ar.io
Trust Center

Don't trust, verify.

Data integrity proven by cryptography, not promised by vendors.

  • Protocol-enforced immutability — no admin override
  • Cryptographic proof that stored data hasn't been altered
  • Independent verification — no vendor contact required
Book a Call
View Documentation

What Makes It Secure

Built on the Arweave protocol — a decentralized permanent storage network operational since 2018 with zero data loss — ar.io provides security properties that are structural, not policy-based.

Protocol-Enforced Immutability

No admin override, no vendor override, no single point of deletion. Immutability is a structural property of the protocol — not a policy setting.

Cryptographic Integrity & Provenance

Merkle tree verification ensures any tampering is mathematically detectable. Permanent, tamper-proof records of who created what and when, architecturally aligned with C2PA content authenticity standards.

Client-Side Encryption

AES-256-GCM encryption before data leaves your environment. You manage all keys. No vendor access to plaintext — ever.

Decentralized Redundancy

Hundreds of replicas across dozens of countries. Self-healing replication via economic incentives. 7+ years zero data loss.

Independent Verification

Any auditor, regulator, or third party can verify data integrity with only a transaction ID. No vendor contact required.

Open Source

All code is open source on GitHub and fully self-hostable. Zero vendor dependency if you choose sovereign deployment.

How Verification Works

No vendor contact, API keys or subscriptions. Just math.

Store

Upload data through ar.io. Receive a transaction ID — your permanent cryptographic receipt.

Retrieve

Fetch your data from any ar.io gateway worldwide — or from your own self-hosted gateway.

Recompute

Compute the Merkle data root from the retrieved data using the open-source algorithm.

Compare

Check the computed root against the on-chain root in the transaction header on Arweave.

Verified

If roots match, the data is byte-for-byte identical to the original. Mathematical proof, not a vendor promise.

Learn more about Wayfinder — the client-side verification protocol

Compliance

We use the term “architecturally aligned” — not “certified compliant.” Here's our honest status.

Where We Align

  • SEC 17a-4 (WORM)

    Protocol-enforced write-once storage meets WORM technical requirements

  • SOX / FINRA

    Immutable, independently auditable records with tamper-proof timestamps

  • GDPR

    Crypto-shredding + gateway content moderation; consult legal counsel

Not Currently Supported

  • SOC 2 Type II
  • ISO 27001
  • HIPAA BAA
  • FedRAMP

What we offer instead of certifications

Cryptographic proof. Any auditor, regulator, or third party can independently verify data integrity using only a transaction ID — no vendor involvement, no NDA, no trust required. We believe verifiable security is stronger than audited security.

Transparency

Security through openness, not obscurity.

What We Do

  • All code is open source ( github.com/ar-io)
  • Observation reports stored permanently on Arweave
  • All network state publicly verifiable on-chain
  • Economic model and endowment fund publicly documented
  • Full security architecture document available upon request

What We Don't Do

  • No server-side encryption — you control all encryption
  • No data deletion — by design; crypto-shredding available
  • No data residency controls — global replication by design
  • No vendor access to your plaintext data
  • No recurring fees that could lapse and put data at risk

Common Questions

Do you have SOC 2?
No. We do not currently hold SOC 2 or ISO 27001 certifications. Instead, we offer something traditional vendors cannot: cryptographic proof of data integrity that any third party can independently verify without contacting us, without API keys, and without any subscription.
How is data encrypted?
All encryption is client-side, before data reaches ar.io. We recommend AES-256-GCM. You manage all keys — we never have access to plaintext data. You can use any enterprise KMS, HSM, or ArDrive's built-in encryption.
Can data be deleted?
No, by design. Data on Arweave is permanent. For GDPR scenarios, we support crypto-shredding (destroying the encryption key renders encrypted data mathematically inaccessible) and gateway-level content moderation.
What if I accidentally upload unencrypted data?
It is permanently and irreversibly public. This is the most important operational risk to address before deployment. Use mandatory encryption pipelines or ArDrive private drives, which encrypt data automatically before upload.
How do I verify data integrity?
With only a transaction ID, you can retrieve data from any of hundreds of gateways, recompute its Merkle root, and compare against the on-chain root. A match provides mathematical proof the data is byte-for-byte identical to the original — no vendor involvement needed. The Wayfinder protocol provides client-side routing and cryptographic verification out of the box.
What happens if ar.io shuts down?
Your data persists on the Arweave network regardless of ar.io's status. The gateway software is open source and fully self-hostable. You can run your own gateway and access your data with zero vendor dependency.
How is this different from a traditional backup vault?
Traditional vaults enforce immutability with software policies that privileged administrators can override. Arweave enforces immutability at the protocol level — there is no override mechanism, no admin concept, and no single entity with deletion capability.
How does ar.io relate to content provenance standards like C2PA?
Arweave's architecture is naturally aligned with C2PA (Coalition for Content Provenance and Authenticity) standards — both use SHA-256 hashing and Merkle trees. C2PA's biggest vulnerability is metadata stripping: platforms and file transfers routinely remove provenance manifests. Permanent storage solves this by preserving provenance records independently and immutably, so authenticity can always be verified even after manifests are stripped from the original content.
Where is data stored?
Across decentralized mining nodes in dozens of countries. Data is replicated hundreds of times via economic incentives. You cannot restrict geographic location — global replication is by design, which means no single regional disaster can affect availability.

Verify it yourself

Upload test data, get a transaction ID, and independently confirm integrity from any gateway. Or talk to our team about your security requirements.

Book a Call
Enterprise Solutions