Acuity AI symbol Acuity AI Request a Demo
Home Platform Use Cases Product About Contact
Trust & Security

For regulated and sensitive data.

Acuity AI operates inside organizations where operational and financial data is sensitive, regulated, or both. This page outlines the approach to security, AI governance, and customer data handling.

For procurement and security review.

Data handling

Customer data stays inside the trust boundary.

Acuity AI operates on customer operational and financial data to produce insights and recommendations specific to the organization. Customer data sits inside a defined trust boundary and remains within it.

Customer data isolation
Each customer's data is logically isolated. Insights generated for one customer do not inform or train models for any other customer.
No training on customer data
Customer data does not train foundation models or shared products. Deployed models use synthetic-data fine-tuning or retrieval-augmented configurations that keep customer data in-context but out of training sets.
Data residency
Customer data is hosted in the region agreed at contracting. Default hosting is on AWS US-EAST-1. Alternative regions are available for customers with specific regulatory requirements.
Right to deletion
Customers can request deletion at any time. On contract termination, customer data is deleted from production systems within 30 days and from backups within the subsequent retention cycle.
Security

Practical controls focused on protecting customer data.

The platform applies the security controls that matter for protecting operational and financial data: encryption, access management, secure development, and incident response.

Encryption in transit and at rest
Customer data is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted using AES-256 or equivalent industry-standard encryption.
Access controls
Production access is restricted to a small set of authorized personnel and is logged. Customer-facing roles use role-based access controls within the platform.
Authentication
Email and password authentication with strong password requirements. Single sign-on via SAML 2.0 and OIDC is available for enterprise customers on request.
Vulnerability management
Automated dependency scanning and regular security reviews identify and remediate vulnerabilities. Customer-impacting vulnerabilities are disclosed in line with industry practice.
Incident response
A defined incident response process governs detection, containment, and customer notification. Customers receive notification of any incident affecting their data within the timeframes required by applicable regulation.
AI governance

Explainable by design.

Acuity AI runs on a hybrid architecture combining rule-based detection, machine learning, and large language models. Each layer carries a defined role, and every output supports a full audit trace.

Hybrid model architecture
Deterministic rules and statistical models handle anomaly detection and KPI evaluation. LLMs handle explanation and synthesis, with structured inputs that bound their outputs.
Audit trail for every insight
Every insight traces to the underlying data points, the rules or models that flagged it, and the prompts that generated any natural-language explanation. Customers can inspect the reasoning behind any recommendation.
Human in the loop on action
Acuity AI recommends actions and does not execute them autonomously without explicit customer configuration. Action execution is opt-in, per workflow, with clear audit logging.
Bias and accuracy monitoring
The platform monitors model outputs for systematic bias and accuracy drift. Customers can flag insights as incorrect, and that feedback updates detection logic for that customer's deployment.
Compliance roadmap

Current posture and what comes next.

Acuity AI is an early-stage platform. This page reflects the current compliance posture and the certifications under development.

Today
Acuity AI follows the security and data handling practices described on this page. Vendor security questionnaires and architecture walkthroughs are available under NDA.
In progress
Formal compliance certifications appropriate to the customer base are under development. This page updates as those mature.
Regulatory alignment
As a United States company, Acuity AI LLC operates within the US legal framework, including CCPA/CPRA, the Florida Digital Bill of Rights, and analogous state-level privacy laws. For customers in regulated sectors such as financial services, the platform supports compliance with sector-specific frameworks including GLBA. For customers operating outside the United States, the platform supports customer obligations under applicable data protection frameworks, including regional regimes in the Caribbean and Latin America.
Security questions

Available for security review and architecture walkthroughs.

For procurement teams, security reviewers, and IT decision-makers: the team is available to discuss the architecture, complete security questionnaires, and answer specific deployment questions.