Arvad Docs
← Back to Arvad

Security

Learn about our security practices and how to keep your projects safe.

Watch: Security Best Practices

Learn how to secure your Arvad account and protect your deployments.

Authentication & Authorization

Arvad uses industry-standard authentication mechanisms to protect your account and data.

Authentication Methods

Email & Password

Secure password with email verification

GitHub OAuth

Sign in with your GitHub account

Google OAuth

Sign in with your Google account

Two-Factor Auth

Additional security layer with TOTP

Session Security

  • Sessions automatically expire after 7 days of inactivity
  • Ability to view and revoke active sessions
  • Automatic logout on password change
  • Secure, HTTP-only cookies for session management

Data Encryption

Your data is encrypted both in transit and at rest using industry-standard encryption protocols.

In Transit

  • • TLS 1.3 for all connections
  • • HTTPS enforced on all endpoints
  • • HSTS enabled
  • • Certificate transparency

At Rest

  • • AES-256 encryption for data
  • • Encrypted database backups
  • • Secrets encrypted with KMS
  • • Regular key rotation

Compliance

Arvad is committed to maintaining the highest standards of security and privacy compliance.

GDPR

EU data protection compliance

SOC 2

Security controls audit (In Progress)

CCPA

California privacy compliance

Data Handling

  • Data residency options available for enterprise customers
  • Right to deletion - request complete data removal
  • Data export functionality for portability
  • Minimal data collection principle

Best Practices

Recommended Actions

🔒

Enable Two-Factor Authentication

Add an extra layer of security to your account

🔒

Use Strong, Unique Passwords

Use a password manager to generate and store secure passwords

🔒

Rotate API Keys Regularly

Generate new API keys periodically and revoke unused ones

🔒

Review Connected Apps

Regularly audit and remove unnecessary OAuth connections

🔒

Monitor Account Activity

Review login history and active sessions regularly

Report a Security Issue

Found a security vulnerability? We appreciate responsible disclosure. Please report any security issues to our security team.

Report Security Issue

Previous

Billing & Payments

Subscriptions and token usage