo.ioUnited StatesB2B contact management, sales intelligence, lead enrichmentapollo.io/privacy-policy
GojiBerryUnited StatesLinkedIn outreach automation and intent signal detectiongojiberry.ai/privacy-policy
LinkedInUnited States, IrelandAdvertising, campaign analytics, professional outreachlinkedin.com/legal/privacy-policy
Google AnalyticsUnited States, EU RegionsWebsite analytics and performance measurementpolicies.google.com/privacy

Data Protection Safeguards

Before engaging a Sub-Processor, AtomDigit evaluates information security controls, privacy practices, regulatory compliance posture, incident response capabilities, access control mechanisms, encryption standards, data handling practices, and contractual commitments. Where applicable, AtomDigit enters into Data Processing Agreements or equivalent contractual safeguards.

International Data Transfers

Because AtomDigit serves clients globally and utilizes internationally distributed service providers, personal data may be processed outside the country where it was originally collected. Where required by applicable law, AtomDigit implements appropriate safeguards, including Standard Contractual Clauses, Data Processing Agreements, vendor security assessments, contractual confidentiality obligations, and other lawful transfer mechanisms.

Monitoring, Changes, and Historical Versions

Approved Sub-Processors are periodically reviewed. Where a vendor no longer meets our requirements, we may suspend, restrict, or terminate its use. AtomDigit may add, replace, or remove Sub-Processors as our business evolves; for material changes that could affect customer data processing, we provide at least 30 days' advance notice through updates to this page, customer notification emails, contractual communication channels, or Trust Center announcements. Previous versions of this Sub-Processor List may be made available upon reasonable request.

Questions

For questions regarding vendor security, privacy practices, international transfers, or data processing activities: privacy@atomdigit.com (Privacy Team), security@atomdigit.com (Security Team), legal@atomdigit.com (Legal and Compliance).