Security & compliance

Operated in Denmark. Documented end to end.

Arcili handles parcel, ownership and transaction data. Your DPO, IT security and auditor get every control documented — no add-ons, no guesswork.

Request the compliance pack Book a walkthrough

View live status

GDPR

Privacy regulation as foundation — not an add-on.

EU residency

Data stays in Denmark and the EU. No sub-processors outside the EU.

SSO/SAML

Microsoft Entra, Google Workspace and Okta. Granular per module.

DPA

Data Processing Agreement ready to sign within 24 hours on weekdays.

Controls

Every control — documented.

We document every control so your DPO, IT security and auditor can verify it — not take our word for it. Here is how data is handled, who has access, and what gets logged.

GDPR & EU data

Privacy regulation is the foundation — not an add-on. All data is processed and stored within the EU.

What it covers

Data stays in Denmark and the EU
No sub-processors outside the EU
Frankfurt hosting — no US transfers
Role-based access per module

Data residency EU

Data in Denmark and the EU

Hosted in Frankfurt

No US transfers

Enterprise SSO & roles

Single sign-on through your existing identity provider, with granular access per team and module.

What it covers

SAML 2.0 and OIDC
Microsoft Entra, Google Workspace and Okta
Granular access per module
Role-based access control

Access

Microsoft Entra Google Workspace Okta

Access per role and module

SAML 2.0 · OIDC

Audit log

Every assessment and action leaves a traceable event trail — so you can document who did what, when.

What it covers

Traced event on every assessment and action
180-day retention
Exportable for your own audit

Audit log Tracked

14:32 SB Assessment created Home
14:05 MK Report exported Project
13:48 AL Role changed Admin

180-day retention · exportable

Data processing & your rights

We process only the data needed to deliver the platform, for the agreed purposes — and as a data processor we help you meet data subjects' rights.

What it covers

Data minimisation and purpose limitation
Access, rectification, erasure and portability
Breaches reported without undue delay (GDPR's 72-hour rule)
Deletion on termination per the DPA

Data subject rights

Access

Rectification

Erasure

Portability

Breach: ≤ 72 hours

Uptime & SLA · Data processing agreement · Subprocessors & pen-test

Uptime & SLA

Operations with a 99.9% SLA, daily backups and encryption at every layer. Live status is always public.

99.9% uptime SLA
Daily backups
Encryption in-transit (TLS 1.3) and at-rest (AES-256)
Live status at status.arcili.com

99.9%TLS 1.3 · AES-256

Data processing agreement

A data processing agreement ready to sign — without long negotiation rounds.

Ready to sign within 24 hours on business days
Covers processing, deletion and sub-processors

Within 24 hours

Subprocessors & pen-test

The full documentation pack is shared on request with your DPO, IT security and auditor.

Sub-processor list
Pen-test summary

On request

Questions & answers

What we get asked most.

Where is our data stored?

Within the EU, hosted in Frankfurt. No transfers to the US, and no sub-processors outside the EU.

What happens in a security breach?

Affected customers are notified without undue delay — in line with GDPR's 72-hour rule — and the incident appears on our public status page.

Do you support SSO?

Yes. SAML 2.0 and OIDC via Microsoft Entra, Google Workspace and Okta, with role-based access per module.

How long is the audit log kept?

180 days, and the log can be exported for your own audit.

How do we get a DPA?

A data processing agreement is ready to sign within 24 hours on business days and covers processing, deletion and sub-processors.

Can we get the sub-processor list and pen-test summary?

Yes — both are available on request at [email protected].

Security & compliance

Get the full documentation pack

DPA, sub-processor list and pen-test summary on request. Contact [email protected].

Request the compliance pack Book a walkthrough