Governance & Compliance
Managed cloud
Arches-hosted, region of your choice
Single-tenant VPC
Your AWS / GCP / Azure account
On-prem / air-gapped
Signed images, zero callbacks
This workspaceUS · self-hosted (customer VPC)
Regulatory posture
SOC 2 Type II
Report current · covers the self-hosted control plane
HIPAA
BAA in place · PHI redaction enforced at the tool layer
CCPA / CPRA
Consumer request workflow wired to the audit trail
FedRAMP Moderate
In process via GovCloud deployment
Data boundary
0
Data sent outside (30d)
Verified at the network level
Single-tenant
Isolation
No shared compute or storage
Yours
Keys & models
Your keys, your model endpoint
Consumer requests (CPRA)SLA: 45 days
Deletion request
k****@gmail.com
Access / know request
t****@outlook.com
Runs where your data lives
The full stack — runtime, traces, evals, and the audit trail — deploys inside your network. Model calls go to your private endpoint, telemetry is opt-in, and the air-gapped profile runs with no outbound connectivity at all. Your security team gets the same admin and audit surface either way.
Immutable audit trail
Routed 894 inbound leads
Arches agent · Policy: inbound-routing v3
Approved spend-limit override ($9.2k)
D. Whitfield · Human-in-the-loop
Blocked: contact export to unmanaged device
Arches agent · Guardrail enforced
Deprovisioned 2 users (Okta)
SCIM sync · Joiner-mover-leaver
Exported audit pack (Q2)
R. Alvarez · Internal audit