← Back to Home

Security and Privacy

Arkar adopts the highest global standards of security, privacy, and compliance to protect our clients' data and ensure the integrity of every operation.

LGPDLGPD

Brazilian General Data Protection Law

Compliant
SOC 2SOC 2

Service Organization Control

In progress
ISO 27001ISO 27001

Information Security Management

In progress
ISO 27701ISO 27701

Privacy Management

In progress
Zero Data Retention

Zero Data Retention policy with OpenAI and Anthropic

Arkar operates under a Zero Data Retention (ZDR) policy with its AI providers, ensuring the highest level of confidentiality for the data processed by our agents.

OpenAI

OpenAI

ZDR Approved
  • Processed content is never saved, logged, or written to disk
  • No submitted data is accessed by human reviewers
  • Automated checks cover metadata only, never the actual content
  • Eligible endpoints receive the highest level of confidentiality treatment
Anthropic Claude

Anthropic

ZDR Approved
  • Data sent to the API is never used to train models
  • No retention of inputs or outputs after processing
  • Security logs retained for a minimal period, with no content
  • Compliance with SOC 2 Type II and ISO 27001 standards

What does Zero Data Retention mean?

Data Protection

Any content sent to the AI models is processed in real time and discarded immediately after the response is generated. Nothing is written to disk.

Privacy Assurance

No client data is ever accessed by the AI providers' human reviewers. Processing is fully automated and confidential.

No Training

Submitted data is never used to train, improve, or fine-tune the providers' AI models. Your data remains exclusively yours.

Security

Protected infrastructure

Multiple layers of security protect your operation at every level of the platform.

Network Security

Our services run on market-leading cloud infrastructure providers. The Virtual Private Cloud includes firewalls, static and dynamic protections, plus regular vulnerability scanning.

Access Control

Multi-factor authentication (MFA), Single Sign-On (SSO), granular RBAC controls by module, fund, and operation. Segregation of duties with a complete audit trail.

Auditing and Monitoring

Complete logs of activity, errors, and alerts across production systems. Continuous 24/7 monitoring with automated alerts for security events.

Independent Assessments

Regular penetration testing procedures performed by specialized teams, constantly testing and strengthening our defenses against emerging threats.

Privacy

Your data is yours

Privacy and data protection are at the heart of everything we build, in full compliance with LGPD and international standards.

Data Training

We do not use your proprietary data to train generative AI models. Your data is processed exclusively to deliver the contracted services.

Data Governance

Proprietary data is 100% private and exclusive to your organization. Complete tenant segregation with Row-Level Security (RLS) policies across the entire database.

Protection and Encryption

AES-256 encryption for data at rest and TLS v1.2+ for data in transit. Managed keys with automatic rotation and secure storage.

LGPD Compliance

Full compliance with the Brazilian General Data Protection Law (Law No. 13,709/2018). Designated DPO, guaranteed data subject rights, and documented incident response processes.

AI under Control

Responsible artificial intelligence

Our AI agents operate with governance, explainability, and human oversight at every step.

Hallucination Control

Validation mechanisms that require human review for low-confidence suggestions. Outputs are always grounded in real system data, never in fabricated information.

Auditing and Explainability

Tools to understand the reasoning behind agent responses. Every interaction is logged with context, sources, and confidence level for complete auditability.

Model Security

Protections against adversarial attacks, model inversion, data poisoning, and training data inference. AI systems continuously monitored with automated alerts.

Questions about security?

Our team is available to discuss your organization's security, compliance, and privacy requirements.