Legal

Data Processing Agreement

Last updated: April 20, 2026

This Data Processing Agreement (“DPA”) describes how Atara, Inc. processes personal data on behalf of customers who use the Atara runtime (the “Service”). It supplements our Terms of Service.

Roles

Where the Service processes personal data submitted by a customer, the customer acts as the data controller and Atara acts as the data processor, processing such data only on the customer’s documented instructions.

Scope of processing

Subject matter: provision of the Atara runtime and related support.
Duration: for the term of the customer’s use of the Service.
Nature & purpose: coordination, routing, and storage of workload data across the mesh as directed by the customer.
Data subjects: the customer’s end users and personnel, as determined by the customer.

Subprocessors

We may engage subprocessors to support the Service. Each subprocessor is bound by data-protection obligations no less protective than those in this DPA. We will make a current list of subprocessors available on request.

Security

We maintain technical and organizational measures designed to protect personal data against unauthorized access, loss, or disclosure, including encryption in transit, access controls, and audit logging.

Data subject requests

We will assist the customer, taking into account the nature of processing, in responding to requests from data subjects to exercise their rights under applicable law.

Return & deletion

On termination of the Service, we will delete or return personal data processed on the customer’s behalf, except where retention is required by law.

Contact

Data-protection inquiries can be sent to support@atara.ai.

This document is provided for the Atara technical preview and is intended as a plain-language summary. It is not legal advice.