Security & trust

Private by construction.

An attention product that leaks your attention elsewhere is a contradiction. So Arlo is private by design, not by policy. Here is exactly how that holds up.

The principles

Four promises the architecture keeps for you.

Not a security page full of logos. Four commitments, each one wired into how Arlo actually runs.

Encrypted, then forgotten

Email bodies are encrypted at rest and the raw content is purged on a clock. The structured facts Arlo learned stay. The original message does not linger.

Your content stays in our infrastructure

The AI that reads your inbox runs in Arlo's own infrastructure. Your messages are never sent to a third-party model's training set.

Your memory is yours

Everything Arlo knows is inspectable, editable, and prunable. The Vault is portable markdown with one-click export, so you can take it and leave any time.

Arlo never takes destructive actions

Arlo records and communicates. It does not act on the world behind your back. Customer-facing sends and environment changes are forever propose-only.

For teams

Give everyone an Arlo. Govern it without reading anyone's inbox.

Arlo for Teams is in pilot. The governance story is the part enterprise actually buys, so here it is in plain language.

Two Arlos

Your personal Arlo is loyal to you. Managers get governed roll-ups built from opt-in summaries, never your raw messages. "Engineering is blocked on three things," never "here is what John said in Slack."

The monitoring boundary is architectural

It is not a setting an admin can flip. There is no version of Arlo for Teams that reads an employee's personal anything. The wall is built into how it works.

Clearance enforced at answer time

Arlo checks entitlement when it answers a question, not just at the document. Every access is audited and answers cite their sources, so over-disclosure is detectable.

Containment, not cover-up

You can shape what gets shared outward. You cannot tamper with the internal record. The audit log is append-only.

Arlo for Teams is in pilot with our first signed customer. If you want the deployment options, admin controls, and the rest of the governance model, book a pilot and we will walk you through it.

Deployment & data residency

Where Arlo runs is your call, not a price tier.

Cloud, on-prem, or hybrid. The full feature set ships in all three. Your data is never shared across customers.

Cloud

Hosted by us. Up and running today.

  • Fastest to start
  • We handle the infrastructure
  • Per-org encryption keys

On-prem

Runs inside your network. Nothing leaves it.

  • Your data stays in your perimeter
  • Works-council and review friendly
  • Full feature set

Hybrid

Split the workload where it makes sense.

  • Move the AI between cloud and local by config
  • No rebuild to switch
  • One product, one experience

Deployment is a hosting choice, not a feature tier. On-prem means nothing leaves your network. Workload mobility means you can move the AI between cloud and local by config, with no rebuild. Whichever you pick, your data is never shared across customers.

Compliance

The honest status.

SOC 2 and ISO 27001 are on the compliance roadmap. We are not certified yet, and we are not going to imply otherwise. The controls underneath are already in place.

On the compliance roadmap

SOC 2 and ISO 27001 are planned, not earned. No badge, no claim of current certification. When we carry the certificate, we will say so here and nowhere will we say it before then.

Controls in place today

  • Email bodies encrypted at rest
  • Per-organization encryption keys
  • Append-only audit design
  • GDPR-minded data handling
  • Raw content purged on a clock
  • Works-council-friendly deployment

Read the model. Then put it to the test.

Bring your toughest privacy question. We would rather earn the trust than ask for it.