Security at ArkiTask

Our Security Measures

Your security is our top priority. ArkiTask takes every step possible to ensure your data is protected and safe. Please send questions or report issues to security@arkitask.ai.

Data Security

We encrypt data at rest and in transit. All connections to ArkiTask are encrypted using SSL, and any attempt to connect over HTTP is redirected to HTTPS. We maintain an A grade for Qualys/SSL labs. We rely on Azure infrastructure to securely maintain our cryptographic encryption keys. We use industry-standard Azure-managed storage systems.

Development and change management

Changes to the company’s code are tracked via Azure DevOps and automated controls ensure each change is peer-reviewed and passes a series of tests before being deployed to production. Changes to infrastructure are made via infrastructure as code (Bicep) and are manually reviewed.

Secure Infrastructure

ArkiTask hosts all data and applications in Azure facilities in the USA. Azure provides an extensive list of compliance and regulatory assurances, including SOC 1-3, and ISO 27001. See Azure's compliance documents for more information. All of Azure's servers are located within a dedicated virtual private network (VPN), protected by restricted security groups allowing only the minimal required communication to and between the servers.

Application Security

Web application architecture and implementation are built in Typescript, C#, and Python and follow OWASP guidelines. We regularly run internal application penetration testing and plan to conduct third-party testing soon.

Third-party vendor security review process

We ensure that all of our third-party apps and providers meet our security data protection standards before using them. We leverage third-party built-in permissioning for managing user access. You can request the vendor list from team@arkitask.ai.