Legal
Arche API Legal
Review the policies that govern how Arche API handles data, service use, and security practices for customers and developers.
Last updated: March 3, 2026
Security
Security
Arche applies practical, risk-based security controls to protect customer data and maintain dependable API operations.
- Encryption. Data is protected in transit and encrypted at rest where applicable in managed infrastructure.
- Access controls. Operational access follows least-privilege practices with key management and auditability controls.
- Monitoring. Security and reliability telemetry is monitored to detect anomalies and support incident response.
Security overview
Security at Arche is designed around protecting developer credentials, service integrity, and data confidentiality while supporting deterministic, audit-grade data delivery workflows.
Encryption
Arche API traffic is encrypted in transit using modern TLS. Data is encrypted at rest where supported by underlying managed services and storage systems.
Access controls
Internal access is limited by role and business need. We apply least-privilege access principles, maintain key and secret management practices, and retain audit logs to support review and investigation.
Monitoring and incident response
We maintain service and security monitoring for anomalous behavior, operational failures, and potential abuse. Incident response processes are designed to triage, contain, remediate, and communicate material issues in a timely manner.
Vulnerability reporting
If you identify a potential vulnerability, contact us through our support channel with reproduction details and impact context. Please do not perform intrusive testing against Arche systems without prior written authorization.
Subprocessors
Arche uses third-party providers for infrastructure, observability, and billing operations where needed. A subprocessors list can be provided through customer support for applicable agreements.