ACAI enforces CCPA/CPRA requirements at the API layer. Personal information is detected and redacted before it reaches the model, processing activities are logged, and you get evidence mapping to key CCPA sections for consumer data protection.
Built for companies processing California consumer personal information through AI models.
Every API request generates evidence mapped to these controls automatically.
Complete audit trail of every request: user, model, timestamp, token counts, data classification. Queryable by consumer identifier.
Audit log retention policies configurable per key. Data classification enforcement ensures personal information is tracked and removable.
Every request classified (Public, Internal, Confidential, PHI). PII categories detected and logged per request.
Per-key classification floors prevent consumer data from flowing to unauthorized backends. BYOB backend restrictions enforced.
TLS 1.2+ on all endpoints. PII detection and redaction before model inference. Content safety and prompt injection prevention.
SSN, email, phone, credit cards, and 14+ patterns detected before data reaches the model. Three modes: detect, redact-logs, redact-all.
Every API call logged with purpose, data categories, and classification level — supporting CCPA disclosure requirements.
One-click CCPA evidence report mapping your API usage to CCPA sections. Supporting material for consumer rights requests.
One API key. One BAA. CCPA evidence your auditor will accept.