Security and Privacy
Arkar adopts the highest global standards of security, privacy, and compliance to protect our clients' data and ensure the integrity of every operation.
Brazilian General Data Protection Law
Service Organization Control
Information Security Management
Privacy Management
Zero Data Retention policy with OpenAI and Anthropic
Arkar operates under a Zero Data Retention (ZDR) policy with its AI providers, ensuring the highest level of confidentiality for the data processed by our agents.
OpenAI
ZDR Approved- Processed content is never saved, logged, or written to disk
- No submitted data is accessed by human reviewers
- Automated checks cover metadata only, never the actual content
- Eligible endpoints receive the highest level of confidentiality treatment
Anthropic
ZDR Approved- Data sent to the API is never used to train models
- No retention of inputs or outputs after processing
- Security logs retained for a minimal period, with no content
- Compliance with SOC 2 Type II and ISO 27001 standards
What does Zero Data Retention mean?
Data Protection
Any content sent to the AI models is processed in real time and discarded immediately after the response is generated. Nothing is written to disk.
Privacy Assurance
No client data is ever accessed by the AI providers' human reviewers. Processing is fully automated and confidential.
No Training
Submitted data is never used to train, improve, or fine-tune the providers' AI models. Your data remains exclusively yours.
Protected infrastructure
Multiple layers of security protect your operation at every level of the platform.
Network Security
Our services run on market-leading cloud infrastructure providers. The Virtual Private Cloud includes firewalls, static and dynamic protections, plus regular vulnerability scanning.
Access Control
Multi-factor authentication (MFA), Single Sign-On (SSO), granular RBAC controls by module, fund, and operation. Segregation of duties with a complete audit trail.
Auditing and Monitoring
Complete logs of activity, errors, and alerts across production systems. Continuous 24/7 monitoring with automated alerts for security events.
Independent Assessments
Regular penetration testing procedures performed by specialized teams, constantly testing and strengthening our defenses against emerging threats.
Your data is yours
Privacy and data protection are at the heart of everything we build, in full compliance with LGPD and international standards.
Data Training
We do not use your proprietary data to train generative AI models. Your data is processed exclusively to deliver the contracted services.
Data Governance
Proprietary data is 100% private and exclusive to your organization. Complete tenant segregation with Row-Level Security (RLS) policies across the entire database.
Protection and Encryption
AES-256 encryption for data at rest and TLS v1.2+ for data in transit. Managed keys with automatic rotation and secure storage.
LGPD Compliance
Full compliance with the Brazilian General Data Protection Law (Law No. 13,709/2018). Designated DPO, guaranteed data subject rights, and documented incident response processes.
Responsible artificial intelligence
Our AI agents operate with governance, explainability, and human oversight at every step.
Hallucination Control
Validation mechanisms that require human review for low-confidence suggestions. Outputs are always grounded in real system data, never in fabricated information.
Auditing and Explainability
Tools to understand the reasoning behind agent responses. Every interaction is logged with context, sources, and confidence level for complete auditability.
Model Security
Protections against adversarial attacks, model inversion, data poisoning, and training data inference. AI systems continuously monitored with automated alerts.
Questions about security?
Our team is available to discuss your organization's security, compliance, and privacy requirements.