System Security Practices
ArcTactic enforces enterprise-grade security protocols to protect client pipelines, transcripts, and telemetry details.
Data Encryption
We secure data in transit and at rest:
- In Transit: Encrypted using TLS 1.3 cryptographic protocols with modern cipher suites.
- At Rest: CRM database fields, documents, and transcripts are stored with AES-256 block encryption.
Isolation & Tenant Security
Your CRM data is isolated. WorkOS manages authorization tokens to verify that only authenticated administrator accounts can fetch database parameters or command agent actions.
Subprocessor Security
Our core service hosting partners (Convex, WorkOS, Stripe) undergo annual auditing and maintain SOC2 Type II compliance reports.
Vulnerability Reporting
If you identify a security vulnerability inside our API endpoints or auth flows, please submit reports to:
Email: security@arctactic.com
Please refrain from disclosing vulnerabilities publicly until our engineering team has verified and deployed patches.