Trust

Architectural controls first.
Certifications next.

We don't claim certifications we don't have. We tell you exactly where we are on every framework you care about, and we share control documentation under NDA on request.

Architectural controls

Independent of certification status.

The architecture every ArqAI Labs engagement runs on includes:

01

Cryptographic logging of every agent action and every data access.

02

Policy enforcement before retrieval and before tool execution.

03

Decision provenance exposed in the operational log and the user UI.

04

Deployment options that respect data residency and tenancy requirements.

Compliance posture

Honest status. By framework.

Each row is the current honest read on alignment, audit, and customer-facing artefacts.

SOC 2

In progress

Aligned with SOC 2 Trust Services Criteria. Type II audit in progress.

HIPAA

Aligned

HIPAA-aligned controls. BAAs executed with healthcare customers. Internal HIPAA security and privacy policies in place.

GDPR

Aligned

GDPR-aligned data protection principles. EU customer engagements include the appropriate data processing addenda.

Regional frameworks

Aligned

SAMA Cybersecurity Framework, NCA Essential Cybersecurity Controls, KSA PDPL, UAE PDPL, and NHRA standards for engagements in MENA.

Data handling

Your data stays your data.

We don't move data outside customer environments to make our product work. Customer data is not used to train shared models.

Responsible AI

Assist, don't replace.

Every ArqAI Labs engagement is designed to assist a human professional. The AI surfaces evidence and reasoning. The human makes the consequential decision.

Request control documentation.

Detailed control documentation is shared under NDA.

Request documentation