An attention product that leaks your attention elsewhere is a contradiction. So Arlo is private by design, not by policy. Here is exactly how that holds up.
Not a security page full of logos. Four commitments, each one wired into how Arlo actually runs.
Email bodies are encrypted at rest and the raw content is purged on a clock. The structured facts Arlo learned stay. The original message does not linger.
The AI that reads your inbox runs in Arlo's own infrastructure. Your messages are never sent to a third-party model's training set.
Everything Arlo knows is inspectable, editable, and prunable. The Vault is portable markdown with one-click export, so you can take it and leave any time.
Arlo records and communicates. It does not act on the world behind your back. Customer-facing sends and environment changes are forever propose-only.
Arlo for Teams is in pilot. The governance story is the part enterprise actually buys, so here it is in plain language.
Your personal Arlo is loyal to you. Managers get governed roll-ups built from opt-in summaries, never your raw messages. "Engineering is blocked on three things," never "here is what John said in Slack."
It is not a setting an admin can flip. There is no version of Arlo for Teams that reads an employee's personal anything. The wall is built into how it works.
Arlo checks entitlement when it answers a question, not just at the document. Every access is audited and answers cite their sources, so over-disclosure is detectable.
You can shape what gets shared outward. You cannot tamper with the internal record. The audit log is append-only.
Arlo for Teams is in pilot with our first signed customer. If you want the deployment options, admin controls, and the rest of the governance model, book a pilot and we will walk you through it.
Cloud, on-prem, or hybrid. The full feature set ships in all three. Your data is never shared across customers.
Hosted by us. Up and running today.
Runs inside your network. Nothing leaves it.
Split the workload where it makes sense.
Deployment is a hosting choice, not a feature tier. On-prem means nothing leaves your network. Workload mobility means you can move the AI between cloud and local by config, with no rebuild. Whichever you pick, your data is never shared across customers.
SOC 2 and ISO 27001 are on the compliance roadmap. We are not certified yet, and we are not going to imply otherwise. The controls underneath are already in place.
SOC 2 and ISO 27001 are planned, not earned. No badge, no claim of current certification. When we carry the certificate, we will say so here and nowhere will we say it before then.
Bring your toughest privacy question. We would rather earn the trust than ask for it.