ARKA DocsStart
Documentation
Encryption

Encryption Details

Technical details on how ARKA-AI encrypts and protects your sensitive data, including API keys and conversation history.

Encryption Overview

ARKA-AI uses industry-standard encryption to protect your data at every stage - in transit, at rest, and during processing. Here's how it works:

Data Flow Protection

Your Browser

HTTPS/TLS 1.3

ARKA-AI Server

AES-256 encryption

AI Provider

HTTPS/TLS 1.3

Encryption in Transit

All data moving between your browser and ARKA-AI is encrypted using TLS 1.3, the latest transport security protocol:

  • TLS 1.3 - Modern encryption for all HTTP traffic
  • Perfect Forward Secrecy - Each session uses unique keys
  • HSTS enabled - Forces HTTPS connections
  • Certificate pinning - Prevents man-in-the-middle attacks

API Provider Traffic

When your request is forwarded to OpenAI or OpenRouter, it also uses HTTPS/TLS 1.3. Your data is never transmitted in plain text.

Encryption at Rest

All sensitive data stored in our database is encrypted using AES-256 (Advanced Encryption Standard with 256-bit keys):

API Keys

Your OpenAI and OpenRouter API keys are encrypted before storage. The encryption key is stored separately and rotated regularly.

Stored: AES-256-GCM encrypted blob

Original: Never stored in plain text

Conversation History

Your conversation history is encrypted at the database level. Individual messages are associated with your account only.

Database: Volume encryption enabled

Backups: Encrypted before storage

Key Management

Encryption is only as strong as the key management. Here's our approach:

  • Key separation - Encryption keys are stored separately from data
  • Key rotation - Master keys are rotated on a regular schedule
  • Access control - Keys are accessible only to authorized systems
  • Audit logging - All key access is logged and monitored

What's Encrypted

Data TypeIn TransitAt Rest
API KeysTLS 1.3AES-256
ConversationsTLS 1.3Volume Encryption
User ProfilesTLS 1.3Volume Encryption
Session TokensTLS 1.3Hashed (bcrypt)
PasswordsTLS 1.3Hashed (Argon2)

Safe Telemetry

Our telemetry and logging systems are designed to never capture sensitive data:

What We Log

Logged (Safe)

  • • Request timestamps
  • • Tool used (e.g., "summarize")
  • • Model selected
  • • Token counts
  • • Error codes

Never Logged

  • • API keys (even partial)
  • • Input content
  • • Output content
  • • Personal information

Open Source Telemetry

Our telemetry module is designed with "safe by default" patterns. Sensitive fields are automatically stripped before any logging occurs.

Data PrivacyCompliance