Arcjet privacy

Arcjet is designed to process data primarily within your environment to minimize latency and reduce the amount of sensitive information sent to our systems. However, we do process some data remotely through our real-time decision API to enhance analysis and reporting.

Our privacy policy details the legal basis for data processing. This page provides additional technical details.

Data processed remotely

The Arcjet SDK uses a sandboxed WebAssembly module within your environment to analyze request details. Additionally, our real-time cloud decision API processes some data to:

• Provide real-time analysis and decisions.
• Enhance background analysis and reporting.
• Display request details in your dashboard.

Request data processed remotely:

• Request IP address.
• Request headers.
• If you use custom characteristics for request fingerprinting: any provided characteristics.
• If you use email validation: the provided email address.

All other request data, including the request body, is processed entirely within your environment.

Data retention

Data is retained for 30 days to provide historical analysis. Aggregated data is retained for longer to give you insights into your application’s traffic patterns.

Geographic processing

Our API operates in multiple regions across various platforms to ensure low-latency responses. While we aim to process requests in the same region as your application, this is not guaranteed due to redundancy and failover mechanisms.

If you require data processing in a specific region, we offer a paid add-on. Contact us for more information.