Arkna Book a review ↗

Security & data independence

The record proves what happened, without holding what's sensitive.

Arkna is built to need as little of your data as possible. PII is redacted by default, your records stay in your tenant, and what Arkna keeps is structured to be verified, not mined.

Your tenant

customer recordsraw payloadsPII · names

Stays with you. Arkna references it, but does not copy it by default.

redact at boundary

Arkna · the record

actioncontext refhash ✓

What an agent did, in order, with references back to your source records, de-identified and hash-chained.

The record proves what happened without exposing who. Identity stays behind the boundary.

You own the data. You export it, you delete it. Only de-identified aggregates ever leave, and only if you opt in.

How we handle data

PII redacted by default

Personal data is stripped at the boundary before it reaches the record. Capturing it is the exception, not the default.

Data stays in your tenant

Your records remain in your environment. Only de-identified aggregates leave, and only when you opt in.

You own and control it

Export or delete the record at any time. Access, retention and export are scoped to the workflow under review.

Hosted in AWS Sydney

The managed service runs in AWS Asia Pacific (Sydney · ap-southeast-2). BYOK and in-VPC deployment are available for stricter requirements.

Compliance posture, stated plainly.

accurate as of this release

We don't claim certifications we don't hold. There's a difference between a standard Arkna is certified against and a framework Arkna maps evidence to. We keep it.

Certifications, status

SOC 2on the roadmap

ACSC accreditationtarget, not held

We will say "certified" only once we are.

Frameworks we map evidence to

EU AI Act · Annex IV ISO/IEC 42001 NIST AI RMF APRA CPS 230 / 234 TGA

A crosswalk: Arkna pre-maps evidence to these. It is not certification under them.