Security & Compliance
Your data. Protected.
Arythmatic is built with enterprise-grade security from the ground up. Encryption, access controls, compliance frameworks, and infrastructure transparency — so you can focus on delivering great learning experiences.
Compliance Frameworks
We build to the standards your industry requires. Here is the current status of our compliance program.
GDPR
CompliantFull General Data Protection Regulation compliance for EU learners and organizations. Data processing agreements available, right-to-erasure support, and lawful basis tracking for all personal data.
SOC 2 Type II
In ProgressCurrently undergoing SOC 2 Type II audit for Security, Availability, and Confidentiality trust service criteria. Expected completion Q3 2026.
HIPAA
Architecture ReadyPlatform architecture supports HIPAA-compliant deployments for healthcare organizations. Business Associate Agreements (BAA) available upon request for enterprise plans.
FERPA
CompliantFamily Educational Rights and Privacy Act compliance for academic and K-12 deployments. Student data privacy controls and parental consent workflows supported.
Security Features
Every layer of Arythmatic is designed to protect your organization's data and your learners' privacy.
Encryption at Rest & In Transit
All data is encrypted using AES-256 at rest and TLS 1.3 in transit. Database encryption, backup encryption, and secure key management ensure your learner data is protected at every layer.
Role-Based Access Control (RBAC)
Granular permission system with predefined roles (Admin, Instructor, Manager, Learner) and custom role creation. Control who can access, edit, or manage courses, reports, and user data at the organization, department, or course level.
Single Sign-On (SSO)
SAML 2.0 and OAuth 2.0 integration for enterprise SSO. Connect Arythmatic to your identity provider (Okta, Azure AD, Google Workspace, OneLogin) for centralized authentication and user provisioning.
Audit Logging
Comprehensive audit trails for user actions, admin changes, content modifications, and access events. Logs are immutable, timestamped, and available for export in compliance-ready formats.
Data Residency
Choose your data storage region to meet local regulatory requirements. Available regions include US (Virginia), EU (Frankfurt), and Asia-Pacific (Mumbai). Data never leaves your selected region without explicit configuration.
Automated Backups & Disaster Recovery
Continuous database replication with point-in-time recovery. Daily encrypted backups retained for 30 days. Recovery Time Objective (RTO) under 4 hours and Recovery Point Objective (RPO) under 1 hour.
Infrastructure & Operations
Cloud Infrastructure
AWS (Amazon Web Services) with multi-AZ deployment for high availability
Uptime SLA
99.9% uptime guarantee for all paid plans, monitored 24/7
DDoS Protection
Network and application-layer DDoS mitigation via AWS Shield
Vulnerability Management
Regular penetration testing, dependency scanning, and security patches within 48 hours of disclosure
Incident Response
Documented incident response plan with severity-based escalation. Security incidents communicated within 72 hours per GDPR requirements
Secure Development
OWASP Top 10 addressed in development lifecycle. Code reviews, automated security testing in CI/CD, and dependency auditing
Responsible Disclosure
Found a security vulnerability? We appreciate responsible disclosure. Please email security@arythmatic.cloud with details and we will respond within 48 hours. Do not publicly disclose vulnerabilities until we have confirmed a fix is deployed.
Ready to launch a secure academy?
Start your 14-day free trial today. No credit card required. Full access to everything.