Security at Arcadia
The security of your data is a top priority and we take important steps to ensure your personal information is safe.
Protecting your Arcadia account
All network traffic on our application forces HTTPS connections and utilizes TLS v1.2, so you can be confident that you’re communicating with only our servers and no one is eavesdropping. We also have rate limits in place in our authentication system to prevent your account from being accessed through a brute-force or a credential stuffing attack.
Your Arcadia account password is encrypted using one-way hashing and salting and never stored in plaintext. All connections to our data services are secured but in the unlikely event that our database is compromised, your password information would still be protected.
Protecting your utility credentials
When you integrate your utility account with us, we encrypt your account information using AWS KMS. Your data is encrypted both in transit and in storage, and any decryption of your account information would be logged, leaving a permanent paper trail of when, where, and what parts of our system accessed sensitive data.
Protecting your payment information
We partner with industry-leading payment platforms, Stripe and Plaid, to handle your banking and credit card information and process your payments. We do not store your banking or credit card information on our infrastructure nor do we have access to your financial information. Stripe and Plaid have their own stringent security policies and have been audited to achieve PCI Level 1 Service Provider and SOC 2 Type II compliance, respectively.
Protecting physical access to your data
Our application infrastructure is built using Amazon Web Services (AWS). Amazon continually manages risk and undergoes recurring assessments to comply with industry standards. Their physical infrastructure are accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
Protecting your data from vulnerabilities
Technology is ever-changing and new software vulnerabilities are announced daily. We actively track and address all critical vulnerabilities, ensuring our platform and your information are as safe as possible.
PGP public key
If you want to secure your communications even further, this is our public PGP key:
Have a question, concern, or need to report a security issue?
Contact us at firstname.lastname@example.org