Frequently Asked Questions

We built ArcaKey for people and organizations who can’t accept the privacy trade-offs of mainstream AI. The questions below are the ones we hear most often — about what “encrypted” really means here, what we can and can’t see, where your data lives, and how we handle compliance. Answers describe what ArcaKey actually does today. Where a feature is being completed for our public launch, we say so.

If your security team has questions not covered here, contact us — we’d rather walk you through specifics than ask you to take anything on trust.

1. What does “encrypted” actually mean here?

Encryption is a word that gets used loosely. Here is exactly what it means in ArcaKey.

In transit. Every session establishes a key exchange using ML-KEM-768, a post-quantum-secure key encapsulation method. Messages between your browser and our servers travel inside that session, protected with AES-256-GCM authenticated encryption.

At rest. Anything you explicitly save — vault memories, ingested documents — is stored encrypted in our database. The ciphertext is what sits on disk; the plaintext is reconstructed only when needed to answer your queries.

Zero retention by default. The conversation in your active session is held in ephemeral memory, not on disk, and is purged when you end the session. Only what you explicitly save persists.

Encryption protects your data from third parties in transit and at rest. It does not prevent you from copying, screenshotting, or exporting your own content — see Question 4.

2. Can the AI provider read my prompts?

It depends on which model you pick, and we make the choice visible in the model picker. Models are grouped two ways:

“Your data only” — self-hosted models (Qwen, Llama, DeepSeek). Your prompt does not leave ArcaKey-controlled infrastructure. Inference runs on servers we operate. No third-party AI provider is in the loop.

“Third-party model” — cloud models (Claude, GPT). Your prompt is sent to Anthropic or OpenAI for inference. ArcaKey is configured for zero data retention with both providers: your prompts are not used to train their models and are not retained beyond the inference window. The published privacy terms of the respective provider apply.

If you need absolute provider isolation, choose a self-hosted model. If you need a specific frontier-model capability and are comfortable with the zero-retention posture of cloud inference, choose a cloud model. The decision is yours on every turn.

3. Can ArcaKey read or retain my conversations?

For active session conversations: no. The session is held in ephemeral memory on our servers and is purged when you click End Session or after a brief idle period. We do not log conversations. We do not train any model on them. Our operators do not have routine access to your active session content.

What you choose to explicitly save is a separate matter. Saving a memory or ingesting a document is a deliberate persistence action by you — see Question 9 for how saved content is handled, and the architectural trade-off that makes it useful to you.

4. Can I copy, paste, screenshot, or export to Word?

Yes. ArcaKey’s encryption protects your data from third parties — network attackers, AI providers, server operators. It does not, and was never designed to, restrict you from working with your own content.

You can copy and paste from any message, take a screenshot, or export the session to a local file. We deliberately do not block these. Blocking them would create a false sense of security without preventing a determined user from getting their data out, which is a worse outcome than being clear about the exposure profile.

What you should know: a copy-paste or a screenshot creates an unencrypted copy of that fragment on whatever device or application you put it into. That copy is then governed by the privacy properties of that destination, not ArcaKey’s. For sensitive material, a Save to Vault or an encrypted local export is preferable to a screenshot — see Question 5.

5. How long does a session last, and what are my save options when it ends?

Sessions auto-end after 60 minutes of inactivity. The timer is sliding — every message you send or receive resets it back to 60 minutes — so an active conversation never expires mid-thought. A countdown chip in the chat header shows time remaining; at five minutes left we surface a save-or-continue prompt so you can either extend the session or preserve what you have.

The default is purge: when the session ends, the conversation is removed from our servers. From there, you have two explicit save paths.

Save to Vault (server-side encrypted). Persist selected memories, or the full session, to your vault. The content is stored encrypted at rest. It becomes available to you in future sessions and can be referenced by the AI when you ask related questions — see Question 9 for the implications.

Encrypt locally and download (rolling out for launch). Export the session as an encrypted file using a passphrase you hold. ArcaKey never sees the passphrase or the plaintext. You can decrypt the file later, locally, to read it or re-import it into a future ArcaKey session.

You can also turn on Ghost Mode for a single session — see Question 7 — to skip server-side persistence entirely.

6. Where is my saved data physically stored?

Vault memories and ingested documents live in a managed Postgres database (Supabase) with encryption at rest. Active session conversations live briefly in a managed Redis cache (Upstash) and are purged when the session ends. Audit events — what time you signed in, what model you used — live in the same encrypted database.

ArcaKey’s primary deployment today is in United States infrastructure. Canadian and European regional deployments are in active build for our public launch, so customers can pin their saved data to a specific jurisdiction. If your organization requires data residency in a specific region before that work is complete, contact us before onboarding so we can confirm what is available for your tier.

We do not share your saved data with any third party for training, advertising, or analytics. The only outbound data flow that exists during normal use is the prompt you send to a third-party model provider when you explicitly choose one — see Question 2.

