Arbour Security Standards

Transport

All data transmitted over the public internet needs to be encrypted via TLS 1.3. This applies to transmission between Arbour and the end-user as well as between Arbour and third-party services. For the purpose of user interaction, the Arbour platform website shall only be accessible via HTTPS.

Storage

Tenancy

Arbour stores all data on servers in areas under EU jurisdictions.
Arbour also stores a minimum of data on the end user’s local machine. Encryption of that data is under the responsibility of the respective local operating system and browser.

Security

Arbour will safely encrypt all data at rest. On request, Arbour can provide details on encryption key handling.

Third-Party Services

Arbour uses third-party services for analysing and improving its platform. Arbour will publish and update the list of external services as well as details on the data transmitted to them. In general, Arbour will only forward data that is absolutely necessary for third parties to provide their services.

At Arbour, all data should be transmitted and stored securely according to up-to-date standards. Specifically, Arbour will commit to implementing recommendations from the OWASP Cheat Sheet. In case a rule is explicitly ignored, Arbour will provide a written explanation, outlining the reasoning and the expected security impact.

Arbour will provide a security contact for reporting vulnerabilities and react to security reports within a 24 hour time window.