Security at Arbtr
Your architectural decisions are sensitive intellectual property. We protect them with enterprise-grade security, encryption at every layer, and strict access controls.
Compliance & Certifications
We maintain rigorous security standards and are continuously improving our compliance posture.
GDPR Compliant
Full compliance with EU data protection requirements
SOC 2 Type II
Infrastructure providers certified, Arbtr certification in progress
Data Encryption
AES-256 at rest, TLS 1.3 in transit
DPA Available
Data Processing Agreements for all paid plans
Security Practices
We take security seriously at every layer of the stack.
Encryption at Rest
All data is encrypted at rest using AES-256 encryption. Your decisions and sensitive context are never stored in plain text.
Encryption in Transit
All data in transit is encrypted using TLS 1.3. We enforce HTTPS on all connections with no exceptions.
Access Controls
Role-based access control (RBAC) with Owner, Admin, and Member roles. Row-level security enforces team isolation at the database level.
Infrastructure
Hosted on Vercel's edge network with Supabase (AWS) for data storage. SOC 2 Type II compliant infrastructure.
API Security
All API endpoints require authentication. Rate limiting, request validation, and comprehensive audit logging on all operations.
Audit Logging
Complete audit trail of all actions: who did what, when, and why. Retention periods based on your plan (30-365 days, or unlimited for Enterprise).
Team Isolation
Multi-tenant architecture with strict data isolation. Each team's data is completely separate at the database level using PostgreSQL RLS policies.
Data Residency
Primary data storage in AWS US regions. Enterprise customers can request specific data residency requirements.
Security FAQ
Have security questions?
Our security team is here to help. Whether you need a security questionnaire completed, want to discuss specific compliance requirements, or have concerns to report.