Security
Your data is safe with us
Ark is built for businesses that handle sensitive member data. Security is not an afterthought — it's baked into every layer of the stack.
Encryption everywhere
All data is encrypted in transit using TLS 1.2+ and at rest using AES-256. Database backups are encrypted with the same standard.
SOC 2 compliant infrastructure
Hosted on Railway and Neon — both SOC 2 Type II certified providers. Your data never touches servers that aren't vetted.
Strict data isolation
Each gym's data is logically isolated. Admins can only access their own business data. Member data is never shared across accounts.
Role-based access control
Admin and member roles have separate authentication flows and permission scopes. API endpoints enforce ownership checks on every request.
Automated backups
Database backups run automatically every 24 hours with point-in-time recovery available. Retention window is 7 days.
Error monitoring and alerting
Sentry monitors all application errors in real time. Anomalous patterns trigger alerts to our engineering team immediately.
Infrastructure stack
Database
Neon Postgres
SOC 2 Type II
Hosting
Railway
SOC 2 Type II
Payments
Razorpay
PCI DSS Level 1
Uptime
99.9%
SLA target
Responsible disclosure
If you discover a security vulnerability in Ark, please report it to us privately before disclosing it publicly. We take all reports seriously and aim to respond within 48 hours.
security@novark.app