Acuity AI symbol Acuity AI Request a Demo
Trust & Security

Built for organizations
that take their data seriously.

Acuity AI is designed to be deployed inside organizations where operational and financial data is sensitive, regulated, or both. This page outlines how we approach security, AI governance, and customer data handling.

Data handling

Your data stays yours.

Acuity AI operates on your operational and financial data to produce insights and recommendations specific to your organization. We treat that data as a customer trust boundary that doesn't get crossed.

  • Customer data isolation

    Each customer's data is logically isolated. Insights generated for one customer are not used to inform or train models for any other customer.

  • No training on customer data

    Customer operational and financial data is not used to train foundation models or shared products. Models we deploy are either fine-tuned on synthetic data or used in retrieval-augmented configurations that keep customer data in-context but out of training sets.

  • Data residency

    Customer data is hosted in the region agreed at contracting. Default hosting is on AWS US-EAST-1; alternative regions are available for customers with specific regulatory requirements.

  • Right to deletion

    Customers can request deletion of their data at any time. On contract termination, customer data is deleted from production systems within 30 days and from backups within the subsequent backup retention cycle.

Security

Practical controls,
not security theater.

We focus on the security controls that actually matter for protecting customer data: encryption, access management, secure development, and incident response.

  • Encryption in transit and at rest

    All customer data is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted using AES-256 or equivalent industry-standard encryption.

  • Access controls

    Production access is restricted to a small set of authorized personnel and is logged. Customer-facing roles use role-based access controls within the platform.

  • Authentication

    Customer authentication supports email/password with strong password requirements. Single sign-on (SSO) via SAML 2.0 and OIDC is available for enterprise customers on request.

  • Vulnerability management

    We use automated dependency scanning and regular security reviews to identify and remediate vulnerabilities. Customer-impacting vulnerabilities are disclosed in line with industry practice.

  • Incident response

    A defined incident response process governs detection, containment, and customer notification. Customers are notified of any incident affecting their data within the timeframes required by applicable regulation.

AI governance

Explainable AI, by design.

Acuity AI uses a hybrid architecture combining rule-based detection, machine learning, and large language models. Each layer has a clear role, and outputs are designed to be auditable.

  • Hybrid model architecture

    Anomaly detection and KPI evaluation run on deterministic rules and statistical models — not LLMs. LLMs are used for explanation and synthesis, where their strengths matter and their outputs are bounded by structured inputs.

  • Audit trail for every insight

    Every insight Acuity AI produces is traceable to the underlying data points, the rules or models that flagged it, and the prompts that generated any natural-language explanation. Customers can inspect the reasoning behind any recommendation.

  • Human in the loop on action

    Acuity AI recommends actions; it does not execute them autonomously without explicit customer configuration. Action execution is opt-in, per workflow, with clear audit logging.

  • Bias and accuracy monitoring

    We monitor model outputs for systematic bias and accuracy drift. Customers can flag insights they believe are incorrect, and that feedback is used to improve detection logic for that customer's deployment.

Compliance roadmap

Where we are,
where we're going.

Acuity AI is an early-stage platform. We're transparent about our current compliance posture and the certifications we're working toward.

  • Today

    Acuity AI follows the security and data handling practices described on this page. We are happy to complete vendor security questionnaires and to walk customers through our architecture in detail under NDA.

  • In progress

    We are working toward formal compliance certifications appropriate to our customer base and will update this page as those mature.

  • Regulatory alignment

    As a United States company, Acuity AI LLC operates within the US legal framework, including applicable federal and state privacy laws such as the California Consumer Privacy Act (CCPA/CPRA), the Florida Digital Bill of Rights, and analogous state-level privacy laws. Where customers operate in regulated sectors (such as financial services), we support compliance with sector-specific frameworks including the Gramm-Leach-Bliley Act (GLBA). For customers operating outside the United States, we support customer obligations under their applicable data protection frameworks, including regional regimes in the Caribbean and Latin America.

Security questions?

We'll walk you through it.

For procurement teams, security reviewers, and IT decision-makers: we're available to discuss our architecture, complete security questionnaires, and answer specific questions about how Acuity AI would be deployed in your environment.

Contact security Request a Demo