ArkForge is built for the enterprise. Every component of Trust Layer is designed with security-first principles — from the API key you receive to the cryptographic proof that gets stored.
All connections to trust.arkforge.tech are served exclusively over HTTPS. Plain HTTP is rejected at the nginx layer. Target URLs must also be HTTPS — the proxy refuses any unencrypted forwarding.
nginx handles TLS termination in front of the application server, which binds to loopback only (127.0.0.1:8100). The application process is never directly exposed to the internet.
API keys are 48-character cryptographically random tokens generated with secrets.token_hex(24) (Python stdlib). Keys are never transmitted in clear text in logs — all headers and keys are automatically redacted before writing to any log file.
Authentication attempts are rate-limited to 10 per IP per 5-minute window. Excess attempts are rejected with a 429 response. Counters are stored in Redis with an in-memory fallback, ensuring protection even during cache outages.
Every API key carries a plan (Free, Pro, Enterprise, Platform) with hard monthly proof quotas enforced atomically via Redis INCR. Quota alerts fire at 80% consumption. Overage requires explicit opt-in with a EUR cap.
API keys are stored at rest encrypted with Fernet (AES-128-CBC + HMAC-SHA256). The encryption key lives in a separate vault — never co-located with the encrypted data.
Every proof generated by Trust Layer is signed and witnessed by three independent third parties. ArkForge cannot forge or retroactively alter a proof once issued.
Each proof is signed with ArkForge's Ed25519 private key. The corresponding public key is published and independently verifiable. Ed25519 offers 128-bit security with compact signatures.
Proof timestamps are countersigned by an RFC 3161 TSA pool (FreeTSA, DigiCert, Sectigo). The timestamp is legally admissible in most jurisdictions and proves the proof existed at a specific point in time.
Proof hashes are submitted to Sigstore Rekor, a public, append-only transparency log. Inclusion is independently verifiable by anyone — no trust in ArkForge required.
Proofs are write-once. Once issued, a proof cannot be modified, backdated, or deleted — not by ArkForge, not by anyone. The Rekor entry serves as a permanent anchor.
Target URLs are validated before any request is forwarded. Private IP ranges (RFC 1918), loopback addresses, link-local addresses, and cloud instance metadata endpoints (e.g. 169.254.169.254) are blocked. DNS resolution is checked post-resolution to prevent DNS rebinding attacks.
Forwarded responses are capped at 1 MB. Larger payloads are truncated to prevent memory exhaustion. Request timeouts are enforced at 120 seconds.
Error responses return generic status codes (401, 403, 429, 500) without leaking internal details, stack traces, or infrastructure information.
Custom request headers are capped at 10 per request. Headers are validated and sanitized before forwarding to prevent header injection.
All ArkForge infrastructure is hosted on OVHcloud servers located in France (European Union). No data is processed or stored outside the EU.
ArkForge is a French company. GDPR compliance is not an afterthought — it is the default. Data processing agreements (DPA) are available for Enterprise customers.
Trust Layer generates tamper-proof audit trails that satisfy Article 9, 13–15, and 17 requirements of the EU AI Act for high-risk systems. Compliance deadline: August 2026.
All credentials (API keys, SMTP, Stripe, signing keys) are stored in a dedicated vault. Secrets are never hardcoded, never written to source control, and never appear in application logs. Log redaction runs before any write to journald.
Python dependencies are pinned with exact versions and audited on every commit with pip-audit. A GitHub Actions dependency review workflow blocks merges that introduce known CVEs.
Found a vulnerability? We appreciate responsible security research. Please report findings to contact@arkforge.tech with a description of the issue and reproduction steps. We commit to acknowledging reports within 48 hours and resolving confirmed vulnerabilities within 30 days.
We ask that you do not publicly disclose vulnerabilities before we have had the opportunity to address them.