# Atomic Glue > Atomic Glue is a digital growth agency near Milwaukee, WI that helps companies, startups, and agencies build, optimize, and scale high-performing websites, applications, and digital marketing systems. We combine engineering, creative, and analytics to support the entire digital growth lifecycle. --- ## / — Home ### Services **Website Development** Custom websites and web applications designed for performance, flexibility, and long-term scalability. **SEO & GEO** Improve visibility across traditional search engines, AI-generated answers (AEO), and emerging generative search platforms. **Analytics & Tracking** Build reliable measurement systems so your team can make decisions based on real data. **Conversion Optimization** Continuous experimentation and improvements that increase leads, sales, and engagement. **Creative Services** Design and digital creative that strengthens brand and improves user experience. **Mobile App Development** iOS and Android apps built with performance, usability, and scale in mind. ### Who We Work With **Marketing Teams** We become the technical partner behind your campaigns, websites, and growth initiatives. **Startups** Launch quickly with a team that can design, build, and scale your digital infrastructure. **Agencies** Extend your capabilities with white-label development and technical support. ### Our Process 1. **Discovery** — We learn your business, customers, and growth goals. 2. **Strategy** — We define the roadmap, priorities, and success metrics. 3. **Build** — Our team designs, develops, and launches the solution. 4. **Optimize** — We continuously improve performance, conversion, and growth. ### Engagement Models **Project Builds** Website redesigns, new platforms, and application development. **Growth Retainers** Ongoing optimization, analytics, and digital performance improvements. **Agency Partnerships** White-label development and technical support for agencies. --- ## /trust — Trust & Security We build on the web's most trusted infrastructure and hold ourselves to a high standard of security practice — because our clients' data and reputations depend on it. ### Security Posture **Data Encryption** All data is encrypted at rest (AES-256) and in transit (TLS 1.2+). We never store plaintext credentials. **Access Control** Access follows least-privilege. All internal tooling requires MFA. Access is revoked within one business day of offboarding. **Monitoring & Alerting** Errors tracked via Sentry with automated alerting. Cloudflare provides DDoS mitigation and WAF protection at the edge. **Incident Response** We maintain a documented incident response plan with defined severity tiers, notification timelines, and post-incident reviews. ### Compliance — SOC 2 Type II Status: In Progress (Preparation phase). Managed through OneLeet. SOC 2 (System and Organization Controls 2) is a framework developed by the AICPA that evaluates a service organization's controls across five Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy. A Type II report covers how those controls operated over an extended period — typically 6–12 months — giving enterprise clients independent assurance that our practices match our claims. ### Security Practices **Data Security** - All data encrypted at rest (AES-256) and in transit (TLS 1.2+) - No payment card data stored — payments handled by PCI-compliant processors - Data classified and handled according to sensitivity level - Data management and retention policy in development **Infrastructure Security** - Production hosted on Vercel — SOC 2 Type II certified infrastructure - Cloudflare provides edge DDoS protection and WAF - All deployments are git-triggered CI/CD — no direct server SSH access - Secrets managed via Vercel's encrypted environment variable system **Access Control** - Access Management Policy published and signed by all team members - All systems require MFA; access follows least-privilege - Password Policy published and enforced across all internal tooling - Access revoked within one business day of offboarding **Vulnerability Management** - Code scanning on all repositories via GitHub Advanced Security and OneLeet - Dependencies monitored for known CVEs via automated tooling - Security patches applied within 24h (critical) or 72h (high) - Vulnerability Management Policy currently being formalized - Responsible disclosure accepted at hello@atomicglue.co ### Subprocessors | Vendor | Purpose | Data Processed | |---|---|---| | Anthropic (Claude) | AI assistant for development & internal work | Code, project context, client-related work details | | Amazon Web Services | Cloud infrastructure | Application data, server