ArborXR Security Information

Content Storage

  • Content uploaded to ArborXR (apk, mp4, etc.) are stored encrypted at rest in a private cloud storage bucket.
  • Content is stored privately and is not available on the public internet.
  • Each action of uploading and downloading content generates an API key with a short expiration that can only be used for downloading or uploading that specific file.
  • Content downloads and uploads are done over an SSL connection using HTTPS.
  • ArborXR does not not offer a DRM solution so content installed on the VR device are using the security offered natively by Android.
As part of our Enterprise Plan, we offer the ability for you to connect your own cloud storage system to completely isolate your content from other content on our platform. This supports any system compatible with the Amazon S3 APIs.


  • All authentication is run through a central server that utilizes OpenID Connect.
  • The ArborXR web portal and desktop pairing app uses OpenID Connect with a short term refresh tokens that last less than 24 hours and generates very short term access tokens from these.
  • ArborXR's client app, installed on VR devices, uses offline tokens for refreshing but the same short term access tokens.
  • All tokens can be revoked via the ArborXR web interface.
  • ArborXR's authentication system can integrate with existing identity providers and user federation with LDAP or Kerberos.

API / Infrastructure

  • All infrastructure is hosted on Google Cloud.
  • All databases and systems are encrypted at rest.
  • All API communication happens over SSL using GraphQL.
  • All databases and internal systems are not accessible to the public web - only our public web applications and an API gateway service.

Have a suggestion or feature request? We'd love to hear!
Message ArborXR

Still need help? Contact Us Contact Us