Argus | AI-Powered E2E Testing

Our Security Commitment

At Argus, security is not an afterthought - it's foundational to everything we build. We understand that you're trusting us with access to your applications and test data. This document outlines our security practices, compliance certifications, and commitments.

Data Encryption

In Transit

TLS 1.3 encryption for all connections
HSTS enabled with preload
Perfect forward secrecy

At Rest

AES-256 encryption for all data
Encrypted backups
Key management via cloud HSM

Infrastructure Security

Cloud Infrastructure: Hosted on Cloudflare Workers with global edge deployment, automatic DDoS protection, and WAF
Isolated Execution: Each browser session runs in an isolated environment with no persistence between tests
Network Segmentation: Production systems are isolated from development and testing environments
Regular Patching: Systems are automatically updated with security patches within 24-48 hours of release

Access Controls

Authentication: Secure authentication via Clerk with support for SSO, MFA, and social login
Role-Based Access: Granular permissions for teams with owner, admin, and member roles
API Security: API keys with scoped permissions, rate limiting, and audit logging
Employee Access: Least-privilege access for employees, with access reviews every 90 days

Compliance Certifications

SOC 2 Type II

We are pursuing SOC 2 Type II certification covering Security, Availability, and Confidentiality trust principles.

In Progress - Q2 2025

GDPR Compliant

Fully compliant with the EU General Data Protection Regulation. We offer Data Processing Agreements (DPA) for enterprise customers.

Compliant

CCPA Compliant

Compliant with the California Consumer Privacy Act. California residents can exercise their rights through our privacy settings.

Compliant

HIPAA Ready

Our infrastructure supports HIPAA compliance. Business Associate Agreements (BAA) available for healthcare customers on Enterprise plans.

Available on Enterprise

Security Practices

Secure Development Lifecycle

- Code review required for all changes
- Automated security scanning in CI/CD pipeline
- Dependency vulnerability monitoring
- Regular security training for developers

Penetration Testing

- Annual third-party penetration testing
- Continuous vulnerability scanning
- Bug bounty program (coming soon)

Incident Response

- 24/7 security monitoring and alerting
- Documented incident response procedures
- Customer notification within 72 hours of confirmed breach
- Post-incident review and improvement process

Business Continuity

- Multi-region deployment for high availability
- Automated backups with point-in-time recovery
- 99.9% uptime SLA for Enterprise plans
- Disaster recovery plan with annual testing

Vendor Security

We carefully vet all third-party vendors and require them to meet our security standards:

Vendor	Purpose	Certifications
Cloudflare	Hosting, CDN, Security	SOC 2, ISO 27001, PCI DSS
Supabase	Database	SOC 2 Type II, HIPAA
Clerk	Authentication	SOC 2 Type II
Anthropic	AI Processing	SOC 2 Type II
Stripe	Payment Processing	PCI DSS Level 1

Enterprise Security Features

Enterprise plans include additional security features:

Single Sign-On (SSO) with SAML 2.0 and OIDC
Custom data retention policies
IP allowlisting
Audit logs with SIEM integration
Dedicated infrastructure options
Custom DPA and BAA agreements

Report a Vulnerability

We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly:

Security Team

Email: security@heyargus.ai

Please include a detailed description of the vulnerability, steps to reproduce, and any relevant evidence. We aim to respond within 24 hours.

Request Security Documentation

Enterprise customers can request additional security documentation including:

Security questionnaire responses
Penetration test reports (summary)
SOC 2 report (when available)
Insurance certificates
Data Processing Agreement (DPA)
Business Associate Agreement (BAA)

Contact security@heyargus.ai to request documentation.

Security & Compliance