7. What is Ghost Mode?

Ghost Mode is a per-session toggle for the strongest privacy posture available on a single conversation. With Ghost Mode on, the session is treated as fully ephemeral: the audit trail is reduced to the minimum required for security, no save-to-vault is permitted from that session, and operational telemetry is suppressed beyond uptime monitoring. You can still encrypt and download a local file at the end of the session if you want a personal record.

Every account, on every tier, currently includes one free Ghost-Mode save per month for cases where you want to capture a record outside our infrastructure. Ghost Mode itself is universally available — it is not a paid upgrade.

8. What about HIPAA, SOC 2, and GDPR?

Honest current state, with no overclaiming:

HIPAA. ArcaKey is not formally HIPAA-certified. Business Associate Agreements (BAAs) are available on request for organizations that need to use ArcaKey under their own HIPAA program. Contact us before onboarding any regulated workload so we can confirm fit and execute the BAA.

SOC 2. A Type 1 attestation engagement is in progress, with a target completion in Q3 to Q4 of 2026. In the meantime, we can share our security controls documentation and our roadmap to Type 2 under NDA.

GDPR. Our data handling is GDPR-aligned. A Data Processing Addendum (DPA) and a Data Protection Impact Assessment (DPIA) are available on request for EU customers. European data residency is in active build — see Question 6.

If your compliance team has specific requirements not covered here, please reach out. We are direct about what is in place, what is in flight, and what is not yet in scope.

9. If everything is encrypted, how does the AI know about my saved documents?

This is the most important architectural detail in ArcaKey’s design, and it deserves a precise answer rather than a marketing one.

The active session is ephemeral and purged on End Session. That covers Zero Retention. But the moment you explicitly save a memory or ingest a document, you are asking the platform to make that content findable by the AI later, when you ask a related question. Retrieval and semantic search across your saved content — what people sometimes call RAG — is the entire reason a vault is more useful than an opaque blob you simply store and re-download.

For retrieval to work, the platform has to be able to read your saved content at query time, find the parts relevant to your question, and present them to the model. That requirement creates a trade-off, and we want it visible.

Today’s posture across all tiers. Saved content is stored encrypted at rest. When you ask a question, our service decrypts the relevant pieces at query time, retrieves the matches, and uses them to answer. The platform holds the key for this. We do not log your saved content, do not train on it, and do not access it for any purpose other than answering your queries. Operationally, this is a strong posture — but it is a server-side-decrypt design, not a server-blind one.

Stronger posture, rolling out for launch — user-keyed encryption. You hold the passphrase. The platform stores ciphertext and cannot decrypt your saved content without your unlock. Retrieval still works during an active unlocked session, because the content is decrypted in your session context. After the session ends, your saved content becomes server-blind to ArcaKey: even under legal compulsion, we cannot recover or read it. Lose the passphrase, lose the data — that is the cost of true server-blindness, and we will be explicit with you about it when you choose this mode.

The design intent is to give you a real choice. Default mode for full RAG capability under a strong privacy posture. User-keyed mode for full server-blindness when retrieval-during-unlock-only is acceptable for your use case. Both will be available on every tier at launch. Which is right for you depends on how your team uses the vault and what your compliance requirements look like — happy to walk through it with your security team if helpful.

10. Tiers and pricing

The four-tier individual launch is Professional, Pro Suite, Executive, and Sovereign. The cryptographic floor is identical across all four — every paid tier is end-to-end encrypted, post-quantum, and TEE-isolated. The tiers differ in model menu depth, frontier headroom, compliance posture, and dedication of infrastructure. Below are the questions we hear most about how the tiers compare and how billing works.

What’s the difference between Professional and Pro Suite?

Pro Suite unlocks the full Best-in-Class menu — Claude Sonnet and Claude Opus on top of the Claude Haiku and GPT-5.4 Nano/Mini already in Professional — and the full Private AI menu, adding Qwen3 Coder Next and GPT-OSS 120B to Llama 3.3 and DeepSeek R1. Frontier inference headroom rises from $50 to $200 per month; TEE inference from $25 to $75. Vault grows from 5 GB to 25 GB; saved-memory ceiling from 1,000 to 10,000. Audit retention rises from 90 days to 180 days, and support tightens from 48-hour email to 24-hour email-and-chat. Same encryption posture; more menu, more headroom, faster response.

What’s the difference between Pro Suite and Executive?

Executive adds Confidential AI — HIPAA-eligible TEE-attested inference for regulated workloads (PHI, PII, GDPR-regulated data) via Phala SOC 2 Type 1 sub-processor BAA. Executive’s Best-in-Class menu also adds Gemini 2.5 Pro, Mistral Large 3, and GPT-5.4 (full). Frontier headroom rises to $400/mo, TEE inference to $300/mo. Vault grows to 50 GB; saved memories to 25,000. Audit retention becomes full; support becomes 12-hour email-and-chat; onboarding becomes a guided session rather than self-serve.

