Skip to main content
Security & Compliance

Enterprise-grade security, built in

Your project data is your competitive advantage. We protect it with the same rigor that Fortune 500 construction firms require: SOC 2 certified, encrypted end-to-end, and fully auditable.

Request Security Review Download Security Brief
SOC 2 Type II
AES-256
TLS 1.3
GDPR
CCPA

Six pillars of platform security

Security isn't bolted on. It's designed into every layer of the Arlyn platform.

Data encryption

AES-256 encryption at rest across all data stores. TLS 1.3 in transit. Keys managed via AWS KMS with annual rotation.

  • AES-256 at rest
  • TLS 1.3 in transit
  • AWS KMS key management
  • Annual key rotation

Identity & access

SAML 2.0 SSO with your IdP (Okta, Azure AD, Google Workspace). Role-based access control down to the agent level.

  • SAML 2.0 SSO
  • RBAC with custom roles
  • MFA enforcement
  • Session timeout policies

Audit & observability

Immutable audit logs for every agent action, data access event, and configuration change, retained for 7 years.

  • Immutable audit logs
  • 7-year retention
  • SIEM integration
  • Real-time alerting

Infrastructure

Hosted on AWS in US-East and US-West regions. SOC 2 Type II certified. Single-tenant deployments available for Enterprise.

  • AWS US-East / US-West
  • SOC 2 Type II
  • Single-tenant option
  • 99.9% uptime SLA

Compliance

Built for construction enterprise requirements: SOC 2, GDPR, CCPA, and FedRAMP-ready architecture for public sector projects.

  • SOC 2 Type II
  • GDPR & CCPA ready
  • FedRAMP-ready arch
  • Annual pen testing

Data residency

Customer data stays in the region you choose. No cross-border data transfers without explicit consent. Data deletion on request.

  • US data residency
  • EU option available
  • No cross-border transfer
  • Right-to-delete

Certifications & compliance status

SOC 2 Type IICertified

Audited annually by independent third party

GDPRCompliant

European data protection compliance

CCPACompliant

California Consumer Privacy Act

HIPAAAvailable

Available for healthcare construction clients

FedRAMPIn Progress

In progress for federal project clients

ISO 27001In Progress

Information security management system

AI Safety Controls

Responsible AI by design

Autonomous agents acting on construction data requires a higher bar. We've built safeguards that keep humans in control of consequential decisions while agents handle the repetitive work.

See Controls in Action

Human-in-the-loop approval

High-stakes actions (change orders over $50K, schedule updates affecting critical path) require human approval before execution.

Reasoning transparency

Every agent decision includes a full reasoning trace. Your team can see exactly what data was used and why an action was taken.

Rollback capability

Agent actions that write to connected systems can be rolled back within 24 hours. A full undo log is maintained per project.

Confidence thresholds

Agents escalate to human review when their confidence score falls below configurable thresholds. No silent failures.

Data minimization

Agents only access the data required to complete a specific task. Least-privilege access principles apply to all agent operations.

No model training on your data

Customer project data is never used to train or fine-tune our models. Your proprietary data stays yours.

Need a full security review?

We provide detailed security documentation, pen test reports, and architecture reviews for enterprise prospects.

Request Security Package