We're committed to ensuring the security of our infrastructure and our users' data. Our information security program is based on ISO/IEC 27002 guidelines and has been refined and updated across our more than 20 year history of shared, dedicated, and virtual server products for 10's of thousands of clients globally.
Each of the data center providers we colocate our equipment with enforces multiple layers of physical security via a variety of technological and human measures. Beyond that, all of our equipment is housed in video monitored and locked cages and/or cabinets.
We maintain full, strict control over root/sudo access to all client "Managed VPS Services" we offer. This allows us to fully control the use of IP address ranges, network interfaces, and active/available ports via managed firewall rules and all installed services running on a given client's virtual machines. For our Self-Managed VPS offerings, we maintain strict control over VLAN segregation, IP and MAC address spoofing, and other required security lock downs to keep both clients and our infrastructure as a whole safe and secure.
Our virtualization platform (pre-Gen5 accounts - Before Feb 2nd 2025) utilizes LXD, Ubuntu/Canonical’s pure-container hypervisor, to provide our clients bare-metal performance along with precise quality-of-service and resource quotas. While keeping things fast and quickly scalable, LXD more importantly keeps security as the most important factor using full logical container isolation by default. Our physical servers are covered by commercial support and updates via Ubuntu Pro - 24/7 Support.
Our newest Gen5 platform (VPS accounts signed up after Feb 2nd, 2025) is powered by Proxmox Virtual Environment and Proxmox Backup Server both with full "Premium" Proxmox Enterprise Support for fast security updates and patching, as well as quick access to their Enterprise Support and Engineering teams.
This is all wrapped up with VPS host patch management for our Managed VPS plans using the Ubuntu Landscape tool and Ubuntu Expanded Security Maintenance as part of Ubuntu Pro to track and deploy OS updates and security patches across our client virtual private servers quickly and efficiently, with internal tracking and audit reports that are continuously monitored by our Technical Team members.
Continuous scanning of our infrastructure is done using products and services such as Intruder.io and Tenable Nessus Expert to provide our Technical Team full insight into our infrastructure and on going and emerging threats across the Internet.
We only provide responses to such requests if the account requesting the audit/survey is a Custom Hosting Solution equal to or greater than $2500/month ($30k yearly) on a Yearly contract. A standalone per-request fee of $3000 is also available and must be paid in advance of our completion of the audit/survey. Please be aware our services are all provided "AS IS" in our Terms of Service and cannot be guaranteed to fit your specific project needs.
Yes, your credit card data is secure. We manage all subscription and invoicing services using PCI DSS Level 1 Compliant services from Chargify and our credit card payment gateway provider Stripe, also a PCI DSS Level 1 Compliant service.
Yes, you can be PCI DSS Compliant via two options. By offloading your e-commerce to compliant service providers, you are removing payment data ever passing through your website.
Alternatively, if you are passing any credit card data through your website on the way to a payment gateway, you will need to follow PCI Security Standards, including using a certified PCI audit/scanning company to verify your website is holding to those standards.
If there are ever any questions about a PCI report against your servers on Arcustech, our support and technical teams will be happy to assist with server-side related questions or concerns found in the PCI scan.