Governance

Powerful technology demands responsibility

ARROW is built to be used within a framework of accountability, oversight, and respect for the people and systems our customers protect.

We build capability for defenders — and we hold ourselves to the standards that responsibility requires. The principles below govern how ARROW is designed, deployed, and supported.

01

Responsible use

ARROW is licensed for lawful, authorized security work. We review deployments and reserve the right to decline or discontinue use that falls outside that scope.

02

Data stays with you

Source code and findings never leave the customer environment. We do not collect, retain, or transmit your code — by design, not by policy alone.

03

Oversight & accountability

Deployments to sensitive and government environments follow defined review, approval, and audit processes with clear lines of accountability.

04

Coordinated disclosure

We support coordinated vulnerability disclosure and give defenders the context and time to remediate before issues become public.

Reporting a vulnerability

If you believe you've found a security issue in our software or services, we want to hear from you. Contact our team and we will acknowledge your report and work with you on a coordinated timeline.

Bring ARROW to your organization

Talk to our team about deploying context-aware security across your environment.