Security & Compliance

Enterprise-grade security

Your leadership data is among the most sensitive information in your company. We treat it that way — with encryption, isolation, compliance, and transparency at every layer.

Core Protections

Security built into every layer

From encryption to access controls, every aspect of Acuent.ai is designed to protect your data.

SOC 2 Type II

Independently audited controls for security, availability, and confidentiality. Annual assessments ensure ongoing compliance.

AES-256 Encryption at Rest

All stored data is encrypted using AES-256, the same standard used by financial institutions and government agencies.

TLS 1.3 in Transit

Every connection to Acuent.ai is encrypted with TLS 1.3, ensuring your data is protected from interception during transmission.

Row-Level Security

Multi-tenant data isolation at the database level. Each organization's data is strictly separated — no cross-tenant access is possible.

No AI Training on Your Data

Your company data is never used to train AI models. Inputs and outputs are processed ephemerally and are not retained by our AI providers.

Regular Penetration Testing

Independent security firms conduct regular penetration tests. Identified vulnerabilities are triaged and resolved within defined SLAs.

Infrastructure

Built on trusted infrastructure

We partner with industry-leading cloud providers, each selected for their security track record and compliance certifications.

Application Layer

Vercel

Deployed on Vercel's edge network for global low-latency access, automatic DDoS protection, and zero-downtime deployments.

Database Layer

Supabase (PostgreSQL)

Enterprise PostgreSQL with row-level security policies, automated backups, point-in-time recovery, and encryption at rest.

AI Processing

Anthropic

AI analysis is processed via Anthropic's API with no data retention. Your inputs are not used for model training.

Payments

Stripe

PCI DSS Level 1 compliant payment processing. Acuent.ai never stores or has access to your full card details.

Compliance

Certifications & standards

We maintain rigorous compliance standards so your procurement and security teams can move forward with confidence.

SOC 2 Type II

Audited annually for security, availability, and confidentiality controls.

Compliant

GDPR-Ready

Data processing agreements available. Support for data access, portability, and deletion requests.

Ready

Data Processing Agreements

Standard DPAs available for all enterprise customers upon request.

Available

Data Practices

Your data, your control

We believe your data belongs to you. Full stop.

Data Retention

Active account data is retained for the duration of your subscription. Upon cancellation, data is available for export for 30 days, then permanently deleted.

Data Deletion

Request complete deletion of your data at any time. We process deletion requests within 30 days and confirm completion.

Data Portability

Export all of your data in standard formats at any time. Your data belongs to you — no lock-in, no friction.

Need more details?

We're happy to complete your security questionnaire, provide our SOC 2 report, or discuss our security practices in detail.

Contact for Security Review Privacy Policy