Arcjet security
Vulnerability & patch management policy
Section titled “Vulnerability & patch management policy”External vulnerability reports are logged and assigned to an individual responsible for that component. They will be assessed and a patch released or update applied within 10 working days. We do not operate a bug bounty program, but encourage Coordinated Vulnerability Disclosure via security@arcjet.com.
We apply security updates within 10 working days or in the case of our SDKs when building a new release, whichever is sooner. However, in the case of a critical vulnerability, such as one that is being actively exploited, we aim to implement a mitigation or patch as quickly as possible. All other updates are reviewed and applied within 20 working days.
Compliance
Section titled “Compliance”Arcjet has successfully completed a Type 1 System and Organization Controls 2 (SOC 2) examination for the Arcjet Platform as of August 26, 2025.
The examination conducted by AssurancePoint, LLC found that Arcjet Labs, Inc. achieved its service commitments and system requirements as measured by the SOC 2 criteria for Security, Availability, and Confidentiality. The examination concluded in an unqualified (clean) opinion.
We are now in the process of completing our SOC2 Type 2 examination.
Find out more in the Arcjet Trust Center.
Security updates
Section titled “Security updates”We provide security updates for the latest and previous major SDK releases. See our support policy for details.
Security contact
Section titled “Security contact”Please email security@arcjet.com for anything security related.