Security Overview

This document is a single-page summary of how Arcaveli handles data, what attackers can and can't get from a successful breach, and the compliance commitments we maintain. It complements the Privacy Policy and Terms of Service.

1. Encryption architecture

Arcaveli uses a hybrid RSA-2048 + AES-256-GCM envelope, with the private key generated and held exclusively in the user's browser. We never see it, never persist it, and cannot recover it.

For each AI response and stored document, the server generates a fresh AES-256-GCM symmetric key, encrypts the payload, then wraps that symmetric key with the user's RSA-2048 public key (RSA-OAEP-SHA256). The result — an opaque envelope — is what lives in our database. Only the user's matching private key, held in their browser's localStorage, can unwrap it.

What this means: a database breach yields ciphertext only. Even with full DBA access, root on our servers, and our master keys, the attacker cannot read user content without each user's private key from each user's browser.

Algorithms in use

• RSA-OAEP-SHA256 — wraps per-request symmetric keys with the user's public key (Node built-in crypto; no third-party crypto library).
• AES-256-GCM — authenticated encryption for message bodies, file contents, document Deltas, and BYOK provider keys.
• scrypt — password and recovery-code hashing.
• SHA-256 — request body hashes in the audit log (proof a request happened, with no recoverable content).

What's encrypted at rest

• Every chat message (user prompts and assistant responses)
• Every Canvas document (full content + title)
• Every uploaded file's extracted text and original filename
• Every signature image returned to the document owner
• Every BYOK provider API key
• Every OAuth refresh token (Google Drive / OneDrive)
• Search queries to CourtListener / PubMed (audit log)
• Per-message tool-use metadata (which cases / articles an agent searched)

The single exception is documents you explicitly send for external e-signature: those are stored as plaintext HTML for the duration the recipient needs to read them, and auto-purged the moment the recipient signs or declines. This is documented in the Privacy Policy section 4.

2. Infrastructure security

• Hosting: DigitalOcean Droplets in NYC (US East). All traffic terminates at Nginx with TLS 1.3.
• Transport: HTTPS-only via Let's Encrypt certificates, HSTS preloaded, automated renewal via certbot.
• Authentication: JWT bearer tokens (8-hour expiry). Per-account 8 single-use recovery codes for password reset, plus standard email-link reset (1-hour expiry, single-use).
• Database: PostgreSQL on the same private network as the app. Backups daily (gzip-compressed pg_dumps), retained 7 days on disk.
• Rate limiting: Nginx-level rate limits on /api/messages and /api/ generally. Login flow has tighter per-IP limits via express-rate-limit.
• Process supervision: PM2 with automatic restart on crash. Sentry captures uncaught exceptions and unhandled promise rejections.
• Uptime monitoring: External probe of /api/health; pages on outage.

3. Data handling

What Arcaveli stores

• Account record: email (login identifier), scrypt password hash, RSA-2048 public key, plan, Stripe IDs, timestamps.
• Encrypted ciphertext envelopes (see Section 1) for every message, file, and document.
• Hashed audit-log rows: SHA-256 request body hash, model name, token counts, estimated cost, timestamp. Zero plaintext content.

What Arcaveli cannot access

• Plaintext of any chat message, document, or file content.
• Your private encryption key (it is never transmitted).
• Your unencrypted BYOK provider keys (decrypted only in memory, only for the duration of a single API call).

Data retention & deletion

• Account data and encrypted conversations are retained while the account is active.
• You can permanently delete your account at any time via Settings → Danger Zone. Deletion is irreversible and cascades to all encrypted conversations, encrypted API keys, audit-log entries, and any active Stripe subscription within 24 hours.
• Daily database backups are retained for 7 days then purged. After account deletion, restored backups would still contain ciphertext-only data — but the encryption key for that data is gone.

4. Compliance

GDPR

Essential cookies / localStorage entries only — no tracking, no advertising, no third-party analytics. EU/EEA/UK users have full rights of access, rectification, erasure, portability, and complaint as documented in the Privacy Policy. Data subject requests: privacy@arcaveli.com.

HIPAA

Arcaveli is HIPAA-eligible. Because we store only ciphertext that we cannot decrypt, we hold no readable PHI at rest. Plaintext PHI exists only in transit between our servers and Anthropic, only for the duration of a single API request. BAA included on the Business plan by default; available on request for Starter customers via privacy@arcaveli.com.

SOC 2

SOC 2 Type I in progress (target Q4 2026). Audit controls maintained via Vanta from day one.

Subprocessors

• Anthropic, PBC — AI inference (managed plans). Zero training on your data, 30-day max retention per Anthropic's commercial terms.
• DigitalOcean — VPS + database hosting.
• Stripe — billing.
• Resend — transactional email (verification, password reset, receipts).

5. Responsible disclosure

If you believe you've found a security vulnerability in Arcaveli, please report it to security@arcaveli.com. We will respond within two business days and aim to triage all reports within seven.

We commit to:

• Acknowledge receipt within two business days.
• Provide a timeline for remediation within seven days.
• Credit the reporter publicly (with consent) on resolution.
• Not pursue legal action against good-faith researchers who follow this policy.

Out of scope: denial-of-service, social engineering of staff or customers, physical attacks, and reports that require already-compromised user credentials.

Privacy Policy · Terms of Service · Contact