ArcSense · Security & Trust
How we protect your organization's data
ATLAS handles sensitive governance data — strategies, risk registers, security policies, shareholder records. Here is what we do to earn the right to hold it.
Security controls
What we have in place
Row-level security
Enforced on every database table. Cross-org data access is structurally impossible, not just policy-prohibited.
CI/CD security gates
Every pull request runs typechecking, dependency contract tests, and an in-house security audit covering SCA, RLS coverage, secrets scanning, and SAST.
Error tracking
Sentry is wired into the web app, admin console, MCP server, MCP worker, and all Supabase Edge Functions. Every uncaught exception is captured and triaged.
Uptime monitoring
All services — web app, admin console, MCP worker, and Supabase — are monitored by Better Stack with a public status page.
Auth audit log
Every login, logout, password reset, and account change is recorded in the Supabase auth audit log and accessible to ArcSense administrators.
MCP write-tool audit trail
Every AI-initiated write operation through the MCP server is logged with actor, tool, organization, and timestamp. Write tools enforce RBAC and idempotency.
Penetration test
Independent third-party pen test covering the web app, admin console, MCP server, and Supabase RLS. In planning — scope defined, vendor selection underway.
SOC 2 Type I
Point-in-time attestation of security controls. In planning — Phases 0–3 of our production readiness programme are complete.
Subprocessors
Third-party service providers
We use a small number of trusted providers to operate ATLAS. We do not sell data to any of them, and each is engaged solely to operate the service.
Resources
More information
Engineering practices
How we build, test, and verify ATLAS
Status page
Live uptime across all services
Responsible disclosure
Report a security vulnerability
Privacy policy
How we collect and use data
Terms of service
Platform usage agreement
Security questions? Contact us at security@arcsense.ca.