Security
Arq is designed for teams that operate under compliance, audit, and uptime requirements.
On-premise deployment
Arq Workbench runs in your infrastructure. Database connections, query analysis, and workload data never leave your network. There is no cloud dependency for core functionality.
Read-only access
Arq connects to PostgreSQL using read-only credentials by default. It does not modify schemas, create tables, or write data to your databases.
No query exfiltration
Query text and result data are processed locally. Arq does not transmit query content to external services. Analysis happens where the data lives.
Role-based access control
Arq supports role-based access controls aligned with enterprise security policies. Audit logs track all user actions within the platform.
Compliance alignment
Designed for environments subject to SOC 2, PCI DSS, and financial regulatory requirements. The on-premise deployment model supports data residency requirements.
Minimal attack surface
No background agents running on database hosts. No sidecar processes. No schema modifications. The connection footprint is a single read-only database user.