Service scope
Exact protection scope — devices, folders, applications, expected volume, backup frequency, retention categories, and recovery priorities — is recorded in writing in the Order Form.
Last reviewed:
Trust Centre
Clear scope, technical controls, and contractual boundaries for the agreed backup service.
The information in the Trust Centre describes the ArvaSafe service and does not constitute legal advice or certification of the customer's overall compliance.
Last reviewed:
Scope & controls
Exact protection scope — devices, folders, applications, expected volume, backup frequency, retention categories, and recovery priorities — is recorded in writing in the Order Form.
Last reviewed:
Installation and monitoring of agreed backup jobs, alert investigation, agreed restore tests, monthly reporting, restore support, and documentation of the service controls.
Last reviewed:
It does not provide legal advice or DPO services, general IT support, incident response, database or medical-system protection, or full-system recovery unless separately assessed and agreed in writing.
Last reviewed:
Data is encrypted with AES-256 before upload. Storage and platform providers do not hold the decryption keys.
Last reviewed:
ArvaSafe manages the protected key. Named authorised personnel may use it only for an approved restore or technical-support case, with restricted and logged access.
Last reviewed:
The selected content-storage region and any geographic constraints are recorded in the Order Form and relevant DPA. Unconfirmed locations are not published here.
Last reviewed:
Limited management, support, website, or communications data may be processed by disclosed providers and sub-processors under the relevant contractual terms.
Last reviewed:
The current register and change-notification process are provided through the DPA. Names, roles, and locations are published only after verification for the production service.
Last reviewed:
The type and scope of each test are recorded in the Order Form. It may be a file-level restore, a representative endpoint, or another specifically agreed test; execution and results are recorded.
Last reviewed:
A confirmed incident affecting the agreed service is assessed, recorded, and notified in writing under the DPA and applicable contract terms, using the information available at the time of notification.
Last reviewed:
At termination, ArvaSafe may, under the agreed exit plan, restore selected data to a customer destination in a usable form or support a transition to a compatible provider. Exceptional third-party charges or physical-media costs are disclosed before transfer.
Last reviewed:
Relevant security certifications are shown only after verification for the specific provider and service. They apply to that provider and do not certify ArvaSafe or the customer's overall compliance.
Last reviewed:
Retention & deletion
Terminology
The retention period is defined in writing for each data category in the Order Form, based on the customer's instructions and legal or professional assessment.
Retention determines how long a version remains available.
Immutability determines how long a version cannot be modified or deleted. It is not the same as retention and applies only when agreed.
A temporary suspension of deletion on specific data, at your written request due to audit or dispute.
Export and deletion after termination follow the process set out in the contract and the agreed exit plan.
Last reviewed:
For security, privacy, or vulnerability-reporting questions, contact privacy@arvasafe.com.
Contact
Two simple ways to get started. Pick whichever feels right, both reach me directly.