Last updated: Feb 18, 2023
Your trust and safety are important to us. Arc believes that continuous improvement in our security programs is pivotal in providing a great, secure product to our customers.
Security Program Highlights
Arc Technologies, Inc. encrypts data at rest and in transit for all of our customers. We use Google Cloud’s Platform encryption and secret management services to manage encryption keys for maximum security in line with industry best practices.
Arc regularly engages some of the industry’s best application security experts for third-party penetration tests. Our penetration testers evaluate the source code, running application, and the deployed environment.
Arc also uses high-quality static analysis tooling provided by Snyk and GitHub Advanced Security such as CodeQL, Secrets Scanner, and Dependabot to secure our product at every step of the development process.
Arc uses Google Cloud Platform (GCP) to host our application. We make full use of the security products embedded within the GCP ecosystem, including Secrets Manager, intrusion detection scanning, and shielded containers.
In addition, we deploy our application using containers run on GCP managed services, meaning we typically do not manage servers in production.
Arc requires Multi-factor Authentication enablement for all Arc Treasury customers. Once enabled, each user will be required to complete MFA at log-in, which includes using either text or Authenticator codes as the second verification method. MFA credentials can be “remembered” on the platform for a 30 day window on trusted devices.