Security
Built on certified infra. Locked down on top.
Arbyn runs on Render, which carries SOC 2 Type 2 and ISO 27001 at the infrastructure layer. On top of that, we make a small number of deliberate choices about how your customer data moves through Arbyn. Here is the full picture.
Architecture
Two layers. Two different jobs.
Security here is two things stacked. The infrastructure underneath, which we outsource to a vendor whose entire business is being audited. And the application on top, which is ours to get right.
How customer messages, Shopify actions, and AI inference flow through Arbyn. Voice fingerprints, kill switch, audit log, refund ceilings, role-based access. This is ours.
Servers, databases, networking, OS patching, physical security. Render carries SOC 2 Type 2, ISO 27001, runs annual third-party penetration tests, and publishes a GDPR DPA. We borrow their work, on purpose.
What Arbyn does on top.
The choices we make about your data are the ones that earn the install. Six concrete controls, no enterprise theater, every one of them shipping today.
Zero-retention LLM
Customer messages and order context sent to the Arbyn model for inference are not retained, not logged for training, not shared with anyone. Arbyn’s AI models running under a strict no-training policy.
Encryption everywhere
TLS 1.3 in transit across every request. AES-256 at rest on the database, managed by Render. API tokens stored encrypted with rotating keys.
Audit log to Shopify timeline
Every action Arbyn takes (refund, cancel, address edit, discount, reply) writes to the Shopify order timeline. Audit history lives where you already look. No invisible actions, ever.
One-click kill switch
One toggle in the dashboard pauses every channel instantly. Drafts pause mid-write. Auto-send disables. Customers don’t get partial replies. Resume the same way you stopped.
Refund ceilings
Hard limits on any money-moving action. Per-action, per-channel. Set them once, Arbyn won’t exceed them. If a customer asks for more than the ceiling, it comes to you first.
Role-based access
Inside the company, access is locked down by default. Only the necessary team can reach live systems. When we hire, every new engineer signs the same access policy: justification required, action logged.
What Render covers.
Render is the cloud platform Arbyn runs on. They publish their own compliance posture and we inherit it for the layer we don’t control. Their public compliance docs cover everything at the infrastructure level.
Independent audit of Security, Confidentiality, and Availability controls.
Current report period on Render’s Trust Center
Renewed annuallyInternational standard for Information Security Management Systems.
Current certification cycle on Render’s Trust Center
3-year certPublic version of the SOC 2 report, available without NDA.
Same audit period as SOC 2
Publicly availableThird-party security assessment of Render's production environment.
See Render’s Trust Center for the latest date
Yearly cadenceData processing agreement with EU transfer protections, EU-ready.
Updated Jan 2025
Publicly availableCalifornia Consumer Privacy Act compliance covered in Render's DPA.
Continuous
CoveredHosted on Render’s US infrastructure (Oregon region).
US-hosted
Region-pinnedFull library: SOC 2 Type 2, ISO 27001 cert, Pen Test, security policy.
View Render docsData flow
What actually happens when a customer emails.
Inbound mail hits your support address. Arbyn forwards the message body, customer email, and order ID into the application (TLS 1.3 in transit).
Order, customer history, fulfillment status, and your store policies pulled fresh from Shopify over a secure connection. No copy is kept once the conversation is done.
Message and context sent to Arbyn’s AI for inference. Not retained, not used for training, returned and forgotten. Reply drafted in your voice fingerprint.
Final reply sent from your domain. Any Shopify action (refund, cancel, edit) writes to your store’s order timeline. Conversation stored encrypted in your region.
The promises
Six things we won’t do.
If we ever change one of these, we email every customer, publish it on the Changelog, and you can cancel and take your data with you. No surprises.
We will not sell your data.
No third-party data brokers, no marketing partner lists, no anonymized-but-monetized data products. Your customer data is yours.
We will not train models on your data.
Customer messages and your support history are not training data. Our AI providers’ terms confirm this. Voice fingerprint is a set of style signals, not your raw messages.
We will not take silent actions.
Every refund, cancel, address change, and discount Arbyn applies writes to the Shopify order timeline. If we did it, you’ll see it. Same place you already look.
We will not add subprocessors without notice.
30-day public notice before any new subprocessor is added. Object in writing and we’ll work it out, or cancel and your data is deleted.
We will not lock you in.
Cancel anytime from your Shopify admin. Your data is exported on cancellation, and deleted from Arbyn within 30 days, retaining only audit logs required by law.
We will not hide incidents.
Any security incident affecting your data, disclosed within 72 hours of detection, by email, with full scope and remediation. This is the GDPR floor. We treat it as the ceiling too.
Contact
Talk to a human about security.
Data processing agreements, security reviews, vulnerability reports, and GDPR data access requests. Real reply within 1 business day.
For data processing agreements, security reviews, contracts, or any paperwork a larger buyer needs before signing.
Send an emailFound something? Email us with details. We acknowledge within 24h and patch fast. No bug bounty program yet, but we publicly credit responsible disclosure.
Report a vulnerabilityReady to try Arbyn?
Certified infra. Honest application layer.
Start free with 150 AI conversations a month. Unlimited is $99/month, flat. Install from Shopify and your data stays in the lane you’d expect.