Security
How we handle authentication, data, and access. We describe what we actually do — not certifications we don't yet hold.
Authentication
Accounts are protected with hashed passwords (never stored in plaintext) and token-based sessions. Sessions can be revoked, and tokens are invalidated on logout.
Data handling
- Traffic is served over HTTPS/TLS in production.
- Reports and account data are scoped per user — your memos are visible only to your account.
- The data our agents source (SEC filings, market and litigation records) is public information; we don’t resell or share your queries.
- Payment details are handled entirely by Stripe — we never see or store full card numbers.
Access control
Access to production systems is limited to the people who need it. We use third-party infrastructure providers for hosting, database, and payments, and rely on their underlying security controls in addition to our own.
Compliance — where we stand today
We’re an early-stage company and want to be straight with you: we do not currently hold a SOC 2 report, and we don’t yet offer a signed Data Processing Agreement (DPA). Formal compliance is on our roadmap as we grow. If your organisation requires either before adopting Arthvion, reach out and let’s talk about timing.
Reporting a vulnerability
Found something? Please email bimalkumal2004@gmail.com with the details and we’ll respond as quickly as we can. We appreciate responsible disclosure.