A platform that sits between regulators and operators has to earn trust from both sides. Here's how the architecture is designed around that — and where we are on the path to formal certification.
All ingested events are written to an append-only ledger with a tamper-evident hash chain across ingested batches. Historical records cannot be altered — by operators, or by us.
Each regulatory authority retains sovereignty over its jurisdiction's data. Access policy, data residency, and export controls are configurable per authority — not shared across jurisdictions.
Granular access controls separate what regulators, auditors, operators, and platform administrators can see and do, with a full audit trail of every access event.
Operators connect via a documented REST API with Server-Sent Events for live status. No proprietary on-premise software is installed on operator infrastructure.
Reports, exports, and audit case packages carry chain-of-custody metadata designed to hold up to regulatory and legal scrutiny.
Internal access to any jurisdiction's data is scoped to what's operationally necessary, and reviewed as the platform's customer base grows.
We're an early-stage platform and don't yet hold formal certifications like SOC 2 or ISO 27001. We're happy to walk any prospective regulator or operator through the current architecture in detail, and through our roadmap toward formal certification, as part of a technical briefing.
Found a security issue, or have a question about data handling that isn't answered here? Contact us directly at security@arintelligence.io.
Looking for how AML and responsible-gambling obligations are tracked and kept current per jurisdiction? That's covered on the Platform page's AML & RG Intelligence module.
No sales pitch — a direct walkthrough of how data moves through the platform, and how it's protected at each step.
We'll be in touch within one business day. Check your inbox at the email address you provided.