Digital Remedy Partners with Arrivalist to power their Destination Impact Report. Learn more ⟶

Digital Remedy Partners with Arrivalist to power their Destination Impact Report. Learn more ⟶

Security

At Arrivalist Co., we recognize that our clients entrust us with valuable travel and location intelligence data. Securing this information and maintaining operational integrity is at the core of our business and technology infrastructure. This document outlines the physical, technical, and administrative safeguards we employ to protect our platform, systems, and data.

1. Security Governance & Philosophy

Security is an ongoing, collaborative effort at Arrivalist. We establish a robust baseline of protection through a comprehensive set of formal security policies that are aligned with industry-standard security frameworks.

  • Annual Reviews: Our information security policies and operational practices are reviewed at least annually to ensure they remain effective against emerging threat models.

  • Compliance Monitoring: We continuously measure and verify compliance with our policies through ongoing automated checks, system monitoring, and periodic internal and external audits.

2. Access Control & Least Privilege

We enforce strict control over who can access our systems and data, ensuring that access is granted solely on a need-to-know basis.

  • Principle of Least Privilege: Access rights to all company systems, networks, and customer data are restricted by default. Personnel are granted only the minimum permissions necessary to perform their roles.

  • Role-Based Access Control (RBAC): We utilize Role-Based Access Control to manage permissions dynamically and consistently across teams.

  • Quarterly Access Reviews: System owners and administrators conduct formal user access rights reviews on a quarterly basis. Any stale or unnecessary permissions are immediately revoked.

  • Rapid Deprovisioning: Upon employee termination or contract end, access rights to all Arrivalist systems are disabled within 24 business hours.

3. Data Protection & Cryptography

Arrivalist employs strong cryptographic controls and secure operational processes to protect sensitive data.

  • Encryption in Transit: All remote connections to our production networks and data storage systems are fully encrypted.

  • Zero Sensitive Data on Local Media: We strictly prohibit the storage of confidential company or customer data on local end-user devices, mobile phones, or portable media (such as USB drives).

  • Robust Password Standards: Where feasible, systems require passwords that are at least 8 characters long, including uppercase letters and numbers. Password history is enforced to prevent reuse, and accounts are automatically locked after 6 consecutive failed attempts.

  • Secure Single Sign-On (SSO): We manage internal systems and centralized collaboration tools via single sign-on with multi-factor authentication (MFA).

4. Infrastructure & Endpoint Security

Our technology infrastructure is designed with layer-based security to prevent, detect, and mitigate unauthorized activities.

  • Secure Cloud Hosting: Arrivalist leverages world-class cloud service providers (including Amazon Web Services) to host and distribute data products securely.

  • Multi-Factor Authentication (MFA): We require MFA for all privileged administrative access to our production infrastructure.

  • Device Enforcement: All workstations and laptops used to access Arrivalist systems must run client-side antivirus and host-based software firewalls. Antivirus tools are configured to perform periodic system scans, quarantine malicious software, and auto-update automatically.

  • Mobile Device Safety: Any mobile device used to access company resources must be locked with a biometric control or password, set to screen-lock after 15 minutes of inactivity, and is strictly prohibited from being shared with any other person.

5. Personnel Security & Training

We build a security-first culture starting from day one of onboarding.

  • Onboarding Verification: Before receiving any access to production networks or customer data, all new employees and contractors must complete our HR onboarding requirements.

  • Contractual Commitments: All personnel must sign employment agreements, intellectual property agreements, and non-disclosure/confidentiality agreements.

  • Security Awareness Training: Every team member must complete mandatory security awareness training during onboarding and on a regular basis thereafter.

6. Logging, Monitoring, and Incident Response

We maintain vigilant oversight of our environment to identify and react to security events swiftly.

  • Continuous Auditing: All privileged administrative logins and configuration changes are logged. These logs are stored securely to support routine security audits.

  • Incident Management Plan: Arrivalist maintains a formal Incident Response Plan. All users are trained to immediately report suspected security weaknesses or incidents to our dedicated Security Delegate.

  • Whistleblower Protections: We host anonymous whistleblower mechanisms allowing personnel to report concerns about violations of our code of ethics or security policies safely and without fear of retaliation.

New travel data in your inbox monthly

By clicking “Submit”, you agree to our privacy policy and terms of service

Made with 🧡 in Miami, FL · Fernandina Beach, FL · Budapest HUN · Morrisville, NC · Bauru BRA · Pittsburgh, PA · Clark, NJ · Coos Bay, OR · Shirley, NY · Chicago, IL · Everett, MA · Buffalo, NY · Astoria, NY · Cincinnati, OH · Athens, GRC · Orlando, FL · Grand Rapids, MI

New travel data in your inbox monthly

By clicking “Submit”, you agree to our privacy policy and terms of service

Made with 🧡 in Miami, FL · Fernandina Beach, FL · Budapest HUN · Morrisville, NC · Bauru BRA · Pittsburgh, PA · Clark, NJ · Coos Bay, OR · Shirley, NY · Chicago, IL · Everett, MA · Buffalo, NY · Astoria, NY · Cincinnati, OH · Athens, GRC · Orlando, FL · Grand Rapids, MI

New travel data in your inbox monthly

By clicking “Submit”, you agree to our privacy policy and terms of service

Made with 🧡 in Miami, FL · Fernandina Beach, FL · Budapest HUN · Morrisville, NC · Bauru BRA · Pittsburgh, PA · Clark, NJ · Coos Bay, OR · Shirley, NY · Chicago, IL · Everett, MA · Buffalo, NY · Astoria, NY · Cincinnati, OH · Athens, GRC · Orlando, FL · Grand Rapids, MI

New travel data in your inbox monthly

By clicking “Submit”, you agree to our privacy policy and terms of service

Made with 🧡 in Miami, FL · Fernandina Beach, FL · Budapest HUN · Morrisville, NC · Bauru BRA · Pittsburgh, PA · Clark, NJ · Coos Bay, OR · Shirley, NY · Chicago, IL · Everett, MA · Buffalo, NY · Astoria, NY · Cincinnati, OH · Athens, GRC · Orlando, FL · Grand Rapids, MI