Security
Enterprise-grade security by design
Your enterprise architecture contains your most sensitive strategic data. We treat security as a foundational requirement, not a feature.
Security Practices
How we protect your data
Encryption everywhere
TLS 1.3 in transit, AES-256 at rest. Database-level encryption with customer-managed keys on Enterprise plans.
Zero-trust architecture
Every request is authenticated and authorised. No implicit trust between services. mTLS for all internal communication.
Data isolation
Each tenant's data is logically isolated at the database level. Enterprise plans offer dedicated database instances.
Access control
RBAC and ABAC with granular permissions. SSO via SAML 2.0 and OIDC. SCIM for automated user provisioning.
Audit trail
Every action logged with who, what, when, and why. Tamper-proof audit logs retained for 7 years on Enterprise plans.
Sovereign deployment
Deploy ArchNova in your own cloud, on-premises, or air-gapped. Your data never leaves your infrastructure.
Compliance Roadmap
Certifications and standards
| Standard | Status | Target |
|---|---|---|
| SOC 2 Type II | In progress | Q1 2027 |
| ISO 27001 | Planned | Q2 2027 |
| GDPR | Compliant | Now |
| HIPAA | Planned | Q3 2027 |
| FedRAMP | Planned | Q4 2027 |
| CSA STAR | Planned | Q2 2027 |
Responsible Disclosure
Report a vulnerability
We welcome responsible security researchers. If you discover a vulnerability, please report it to security@ganexas.com. We commit to acknowledging reports within 24 hours and providing an initial assessment within 72 hours.
Contact Security Team