1. Authorized administrator
The organization designates an authorized administrator responsible for user access, lawful instructions, plan management and communication with Atlantic.
2. Workspace isolation
Each organization must keep credentials and data within its authorized workspace and may not attempt cross-tenant access. Atlantic applies technical isolation and role-based controls, while the organization remains responsible for internal authorization decisions.
3. User lifecycle
The organization must promptly remove or suspend users who leave, change role or no longer require access, and must review privileged access periodically.
4. Instructions and data roles
Where Atlantic acts as processor on documented instructions, the parties will apply an appropriate data-processing agreement. Atlantic remains an independent controller for security, billing, legal compliance, platform integrity and its own defense.
5. Confidentiality
Each party protects non-public business, technical, personal and case information using reasonable measures and discloses it only as authorized or legally required.
6. Charges and procurement
Plan fees, usage charges, professional services, taxes, purchase-order rules and payment terms are set in the applicable order. A portal display does not modify a signed order unless expressly agreed.
7. Security cooperation
The organization will maintain secure endpoints, notify Atlantic of incidents affecting credentials or shared data and cooperate with proportionate investigation and remediation.
8. Order of precedence
A signed enterprise order, data-processing agreement or negotiated addendum controls over these general terms for the specific conflict; mandatory law always prevails.


