← Back to home

Security

How we handle authentication, data, and access. We describe what we actually do — not certifications we don't yet hold.

Authentication

Accounts are protected with hashed passwords (never stored in plaintext) and token-based sessions. Sessions can be revoked, and tokens are invalidated on logout.

Data handling

Access control

Access to production systems is limited to the people who need it. We use third-party infrastructure providers for hosting, database, and payments, and rely on their underlying security controls in addition to our own.

Compliance — where we stand today

We’re an early-stage company and want to be straight with you: we do not currently hold a SOC 2 report, and we don’t yet offer a signed Data Processing Agreement (DPA). Formal compliance is on our roadmap as we grow. If your organisation requires either before adopting Arthvion, reach out and let’s talk about timing.

Reporting a vulnerability

Found something? Please email bimalkumal2004@gmail.com with the details and we’ll respond as quickly as we can. We appreciate responsible disclosure.