ARCTICCODEX

Trust Center

Hosted, audit-ready AI with transparent security posture. Evidence available under NDA for Enterprise customers.

SOC 2

In progress

Type II audit underway. Control mapping available under NDA.

HIPAA

BAA available

Enterprise can execute BAAs. PHI handled in HIPAA-aligned regions.

GDPR

DPA available

EU/US residency options, DSR workflows supported (access/erasure/portability).

Encryption

AES-256 at rest, TLS 1.3 in transit

KMS-backed keys; audit receipts signed with ForgeNumerics frames.

Logging

Audit receipts on every response

event_id, hash, timestamp, citations, export URL.

Subprocessors

Listed

Vercel (hosting), Supabase (optional persistence), Stripe (billing).

Data Flow

Requests enter the hosted API gateway → vault retrieval (TF-IDF + optional embeddings) → model inference → audit receipt signing → response with citations and export URL.

  • Customer data is not used to train hosted models by default.
  • Retention: request/response logs 30 days (configurable for Enterprise); audit receipts retained per contract.
  • Regions: primary US; EU residency available for Enterprise.

Security Contacts

Report vulnerabilities: security@arcticcodex.com

Request compliance evidence or DPA/BAA: legal@arcticcodex.com

Support/SLA escalations: support@arcticcodex.com