Cap tables, SAFEs, partner notes, financial models — the data inside Arx is among the most sensitive a company will ever own. Below are our published policies on how we protect it, how we operate the platform, and what we expect of you in return. Each document is current, dated, and reachable from one place.
How Arx protects your data — encryption, access controls, network architecture, authentication, backups, and the day-to-day practices that hold them together.
Read the policyHow code gets from a developer's machine to production — review, automated testing, secret hygiene, dependency scanning, and the controls that gate every release.
Read the policyVulnerability disclosure terms for security researchers, plus the internal vulnerability-management program we run on our own findings.
Read the policyWhat we do when something goes wrong — detection, containment, customer notification, post-mortem, and the on-call structure behind it.
Read the policyWhere Arx runs, what it runs on, and how we manage the third-party software we depend on — from base images to npm packages.
Read the policyEvery third-party processor we use, what they process for us, and our commitment to notify you before any change.
Read the policyWhat you may and may not do with Arx — including specific rules for the AI assistant, the MCP server, automated access, and outgoing email.
Read the policyHow we collect, store, and protect personal information — plus the cookies registry, by name.
Privacy Policy & Cookies →If you want the long answers, every policy above is read in detail. If you want the short version, here it is.