logs, infrastructure metadata | | Cal.com | Meeting scheduling | Name, email, selected meeting times | | Cloudflare | CDN, WAF, DDoS protection, analytics | IP addresses, request metadata, anonymized analytics events | | GitHub | Source code, CI/CD integration & code scanning | Source code, commit history, code scan results | | Google Workspace | Email, calendar, and document collaboration | Email communications, calendar events, internal documents | | Linear | Project & issue tracking | Project names, task descriptions, client-related work details | | MongoDB | Database infrastructure | Application data (no PII stored) | | Okta | Identity & access management (SSO, MFA) | Employee identity, authentication events | | OneLeet | SOC 2 compliance management & code scanning | Compliance documentation, control evidence, code scan results | | Slack | Team communication & collaboration | Messages, files, client-related communications | | Sentry | Error tracking & monitoring | Stack traces, device metadata (no PII by policy) | | Tella | Screen recording & video walkthroughs | Screen recordings, client project content | | Toggl | Time tracking | Project names, client names, time entry descriptions | | Vercel | Production hosting & CI/CD | Application code, environment variables, server logs | | Zoom | Video conferencing & client calls | Meeting recordings, participant names, chat messages | ### Responsible Disclosure Found a security issue? Please report it responsibly. We take all disclosures seriously and will respond within 3 business days. Contact: hello@atomicglue.co --- ## /wordpress-maintenance — WordPress Maintenance Atomic Glue offers managed WordPress maintenance for small business sites at $199/mo (or $149/mo billed annually), with hosting always included. ### What's Included - **Weekly WordPress Maintenance**: Core, theme, and plugin updates every week with change logging and rollback protection. - **Continuous Monitoring & Validation**: Uptime monitoring, performance and security scans, and error reporting. - **License Management**: Centralized handling for premium plugins and themes — no more lost license keys. - **SMTP & Deliverability**: Reliable email delivery via dedicated SMTP so contact forms and notifications always land. - **Performance & Security**: Caching, image optimization, malware scanning, and firewall rules. ### Who It's For Small business owners and marketing teams who need their WordPress site to stay secure and up-to-date without spending hours managing it themselves. --- ## /work/ordr — ORDR Case Study ORDR is a cybersecurity company that helps organizations discover connected devices and mitigate threats across their network. Their website needed to reflect the standard of security and performance that ORDR's product promises to customers. ### Challenge ORDR's WordPress site had accumulated years of technical debt: plugin bloat, hosting complexity, and a security profile that was not acceptable for a cybersecurity company. Atomic Glue was auditing the site daily and applying plugin and theme updates weekly — yet the volume of dependencies meant there were always vulnerabilities to patch. The marketing team also struggled with editorial friction that slowed down campaign execution. The Lighthouse performance score on the WordPress homepage was 41 out of 100. ### Approach Atomic Glue migrated ORDR's website from WordPress to a modern stack: Payload CMS for content management, Next.js for the front end, and MongoDB for the database. The migration was scoped and delivered under ORDR's existing ongoing retainer — not a separate rebuild budget — which meant the work started immediately without a lengthy approval process. 650–700 pages were migrated. The site launched with zero downtime. The full project ran from concept through launch in approximately four weeks. ### Results - Lighthouse score: 41 → 100 across all four categories (Performance, Accessibility, Best Practices, SEO) - First Contentful Paint: 0.4s - Largest Contentful Paint: 0.8s - Pages migrated: 650–700 - Downtime at launch: 0 - Timeline: ~4 weeks concept through launch The new site is built on infrastructure that ORDR's own security team can trust: no plugin attack surface, no shared hosting, no weekly patch cycles. Marketing can now update content quickly without engineering help. --- ## /contact — Contact Schedule a discovery call or send a message at [atomicglue.co/contact](https://atomicglue.co/contact). Atomic Glue replies within one business day. --- ## Contact - Email: hello@atomicglue.co - Website: https://atomicglue.co - Location: Brookfield, Wisconsin (suburb of Milwaukee) — serving clients across the United States