1) Overview

Armcap ControlOps is designed to support security governance workflows across contracts, controls, and incidents. This Security & Trust Statement summarizes the safeguards we apply to protect the confidentiality, integrity, and availability of information processed by the Services.

Contact: contact@armcapops.com

Address: Cumming, GA 30041, USA

Important: This statement is provided for transparency and does not create additional contractual commitments unless expressly incorporated into a signed agreement.

2) Shared Responsibility Model

Security is a shared responsibility:

Armcap responsibilities: securing the platform, infrastructure, and operational controls that support the Services.
Customer responsibilities: managing user access, configuring account settings, and ensuring appropriate use of the Services (including the content you upload).

3) Data Handling and Privacy Commitments

3.1 Customer Data Ownership

Customers retain ownership of their uploaded documents and content ("Customer Data"). Armcap processes Customer Data solely to provide and operate the Services and as described in our Privacy Policy and Terms of Service.

3.2 "No Training on Customer Data" (Platform Stance)

Armcap does not sell Customer Data. Armcap's position is that Customer Data should not be used to train public/general models in a manner that makes Customer Data available to other customers or the public.

(Note: exact terms can be governed by subscription terms and/or a DPA where applicable.)

3.3 Data Retention

Customer Data retention and deletion are governed by subscription settings and contractual terms. Standard post-termination export window: 30 days (unless otherwise agreed).

4) Core Security Controls (High-Level)

Armcap implements a set of administrative, technical, and physical safeguards designed to protect the Services.

4.1 Access Control

Role-based access controls (RBAC) and least-privilege principles
Secure authentication and session management
Account-level administrative controls

4.2 Encryption

Encryption in transit using industry-standard protocols (e.g., TLS)
Encryption at rest where applicable and supported by hosting providers

4.3 Logging and Monitoring

Platform logging to support security monitoring and troubleshooting
Audit logs for key system events (e.g., authentication events, administrative actions), where supported by the plan and feature set
Alerting on anomalous or suspicious activity (where applicable)

4.4 Secure Development Practices

Change management and version control
Separation of environments (e.g., development vs production) where applicable
Routine maintenance and patching practices aligned to risk

4.5 Vulnerability and Risk Management

Vulnerability handling processes to assess and prioritize remediation
Dependency and component updates, as applicable
Security reviews of material changes, where appropriate

4.6 Data Segregation

Armcap is designed to support logical tenant separation so that Customer Data is isolated by account/tenant.

5) Subprocessors and Third Parties

Armcap may use trusted service providers (subprocessors) for infrastructure hosting, analytics, email delivery, support tooling, and payment processing.

Subprocessors are required to maintain appropriate security measures. A subprocessor list is available upon request via contact@armcapops.com.

6) Incident Management (Armcap Internal)

Armcap maintains internal incident management practices designed to:

Detect and respond to security events affecting the Services
Contain and remediate confirmed issues
Communicate with customers where contractually required

Customer notification practices, timing, and scope may depend on contractual terms and the nature of the event.

7) Business Continuity and Availability

Armcap's architecture and operational practices are designed to support service continuity, including:

Infrastructure redundancy options provided by hosting vendors (where applicable)
Backups and recovery practices appropriate to the service tier and platform maturity

8) Customer Best Practices (Recommended)

To strengthen your security posture when using Armcap:

Enforce strong authentication (and SSO if available)
Apply least privilege for Users
Use secure handling practices for sensitive documents before uploading
Configure retention settings aligned to your policies
Review and validate Outputs before operational or legal reliance (AI-assisted outputs may require human review)

9) Compliance Alignment (Positioning)

Armcap is designed to support customer governance efforts aligned to common frameworks (e.g., SOC 2, ISO 27001, NIST CSF). Framework mapping and artifacts are provided to help customers operationalize controls and evidence; customers remain responsible for their overall compliance posture.

10) Changes to This Statement

We may update this Security & Trust Statement from time to time and will revise the "Last Updated" date accordingly.

11) Contact

Questions about security or trust practices: contact@armcapops.com

Armcap ControlOps — Security & Trust Statement