Security is the product.

Architecture

Arkion's platform is built on a zero-trust architecture. All internal communication uses mTLS with certificates managed by the same lifecycle engine we provide to customers. We are our own first deployment.

Discovery scan security

The external discovery scan is strictly read-only. It uses only publicly available data sources (CT logs, DNS, well-known manifests) and a single TLS handshake per host. The scan does not: install agents, write to your systems, require credentials, or access your internal network.

Data protection

• All data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Role-based access controls with principle of least privilege
• Immutable audit logs for all data access and platform operations
• Scan results retained for 90 days; then permanently deleted

Responsible disclosure

If you discover a security vulnerability in any Arkion system, please report it to security@arkion.ai. We commit to acknowledging receipt within 24 hours and providing a timeline for remediation within 72 hours.

Compliance documentation

For current compliance documentation, security questionnaires, or to discuss our attestation roadmap, contact hello@arkion.ai.