Arc
Workflow-centric Chromium browser with innovative UX but no enterprise management model, now in maintenance mode with limited prospects for additional enterprise features.
Profile Overview
Arc began as a macOS-only browser from The Browser Company, opening to the public in 2022 with a focus on rethinking browser UX around a sidebar, Spaces, and built-in creative tools like Easels and Boosts. It later expanded to iOS and then to Windows, where a native WinUI-based client brought Arc's interface to Windows 11. In late 2024, The Browser Company announced it was shifting focus toward new AI-powered browser products, effectively placing Arc in maintenance mode with no planned major feature development.
Market Position
Arc targeted design- and workflow-focused individual users and small teams rather than enterprise deployments. It gained a visible but niche user base among macOS and creative professionals, with Windows support arriving later with partial feature parity. With the vendor's pivot away from Arc, its position is now that of a completed experiment in browser UX rather than an evolving product.
Technical Foundation
Arc is built on Chromium, using the Blink engine and inheriting Chromium's multi-process architecture, sandboxing, and web standards support. The vendor's security documentation states that Arc uses Google Cloud Firebase for user authentication and storage for Notes and Easels, with data encrypted at rest. Arc's signature features include Spaces for organizing groups of tabs and accounts, vertical sidebar navigation, split views, and rich theming.
Enterprise Adoption
Arc was never positioned as an enterprise browser and lacks the policy surface and management tooling expected in large organizations. Community reports indicate that some enterprises explicitly disallowed Arc because it did not support enterprise security management features available in mainstream browsers. The Browser Company published limited information on group policies, primarily plist-based settings on macOS, but there is no ADMX policy catalog or dedicated management console. Given the product's maintenance-mode status, these enterprise capabilities are unlikely to be expanded.
Deployment Posture
Arc can be installed and lightly configured on managed devices, but the absence of a robust policy framework, limited documentation on enterprise controls, and the vendor's pivot away from Arc make it unsuitable as a primary enterprise browser.
Deployment Guidance
Arc does not ship with a dedicated enterprise deployment and management stack. It is installed and updated like a consumer application, with limited documentation on configuration for managed environments. On macOS, The Browser Company documents that Arc policies are stored in a property list (plist), and administrators can adjust settings by editing that file or deploying managed preferences. On Windows, Arc is delivered as a native WinUI application, and deployment relies on standard software distribution tools and built-in auto-update.
Deployment Options
| Method | Best For | Key Features |
|---|---|---|
| Manual or MDM-based install on macOS | Small teams with limited Arc usage | Install from vendor site; manage basic settings via plist-based preferences |
| Software distribution on Windows | Organizations permitting Arc as secondary browser | Package installer and deploy to targeted devices; rely on auto-update |
| End-user installation | BYOD or lightly managed environments | Users install directly; IT relies on endpoint and network security tools |
Update Channels
- Stable builds with auto-update: Arc provides stable releases with integrated auto-update; no ESR-style channel or enterprise release track exists
- Maintenance mode: With Arc's shift to maintenance status, updates focus on stability and security rather than new features
Extension Management
Arc runs Chrome-compatible extensions via Chromium's extension framework, but there is no enterprise extension governance guide. Governance typically relies on external controls (EDR, CASB, proxy filtering) rather than Arc-native extension policies.
Best Fit Scenarios
- Small teams or departments using Arc for individual productivity and workflow organization on macOS or Windows, alongside a formally managed primary browser.
- Design, product, or engineering groups experimenting with Spaces, split views, and creative tools to structure research and web-centric work without central policy requirements.
- Organizations that allow Arc as an optional secondary browser for power users while enforcing stricter controls and compliance on a separate, enterprise-managed browser.
Caution Scenarios
- Enterprises that require a documented enterprise policy catalog, ADMX templates, and a vendor-supported management plane comparable to mainstream enterprise browsers.
- Environments with strict change control and long-term support expectations, given that The Browser Company has shifted focus away from Arc toward successor products.
- Organizations that must meet formal compliance, audit, and data governance requirements using browser-native controls, given Arc's limited published information on enterprise logging, policy enforcement, and lifecycle support.
Secure Arc in Your Enterprise
Keep Aware's lightweight browser extension provides real-time threat detection, data leakage prevention, and protection against evolving attacks that exploit human error.
Key Risks & Considerations
Arc's design emphasizes workflow organization and cloud-backed features such as Notes and Easels stored in Firebase, creating data flows beyond local browsing. The vendor states it does not log page content, history, or URLs in telemetry.
Security Architecture
Arc's security stance is anchored in its Chromium base and a Firebase/Google Cloud backend:
- Chromium-based engine: Inherits sandboxing, process isolation, and the broader Chromium security ecosystem
- Firebase-backed storage: User authentication and storage for Notes and Easels rely on Firebase with encryption at rest
- Limited security documentation: No full hardening, policy, or incident response guide for enterprises
Privacy & Telemetry Considerations
| Feature | Data Sent | Can Disable? |
|---|---|---|
| Authentication | User identifiers stored in Firebase | Intrinsic to account features |
| Notes and Easels | User content stored in Firebase, encrypted at rest | Users choose what to store; no enterprise policy surface |
| Browser telemetry | Operational metrics; no URLs, history, or page content logged | Limited configuration documentation |
Vendor Dependency
Arc is produced by The Browser Company, an independent vendor without a large enterprise platform. The announced shift to maintenance mode and focus on new products means there is no public guarantee of extended support or enterprise commitments. Security architects should factor this uncertainty into any decision to allow Arc beyond experimental use cases.
Dimension Ratings
Quality assessments across nine standardized dimensions, scored 1-5 based on publicly available documentation and observed behavior. Learn more
Publisher Sources
References to browser and deployment documentation.
- Arc from The Browser Company
Official marketing site describing Arc's UX focus, Spaces, and positioning.
- Security – Arc Browser
Vendor security page explaining Chromium base, Firebase backend, encryption at rest, and telemetry practices.
- How To Set Arc Group Policies
Help article describing where Arc policies are stored on macOS and how to modify them via property list files.