When do I need Sovereign?

Sovereign is the right tier when the requirement is dedicated single-tenant infrastructure, custom compliance posture (FedRAMP-equivalent, IRAP, country-specific data residency), per-tenant branding, or a custom MSA. If the requirement is more capability or more headroom — bigger model menu, larger vault, higher frontier credit — Pro Suite or Executive is usually the better fit. The dedicated /sovereign page covers scenarios in detail; pricing starts at $10,000/mo with annual minimums.

Can I get HIPAA BAA on Professional or Pro Suite?

Three BAA paths cover ArcaKey: (1) Phala-direct for our Confidential AI TEE path, offered on Executive where we handle the supporting paperwork and audit. (2) Anthropic Enterprise, OpenAI Enterprise, and Google Vertex AI BAAs cover most Best-in-Class models at the upstream contract level — coverage applies on every tier those models are available, not gated to ArcaKey’s tier. (3) Mistral Large 3 routes via AWS Bedrock under the AWS account-level BAA (active 2026-05-11) — the same BAA umbrella that covers our tenant-CMK KMS infrastructure. For PHI workloads we recommend Executive for the wraparound onboarding and audit support, even though the upstream BAA is technically active at lower tiers. Before onboarding any regulated workload, contact us to confirm fit and execute paperwork.

Who controls the encryption keys on Executive?

Executive (and Sovereign) customers can opt into a tenant-scoped Customer Master Key (CMK) in AWS KMS — bring-your-own-key (BYOK). The CMK wraps the per-user passphrase-derived key. Once enabled for your organization, every memory written under that org is encrypted by a per-blob data key whose wrap is sealed under your CMK. You can revoke decryption capability platform-wide at any time from your AWS KMS console — once revoked, ArcaKey can no longer unwrap any CMK-protected data for your organization, including via internal admin recovery. KMS is FIPS 140-2 Level 2 today; an L3 HSM upgrade is JIT-activated on contractual L3 requirement (AWS CloudHSM, Azure Managed HSM, or Fortanix DSM, vendor-selected at trigger).

Tenant CMK is available, not default-on: a customer opts in during onboarding. A self-serve Admin UI for the enablement step is in active build. Until that ships, opt-in runs through your ArcaKey contact and takes a single business day end-to-end.

What models does each tier include?

Professional. Private AI: Llama 3.3, DeepSeek R1. Best-in-Class: Claude Haiku, GPT-5.4 Nano, GPT-5.4 Mini.

Pro Suite. Everything in Professional, plus Private AI: Qwen3 Coder Next, GPT-OSS 120B; plus Best-in-Class: Claude Sonnet, Claude Opus.

Executive. Everything in Pro Suite, plus Confidential AI (HIPAA-eligible TEE-attested inference); plus Best-in-Class: Gemini 2.5 Pro, Mistral Large 3, GPT-5.4 (full).

Sovereign. Everything in Executive, plus dedicated single-tenant TEE infrastructure, country-specific residency, and a per-engagement model menu negotiated in your MSA.

How does overage billing work?

Each tier ships with a monthly frontier inference credit (covering Best-in-Class models) and a separate TEE inference credit (covering Confidential AI and Private AI on dedicated TEE compute). Inference inside that allowance is included in the monthly fee — nothing additional to track. Inference beyond it is billed at cost plus a tier-specific markup at the end of the cycle. There is no per-call surcharge and no surprise denial mid-conversation. You will see warning banners in-product at 80% and 95% of allowance, and email warnings at the same thresholds, with the option to upgrade or pause.

Can I cap my spending?

Yes. Account Settings → Billing → Inference allowance has a hard-stop toggle. The default state is off, meaning overage is permitted and billed at cycle close. Toggling it on causes inference to pause at 100% of allowance until the next cycle resets or you upgrade. The mid-conversation pause shows a clear modal explaining the state, with one-click options to enable overage for the rest of the cycle or to upgrade tier. Either choice is valid; the toggle is yours and is changeable at any time.

Which flagship models are available?

Claude Haiku, Sonnet, and Opus; GPT-5.4 (Nano, Mini, Full); Mistral Large 3; and Gemini 2.5 Pro are all available today. Check tiers and pricing to see which models are available in each tier. The Best-in-Class menu evolves as new flagship models become available; existing customers are notified by email when a model is added to their tier.

Questions, security disclosures, or compliance requests

Email the founder directly: contact details on the About page, or write to us through the form on the Contact page. We respond to security disclosures within one business day. We respond to compliance and BAA requests within three business days.

This FAQ is updated as ArcaKey ships features. The “Last updated” date at the top of the page reflects the most recent change.