Trust Center
Trust Center
Everything your security and procurement teams need to evaluate ArvexLab — our architecture, sub-processors and document availability, stated honestly, including what we hold today and what's still in progress.
Certifications & attestations
ArvexLab does not yet hold an external certification of its own, such as SOC 2 or ISO 27001. We are an early-stage company and we would rather be straight with you than imply otherwise. Security and data protection are engineered in from day one, and we will update this page as we achieve each milestone.
SOC 2 Type II
Independent attestation of our security controls over time.
ISO 27001
Certification of our information security management system.
Penetration test
Independent third-party security assessment of the platform.
Architecture & controls
EU data residency
Application data is hosted in Frankfurt, Germany (EU). Built for organizations that need to keep data in Europe.
Encryption
TLS 1.3 in transit and AES-256 at rest — applied to your data by default.
Tenant isolation
Row-level security scopes every record to your organization, enforced at the database layer.
Access control
Role-based access control (RBAC) with multi-factor authentication (MFA) support for your team.
Audit logging
Key actions are recorded to an audit trail you can review and export for your own evidence.
AI transparency
Every AI output carries a confidence score and is shown for human review. Nothing is finalized without a person approving it.
Continuous monitoring
We track public vulnerability and breach feeds — CVE, CISA KEV and the EU Vulnerability Database — against your vendor portfolio daily, and our application is instrumented with error monitoring hosted in the EU.
Sub-processors
We rely on 12 vetted sub-processors to run the service — 8 of them process data within the EU/EEA, and every cross-border transfer carries a documented safeguard. The full, current list is published under GDPR Article 28(2).
View the full sub-processor listDocuments available
The following documents are available to your procurement and security teams. Contractual documents are shared on request once an NDA is in place; attestations marked in progress will be added as they are completed.
Data Processing Agreement
Available on requestMaster Service Agreement
Available on requestMutual Non-Disclosure Agreement
Available on requestService Level Agreement
Available on requestDORA Article 30 Addendum
Available on requestNIS2 Security Addendum
Available on requestSecurity Whitepaper
Available on requestCAIQ Response
Available on requestSOC 2 Report
In progressISO 27001
In progressPenetration Test
In progressRequest access
Need our security documentation for a vendor review? Tell us what your team needs and we'll walk you through our architecture and share the relevant documents.