Security Policy

Effective Date: February 21, 2026  ·  BlackAtlas LLC

Our Commitment to Security

Security is foundational to everything we build. BlackAtlas products are designed for operators who depend on their tools in critical situations. We take the security of our products, services, and customer data seriously.

Responsible Disclosure

We welcome reports from security researchers who discover vulnerabilities in our products or website. If you believe you have found a security vulnerability, please report it responsibly:

• Email: info@blackatlas.tech
• Include a detailed description of the vulnerability and steps to reproduce
• Allow reasonable time for us to investigate and address the issue before public disclosure
• Do not access, modify, or delete data belonging to other users

We will acknowledge receipt of your report within 48 hours and provide an estimated timeline for resolution. We will not pursue legal action against researchers who report vulnerabilities in good faith and in accordance with this policy.

Product Security

AtlasRF: All AtlasRF units run on a hardened Linux base with minimal attack surface. Web dashboard access is restricted to the local network by default. CoT data streams support encryption in transit. No data is transmitted to BlackAtlas or any third party.

GridDown: GridDown operates entirely offline by design. No user data leaves the device. Map tiles and navigation data are stored locally. Meshtastic communications are encrypted using AES-256. The open-source codebase is publicly auditable.

GridDown: GridDown implements offline-first architecture with no cloud dependencies. All navigation data is processed locally on the device.

Infrastructure Security

• Website served via Cloudflare with DDoS protection, WAF, and TLS 1.3
• No customer data stored on the web server (static site architecture)
• Payment processing handled entirely by Stripe (PCI DSS Level 1 certified)
• Email communications secured via TLS
• Source code repositories use branch protection and required reviews

Data Handling

Our products are designed with a zero-cloud-dependency philosophy. AtlasRF and GridDown process all data locally on the device. We do not operate telemetry, analytics, or data collection services within our hardware products. Your operational data stays on your hardware.

Supply Chain Security

All BlackAtlas hardware is assembled in the United States using domestically sourced components where available. We maintain traceability of our supply chain and prioritize vendors who are not covered entities under 47 U.S.C. § 889.

Incident Response

In the event of a security incident affecting customer data or product integrity, we will:

• Investigate and contain the incident promptly
• Notify affected customers within 72 hours of confirmed impact
• Provide clear information about what happened and recommended actions
• Implement corrective measures to prevent recurrence

Contact

Security inquiries and vulnerability reports:
info@blackatlas.tech