ARCLEND

Legal · Security

Security is not a feature sheet.

It's how we're allowed in the door at every lender we work with. Here's the short version — the full security pack is available under NDA.

Controls

Six things we hold ourselves to.

Encryption

TLS 1.3 in transit. AES-256 at rest. Tokenization for card and bureau identifiers.

Access control

Role-based, least-privilege, and MFA-enforced. Four-eyes checks on sensitive actions.

Audit logging

Immutable, cryptographically chained event log. One-click export for regulator reviews.

Data residency

All customer data stored on infrastructure located in India, in Tier-3 colocation facilities.

Vulnerability management

Quarterly third-party pen tests. Continuous dependency scanning. SLA-bound patching.

Incident response

24×7 on-call. Customer notification within contractual SLA. Post-mortems shared openly.

Reporting

Found something? Tell us.

Responsible disclosure is welcome. We will acknowledge within two business days and keep you updated through to resolution.

Email: security@arclend.io