Data & Security
How Arcova handles your data.
Where your data lives
Arcova is a cloud-hosted, multi-tenant SaaS platform. Your account is logically isolated from every other account — your shifts, officers, clients, and reports are never visible to another company on the platform.
Encryption
All traffic between your devices and Arcova is encrypted in transit using TLS. Data stored in our databases and file storage is encrypted at rest. Sensitive credentials, like API keys and passwords, are hashed or encrypted with modern algorithms — they are never stored in plain text.
Access controls
Access inside your account is governed by role-based permissions — see Roles & Permissions. On our side, staff access to production systems is limited, requires multi-factor authentication, and is logged for review.
Backups & retention
Production databases are backed up daily. Your data is retained for as long as your account is active. If you close your account, contact us and we'll work with you on export and deletion timelines.
Startup posture (be honest)
Arcova is a startup. We want to be straightforward about what we do and don't have today:
- We do not currently hold a SOC 2 or ISO 27001 certification.
- We are not HIPAA-eligible.
- We do not offer SAML or SSO at this time.
If your operation requires any of the above, contact us. We can scope a roadmap for your account and let you know what's realistic on what timeline.
Data export
You own your data. CSV exports are available for the most common entities directly in the app, and a full export is available on request — just reach out.