ArclianceArcliance Legal Center
Sign inProduct

Updated January 2025

Acceptable Use Policy

This Acceptable Use Policy (AUP) protects the security, reliability, and regulatory posture of the Arcliance platform. It applies to every Authorized User, administrator, contractor, or integration that touches the Services.

Foundational Principles

Use of Arcliance is conditioned on lawful, responsible behavior. You may only store information that you are lawfully entitled to share with Arcliance and that falls within the scope of your export control program. Violating this AUP can result in suspension under the Terms of Use.

Security Expectations

Customers share responsibility for protecting their data and identities. At a minimum, Arcliance expects customers to implement the following controls:

  • Enable phishing-resistant multi-factor authentication (hardware key or TOTP) for all privileged roles.
  • Federate identities through SAML or SCIM wherever practical so that centralized HR triggers access revocation.
  • Review audit logs weekly for anomalous access to ITAR technical data repositories.
  • Maintain device posture controls that enforce full-disk encryption and endpoint detection on laptops accessing the platform.
  • Segment export-controlled data and ensure data residency expectations match the selected hosting region.

Prohibited Conduct

Users may not engage in any of the following activities:

  • Attempting to bypass role-based access controls, audit logging, or encryption safeguards.
  • Uploading data obtained in violation of export control laws, trade secrets laws, or contractual commitments.
  • Providing access to non-U.S. Persons where laws, licenses, or technology control plans forbid such access.
  • Using shared or generic accounts, password spraying, or storing credentials in plaintext repositories.
  • Transmitting malicious code, performing penetration tests, or conducting load tests without written authorization.
  • Using the Services to surveil individuals, discriminate, or support military or intelligence end uses covered by BIS §744.21 without a validated license.

Data Sovereignty and Export Restrictions

Customers are responsible for configuring geographic access restrictions, encryption key residency, and user eligibility to ensure compliance with ITAR 126.18, ITAR 130, and EAR Part 734. Data subject to additional jurisdictional requirements (for example, Canadian Controlled Goods or EU dual-use) must be flagged so the correct controls are applied at rest and in transit.

Reporting Suspected Abuse

Contact trust@arcliance.com within 24 hours if you suspect unauthorized access, a compromised credential, or violations of this AUP. Include the affected tenant, the impacted export authorizations, and known timings. Arcliance will coordinate incident response and, when necessary, notify DDTC or BIS in alignment with Customer obligations.