Security

Multi-tenant isolation

Arcanon Hub is a multi-tenant SaaS. Every piece of data — repos, scans, services, products, teams, members — is scoped to an organization. Isolation is enforced at the database level.

Row-level isolation

Every row in the database is tagged with an org_id. On every authenticated request, the database enforces a rule that reads, writes, and deletes can only touch rows owned by the requester's org — even if application code has a bug.

Defense in depth

In addition to the database-level rule above, every query run by the application includes an explicit filter on org_id. Two independent layers protect your data.

Authentication

Dashboard sessions

The dashboard uses standard OAuth 2.0 with PKCE. Sessions are short-lived signed tokens, validated on every request.

API keys (programmatic access)

The Claude Code plugin and bundled MCP server authenticate via API keys (arc_...). Keys are stored as SHA-256 hashes — we never keep the plaintext. Each key is scoped to one org.

Input sanitization

Scan payloads are sanitized at ingest:

• HTML tags (including <script> and <style> content) are stripped from service names
• Null bytes and control characters are removed
• This prevents XSS in the multi-tenant dashboard where one org's scan data could contain malicious payloads

Rate limiting

Rate-limited requests receive a 429 Too Many Requests response with a Retry-After header. The dashboard shows a countdown banner when rate-limited.

Account deletion

• User deletion — from the dashboard, you can delete your own account. This scrubs PII from the users table and cascades to org memberships.
• Org deletion — an org owner can delete the org from settings after confirming the org slug. All data belonging to the org is removed in a single transaction.

Data residency

Your data is stored in a managed cloud database hosted by Arcanon. Data residency configuration is planned for a future enterprise release.